本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 的 受管政策 AWS Config
AWS 受管政策是由 AWS AWS .managed 政策建立和管理的獨立政策旨在為許多常見使用案例提供許可,以便您可以開始將許可指派給使用者、群組和角色。
請記住, AWS 受管政策可能不會授予特定使用案例的最低權限許可,因為這些許可可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更 AWS 受管政策中定義的許可。如果 AWS 更新受管政策中 AWS 定義的許可,則更新會影響政策連接的所有主體身分 (使用者、群組和角色)。當新的 AWS 服務 啟動或新的API操作可用於現有 服務時, AWS 很有可能更新受 AWS 管政策。
如需詳細資訊,請參閱 IAM 使用者指南 中的 AWS 受管政策。
AWS 受管政策:AWSConfigServiceRolePolicy
AWS Config 使用名為 的服務連結角色 AWSServiceRoleForConfig 代表您呼叫其他服務 AWS 。當您使用 AWS Management Console 來設定 時 AWS Config, AWS Config 如果您選取 選項來使用 而非您自己的 AWS Config SLR AWS Identity and Access Management (IAM) 服務角色,SLR則 會自動建立此選項。
AWSServiceRoleForConfig SLR 包含 受管政策 AWSConfigServiceRolePolicy。此受管政策包含 AWS Config 資源的唯讀和唯讀許可,以及 AWS Config 支援之其他服務中資源的唯讀許可。如需詳細資訊,請參閱 支援的資源類型 和 針對 使用服務連結角色 AWS Config。
檢視政策:AWSConfigServiceRolePolicy。
AWS 受管政策:AWS_ConfigRole
若要記錄 AWS 資源組態, AWS Config 需要IAM許可才能取得資源的組態詳細資訊。如果您想要為 建立IAM角色 AWS Config,您可以使用 受管政策並將其AWS_ConfigRole連接至您的IAM角色。
每次 AWS Config 新增 AWS 資源類型的支援時,都會更新此IAM政策。這表示只要AWS_ConfigRole角色已連接此受管政策, AWS Config 就會繼續擁有記錄支援資源類型組態資料所需的許可。如需詳細資訊,請參閱 支援的資源類型 和 IAM 指派給的角色許可 AWS Config。
檢視政策:AWS_ConfigRole。
AWS 受管政策:AWSConfigUserAccess
此IAM政策提供使用 的存取權 AWS Config,包括依資源上的標籤搜尋和讀取所有標籤。這不提供設定 的許可 AWS Config,這需要管理權限。
檢視政策:AWSConfigUserAccess。
AWS 受管政策:ConfigConformsServiceRolePolicy
若要部署和管理一致性套件, AWS Config 需要 AWS 其他服務的IAM許可和特定許可。這些可讓您部署和管理具有完整功能的一致性套件,並在每次為一致性套件 AWS Config 新增新功能時更新。如需一致性套件的詳細資訊,請參閱《一致性套件》。
檢視政策:ConfigConformsServiceRolePolicy。
AWS 受管政策:AWSConfigRulesExecutionRole
若要部署 AWS 自訂 Lambda 規則, AWS Config 需要其他服務的IAM許可和特定許可 AWS 。這些允許 AWS Lambda 函數存取定期 AWS Config 交付至 Amazon S3 的 AWS Config API和 組態快照。評估 AWS 自訂 Lambda 規則組態變更的函數需要此存取權,並且會在每次 AWS Config 新增功能時更新。如需 AWS 自訂 Lambda 規則的詳細資訊,請參閱建立 AWS Config 自訂 Lambda 規則和AWS Config 規則的元件。如需組態快照的詳細資訊,請參閱《概念 | 組態快照》。如需交付組態快照的詳細資訊,請參閱《管理交付通道》。
檢視政策:AWSConfigRulesExecutionRole。
AWS 受管政策:AWSConfigMultiAccountSetupPolicy
若要在 中的組織中跨成員帳戶集中部署、更新和刪除 AWS Config 規則和一致性套件 AWS Organizations, AWS Config 需要 AWS 其他服務的IAM許可和特定許可。每次 AWS Config 新增多帳戶設定的新功能時,都會更新此受管政策。如需詳細資訊,請參閱管理組織中所有帳戶的 AWS Config 規則,以及管理組織中所有帳戶的一致性套件。
檢視政策:AWSConfigMultiAccountSetupPolicy。
AWS 受管政策:AWSConfigRoleForOrganizations
若要允許 AWS Config 呼叫唯讀 AWS Organizations APIs, AWS Config 需要 AWS 其他服務的IAM許可和特定許可。每次 AWS Config 新增多帳戶設定的新功能時,都會更新此受管政策。如需詳細資訊,請參閱管理組織中所有帳戶的 AWS Config 規則,以及管理組織中所有帳戶的一致性套件。
檢視政策:AWSConfigRoleForOrganizations。
AWS 受管政策:AWSConfigRemediationServiceRolePolicy
若要允許 代表您 AWS Config 修復NON_COMPLIANT資源, AWS Config 需要 AWS 其他服務的IAM許可和特定許可。每次為修復 AWS Config 新增新功能時,都會更新此受管政策。如需修復的詳細資訊,請參閱使用 AWS Config 規則 修復不合規資源。如需啟動可能 AWS Config 評估結果條件的詳細資訊,請參閱概念 | AWS Config 規則 。
檢視政策:AWSConfigRemediationServiceRolePolicy。
AWS Config 受 AWS 管政策的更新
檢視自此服務開始追蹤這些變更 AWS Config 以來, 受 AWS 管政策更新的詳細資訊。如需此頁面變更的自動提醒,請訂閱 AWS Config 文件歷史記錄頁面上的RSS摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
|
AWS_ConfigRole – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream、 AWS Backup AWS CloudTrail、 AWS Glue、EC2Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect、 AWS Elemental MediaTailor AWS HealthOmics和 Amazon EventBridge Scheduler 的額外許可。 |
2024 年 9 月 16 日 |
|
AWSConfigServiceRolePolicy – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream、 AWS Backup AWS CloudTrail、 AWS Glue、EC2Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect、 AWS Elemental MediaTailor AWS HealthOmics和 Amazon EventBridge Scheduler 的額外許可。 |
2024 年 9 月 16 日 |
|
AWS_ConfigRole – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的額外許可 適用於 SAP 的 AWS Systems Manager。 |
2024 年 6 月 17 日 |
|
AWSConfigServiceRolePolicy – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的額外許可 適用於 SAP 的 AWS Systems Manager。 |
2024 年 6 月 17 日 |
| AWS_ConfigRole – 新增 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito 、Amazon ElastiCache、Amazon FSx、 AWS Glue、 AWS Identity and Access Management (IAM) AWS Lambda、 AWS RAM、Amazon Redshift Serverless、Amazon SageMaker和 Amazon Simple Notification Service (Amazon ) 的額外許可SNS。 |
2024 年 2 月 22 日 |
| AWSConfigServiceRolePolicy – 新增 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito 、Amazon ElastiCache、Amazon FSx、 AWS Glue、 AWS Identity and Access Management (IAM) AWS Lambda、 AWS RAM、Amazon Redshift Serverless、Amazon SageMaker和 Amazon Simple Notification Service (Amazon ) 的額外許可SNS。 |
2024 年 2 月 22 日 |
|
AWSConfigUserAccess – AWS Config 開始追蹤此 AWS 受管政策的變更 |
此政策提供使用 的存取權 AWS Config,包括依資源上的標籤搜尋和讀取所有標籤。這不提供設定 的許可 AWS Config,這需要管理權限。 |
2024 年 2 月 22 日 |
| AWS_ConfigRole – 新增 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此政策現在支援 AWS AppConfig、Amazon Managed Service for Prometheus、 AWS Database Migration Service (AWS DMS)、(AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的其他許可。 |
2023 年 12 月 5 日 |
| AWSConfigServiceRolePolicy – 新增 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此政策現在支援 AWS AppConfig、Amazon Managed Service for Prometheus、 AWS Database Migration Service (AWS DMS)、(AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的其他許可。 |
2023 年 12 月 5 日 |
| AWS_ConfigRole – 新增 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此政策現在支援 Amazon Cognito 、Amazon Connect 、Amazon EMR、 AWS Ground Station、 AWS Mainframe Modernization、Amazon MemoryDB 、Amazon AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS) AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可 AWS Transfer Family。 |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 新增 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此政策現在會為 |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 新增 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此政策現在支援 Amazon Cognito 、Amazon Connect 、Amazon EMR、 AWS Ground Station、 AWS Mainframe Modernization、Amazon MemoryDB 、Amazon AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS) AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可 AWS Transfer Family。 |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 新增 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此政策現在會為 |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 新增 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此政策現在支援 AWS Private CA、 AWS App Mesh、Amazon ConnectAmazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoT、 AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda、 AWS Network Manager AWS Organizations、 和 Amazon 的額外許可 SageMaker。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 新增 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此政策現在支援 AWS Private CA、 AWS App Mesh、Amazon ConnectAmazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoT、 AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda、 AWS Network Manager AWS Organizations、 和 Amazon 的額外許可 SageMaker。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 移除 "ssm:GetParameter" |
此政策現在會移除 AWS Systems Manager (Systems Manager) 的許可。 |
2023 年 9 月 6 日 |
| AWS_ConfigRole – 新增 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
此政策現在支援 AWS App Mesh、 AWS CloudFormation、Amazon CloudFront AWS CodeArtifact、 AWS CodeBuild、Amazon Connect 、 AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT、 AWS IoT TwinMaker、 AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Network Manager、 AWS Organizations、 AWS 資源總管、、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Notification Service (Amazon ) 的其他許可SNS。 |
2023 年 7 月 28 日 |
| AWSConfigServiceRolePolicy – 新增 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
此政策現在支援 AWS App Mesh、Amazon AppStream 2.0、 AWS CloudFormation、Amazon CloudFront、 AWS CodeArtifact、 AWS CodeBuild Amazon Connect 、 AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector 、 AWS IoT AWS IoT TwinMaker、、 AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Organizations、 AWS Network Manager、、 AWS 資源總管、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS) 和 Amazon EC2 Systems Manager () 的其他許可SSM。 |
2023 年 7 月 28 日 |
| AWS_ConfigRole – 新增 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此政策現在支援 AWS Amplify、Amazon Connect 、 AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena 、 AWS Batch、 AWS CloudFormation、 AWS CloudTrail、 AWS CodeArtifact、Amazon CodeGuru AWS Directory Service、Amazon DynamoDB 、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently AWS Organizations、Amazon Forecast AWS IoT Greengrass、 AWS Ground Station、 AWS Identity and Access Management (IAM)、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail 、Amazon CloudWatch Logs、 AWS Elemental MediaConnect AWS Elemental MediaTailor、、Amazon Pinpoint 、Amazon Virtual Private Cloud (Amazon VPC)、Amazon Personalize、Amazon 、Amazon QuickSight AWS Migration Hub Refactor Spaces、Amazon 、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker、Amazon 。 AWS Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 新增 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此政策現在支援 AWS Amplify、Amazon Connect 、 AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena 、 AWS Batch、 AWS CloudFormation、 AWS CloudTrail、、 AWS CodeArtifact Amazon CodeGuru AWS Directory Service、Amazon DynamoDB 、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently AWS Organizations、Amazon Forecast、 AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT Greengrass、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail 、Amazon CloudWatch Logs AWS Elemental MediaConnect、 AWS Elemental MediaTailor、、Amazon Pinpoint 、Amazon Virtual Private Cloud (Amazon VPC)、Amazon Personalize、Amazon 、Amazon QuickSight AWS Migration Hub Refactor Spaces、Amazon 、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker、Amazon 、。 AWS Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 新增 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此政策現在支援適用於 AWS Amplify、 AWS App Mesh AWS App Runner、Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker、 AWS Transfer Family、Amazon Pinpoint 、 AWS Migration Hub AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service 和 的 Amazon Managed Workflows 額外許可 AWS WAF。 |
2023 年 4 月 13 日 |
| AWS_ConfigRole – 新增 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此政策現在支援適用於 AWS Amplify、 AWS App Mesh AWS App Runner、Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker、 AWS Transfer Family、Amazon Pinpoint 、 AWS Migration Hub AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service 和 的 Amazon Managed Workflows 額外許可 AWS WAF。 |
2023 年 4 月 13 日 |
| AWSConfigServiceRolePolicy – 新增 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此政策現在支援 Amazon Managed Workflows for Amazon AppFlow、 AWS App Runner、Amazon AppStream 2.0、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact、 AWS CodeCommit AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、 AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT、Amazon MemoryDB 、Amazon Pinpoint 、 AWS Network Manager AWS Panorama、、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon 的額外許可 SageMaker。 |
2023 年 3 月 30 日 |
| AWS_ConfigRole – 新增 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此政策現在支援 Amazon Managed Workflows for Amazon AppFlow、 AWS App Runner、Amazon AppStream 2.0 AWS CloudFormation、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact AWS CodeCommit、 AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT、、Amazon MemoryDB 、Amazon Pinpoint AWS Network Manager、 AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon 的額外許可 SageMaker。 |
2023 年 3 月 30 日 |
|
AWSConfigRulesExecutionRole – AWS Config 開始追蹤此 AWS 受管政策的變更 |
此政策允許 AWS Lambda 函數存取定期 AWS Config 傳送至 AWS Config APIAmazon S3 的 和 組態快照。評估 AWS 自訂 Lambda 規則組態變更的函數需要此存取權。 |
2023 年 3 月 7 日 |
|
AWSConfigRoleForOrganizations – AWS Config 開始追蹤此 AWS 受管政策的變更 |
此政策允許 AWS Config 呼叫唯讀 AWS Organizations APIs。 |
2023 年 3 月 7 日 |
|
AWSConfigRemediationServiceRolePolicy – AWS Config 開始追蹤此 AWS 受管政策的變更 |
此政策允許 代表您 AWS Config 修復 |
2023 年 3 月 7 日 |
|
AWSConfigServiceRolePolicy – 新增 auditmanager:GetAccountStatus |
此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。 |
2023 年 3 月 3 日 |
|
AWS_ConfigRole – 新增 auditmanager:GetAccountStatus |
此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。 |
2023 年 3 月 3 日 |
|
AWSConfigMultiAccountSetupPolicy – AWS Config 開始追蹤此 AWS 受管政策的變更 |
此政策允許 使用 AWS Config 呼叫 AWS 服務和在組織中部署 AWS Config 資源 AWS Organizations。 |
2023 年 2 月 27 日 |
|
AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此政策現在支援 Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM) GuardDuty、Amazon 和 Amazon CloudWatch Logs 的額外許可。 |
2023 年 2 月 1 日 |
|
AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此政策現在支援 Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM) GuardDuty、Amazon 和 Amazon CloudWatch Logs 的額外許可。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作為安全最佳實務,此政策現可移除 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、 AWS IoT、、Amazon Lightsail 、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、 AWS IoT、、Amazon Lightsail 、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks |
此政策現在准許傳回指定 AWS CloudFormation 堆疊的所有資源描述,並傳回狀態符合指定之堆疊的摘要資訊 StackStatusFilter. |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks |
此政策現在准許傳回指定 AWS CloudFormation 堆疊的所有資源描述,並傳回狀態符合指定之堆疊的摘要資訊 StackStatusFilter. |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此政策現在支援 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、Amazon AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint AWS OpsWorks、 AWS Panorama AWS Resource Access Manager、、Amazon 、Amazon QuickSight、Amazon Relational Database Service (AmazonRDS)、Amazon Rekognition AWS RoboMaker、 AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) AWS Cloud Map和 的其他許可 AWS Security Token Service。 |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此政策現在支援 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、Amazon AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint AWS OpsWorks、 AWS Panorama AWS Resource Access Manager、、Amazon 、Amazon QuickSight、Amazon Relational Database Service (AmazonRDS)、Amazon Rekognition AWS RoboMaker、 AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) AWS Cloud Map和 的其他許可 AWS Security Token Service。 |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 新增 Glue::GetTable |
此政策現在授予許可,以擷取指定 AWS Glue 資料表的資料型錄中的資料表定義。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 新增 Glue::GetTable |
此政策現在授予許可,以擷取指定 AWS Glue 資料表的資料型錄中的資料表定義。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此政策現在支援 Amazon 的額外許可 AppFlow, Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling 、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述、 Amazon FinSpace Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex 、 Amazon Lightsail 、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ 、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB 、 Amazon Simple Email Service (Amazon SES), Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer、 AWS Cloud9、 AWS Directory Service、 AWS DataSync AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events、 AWS IoT SiteWise、、 AWS IoT TwinMaker AWS Lake Formation AWS License Manager、 AWS Resilience Hub AWS Signer和 AWS Transfer Family。 |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此政策現在支援 Amazon 的額外許可 AppFlow, Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling 、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述、 Amazon FinSpace Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex 、 Amazon Lightsail 、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ 、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB 、 Amazon Simple Email Service (Amazon SES), Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer、 AWS Cloud9、 AWS Directory Service、 AWS DataSync AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events、 AWS IoT SiteWise、、 AWS IoT TwinMaker AWS Lake Formation AWS License Manager、 AWS Resilience Hub AWS Signer和 AWS Transfer Family |
2022 年 9 月 7 日 |
| AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | 此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (AmazonEC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM) GuardDuty、Amazon 和 Amazon CloudWatch Logs 的額外許可。 | 2023 年 2 月 1 日 |
|
AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (AmazonEC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM) GuardDuty、Amazon 和 Amazon CloudWatch Logs 的額外許可。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作為安全最佳實務,此政策現可移除 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT、Amazon Lightsail 、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT、Amazon Lightsail 、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks |
此政策現在准許傳回指定 AWS CloudFormation 堆疊的所有資源描述,並傳回狀態符合指定之堆疊的摘要資訊 StackStatusFilter. |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks |
此政策現在准許傳回指定 AWS CloudFormation 堆疊的所有資源描述,並傳回狀態符合指定之堆疊的摘要資訊 StackStatusFilter. |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此政策現在支援 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、Amazon AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint AWS OpsWorks、、 AWS Panorama AWS Resource Access Manager、、Amazon 、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker、 AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) AWS Cloud Map和 的其他許可 AWS Security Token Service。 |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此政策現在支援 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、Amazon AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint AWS OpsWorks、、 AWS Panorama AWS Resource Access Manager、、Amazon 、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker、 AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) AWS Cloud Map和 的其他許可 AWS Security Token Service。 |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 新增 Glue::GetTable |
此政策現在授予許可,以擷取指定 AWS Glue 資料表的資料型錄中的資料表定義。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 新增 Glue::GetTable |
此政策現在授予許可,以擷取指定 AWS Glue 資料表的資料型錄中的資料表定義。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此政策現在支援 Amazon 的額外許可 AppFlow, Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling 、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述、 Amazon FinSpace Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex 、 Amazon Lightsail 、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ 、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB 、 Amazon Simple Email Service (Amazon SES), Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling AWS Backup、 AWS Budgets、、 AWS Cost Explorer、 AWS Cloud9、 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events AWS IoT SiteWise、、 AWS IoT TwinMaker、 AWS Lake Formation、 AWS License Manager AWS Resilience Hub、 AWS Signer和 AWS Transfer Family。 |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此政策現在支援 Amazon 的額外許可 AppFlow, Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling 、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述、 Amazon FinSpace Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex 、 Amazon Lightsail 、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ 、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB 、 Amazon Simple Email Service (Amazon SES), Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling AWS Backup、 AWS Budgets、、 AWS Cost Explorer、 AWS Cloud9、 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events AWS IoT SiteWise、、 AWS IoT TwinMaker、 AWS Lake Formation、 AWS License Manager AWS Resilience Hub、 AWS Signer和 AWS Transfer Family |
2022 年 9 月 7 日 |
|
AWSConfigServiceRolePolicy – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此政策現在授予許可,以傳回 中的客服人員、 DataSync 來源和目的地位置和 DataSync 任務清單 AWS DataSync AWS 帳戶;列出與 AWS Cloud Map 中一或多個指定命名空間相關聯的命名空間和服務摘要資訊 AWS 帳戶;並列出 中可用的所有 Amazon Simple Email Service (AmazonSES) 聯絡人清單 AWS 帳戶。 |
2022 年 8 月 22 日 |
|
AWS_ConfigRole – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此政策現在授予許可,以傳回 中的客服人員、 DataSync 來源和目的地位置和 DataSync 任務清單 AWS DataSync AWS 帳戶;列出與 AWS Cloud Map 中一或多個指定命名空間相關聯的命名空間和服務摘要資訊 AWS 帳戶;並列出 中可用的所有 Amazon Simple Email Service (AmazonSES) 聯絡人清單 AWS 帳戶。 |
2022 年 8 月 22 日 |
|
ConfigConformsServiceRolePolicy – 新增 cloudwatch:PutMetricData |
此政策現在授予許可,將指標資料點發佈至 Amazon CloudWatch。 |
2022 年 7 月 25 日 |
|
AWSConfigServiceRolePolicy – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition 、Amazon Simple Storage Service (Amazon S3) AWS RoboMaker、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync、、、 AWS Billing Conductor、 AWS DataSync、、 AWS Firewall Manager、、 AWS Glue、、 AWS IAM Identity Center (IAM Identity Center)、EC2Image Builder 和 Elastic Load Balancing 的額外許可。 |
2022 年 7 月 15 日 |
|
AWS_ConfigRole – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition 、Amazon Simple Storage Service (Amazon S3) AWS RoboMaker、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync、、、 AWS Billing Conductor、 AWS DataSync、、 AWS Firewall Manager、、 AWS Glue、、 AWS IAM Identity Center (IAM Identity Center)、EC2Image Builder 和 Elastic Load Balancing 的額外許可。 |
2022 年 7 月 15 日 |
|
AWSConfigServiceRolePolicy – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此政策現在准許取得指定的 Amazon Athena 資料目錄, 在 中列出 Athena 資料目錄 AWS 帳戶, 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤; 取得 Amazon Detective 行為圖的清單,並列出 Detective 行為圖的標籤; 取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單, 取得指定 AWS Glue 開發端點的相關資訊, 取得 AWS Glue 中的所有開發端點 AWS 帳戶, 擷取指定的 AWS Glue 安全組態、 取得所有 AWS Glue 安全組態、 取得與 AWS Glue 資源相關聯的標籤清單, 取得具有指定名稱 AWS Glue 之工作群組的相關資訊, 擷取 帳戶中所有 AWS Glue 爬蟲程式資源 AWS 的名稱, 取得 中所有 AWS Glue |
2022 年 5 月 31 日 |
|
AWS_ConfigRole – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此政策現在准許取得指定的 Amazon Athena 資料目錄, 在 中列出 Athena 資料目錄 AWS 帳戶, 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤; 取得 Amazon Detective 行為圖的清單,並列出 Detective 行為圖的標籤; 取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單, 取得指定 AWS Glue 開發端點的相關資訊, 取得 AWS Glue 中的所有開發端點 AWS 帳戶, 擷取指定的 AWS Glue 安全組態、 取得所有 AWS Glue 安全組態、 取得與 AWS Glue 資源相關聯的標籤清單, 取得具有指定名稱 AWS Glue 之工作群組的相關資訊, 擷取 帳戶中所有 AWS Glue 爬蟲程式資源 AWS 的名稱, 取得 中所有 AWS Glue |
2022 年 5 月 31 日 |
|
AWSConfigServiceRolePolicy – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此政策現在准許取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 的相關資訊、取得所有或指定 AWS CloudFormation 資源的相關資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前存取區域中帳戶複 AWS Database Migration Service AWS DMS寫任務的相關資訊,以及取得指定類型 AWS Organizations 中的所有政策清單。 |
2022 年 4 月 7 日 |
|
AWS_ConfigRole – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此政策現在准許取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 的相關資訊、取得所有或指定 AWS CloudFormation 資源的相關資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前存取區域中帳戶複 AWS Database Migration Service AWS DMS寫任務的相關資訊,以及取得指定類型 AWS Organizations 中的所有政策清單。 |
2022 年 4 月 7 日 |
|
AWSConfigServiceRolePolicy – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此政策現在支援 AWS Backup、 AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDBAmazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、 AWS Key Management Service AWS OpsWorks、Amazon Relational Database Service 、 AWS WAF V2 和 Amazon 的額外許可 WorkSpaces。 |
2022 年 3 月 14 日 |
|
AWS_ConfigRole – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此政策現在支援 AWS Backup、 AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDBAmazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、 AWS Key Management Service AWS OpsWorks、Amazon Relational Database Service 、 AWS WAF V2 和 Amazon 的額外許可 WorkSpaces。 |
2022 年 3 月 14 日 |
|
AWSConfigServiceRolePolicy – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此政策現在准許取得 Elastic Beanstalk 環境的詳細資訊,以及指定 Elastic Beanstalk 組態集的設定說明、取得 OpenSearch 或 Elasticsearch 版本的地圖、描述資料庫的可用 Amazon RDS選項群組,以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可,以擷取連接至 的指定替代聯絡人 AWS 帳戶、擷取 AWS Organizations 政策的相關資訊、擷取 Amazon ECR儲存庫政策、擷取封存 AWS Config 規則的相關資訊、擷取 Amazon ECS任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs),以及列出連接至指定目標根、組織單位或帳戶的政策。 |
2022 年 2 月 10 日 |
|
AWS_ConfigRole – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此政策現在准許取得 Elastic Beanstalk 環境的詳細資訊,以及指定 Elastic Beanstalk 組態集的設定說明、取得 OpenSearch 或 Elasticsearch 版本的地圖、描述資料庫的可用 Amazon RDS選項群組,以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可,以擷取連接至 的指定替代聯絡人 AWS 帳戶、擷取 AWS Organizations 政策的相關資訊、擷取 Amazon ECR儲存庫政策、擷取封存 AWS Config 規則的相關資訊、擷取 Amazon ECS任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs),以及列出連接至指定目標根、組織單位或帳戶的政策。 |
2022 年 2 月 10 日 |
|
AWSConfigServiceRolePolicy – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此政策現在授予建立 Amazon CloudWatch 日誌群組和串流的許可,以及將日誌寫入建立的日誌串流。 |
2021 年 12 月 15 日 |
|
AWS_ConfigRole – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此政策現在授予建立 Amazon CloudWatch 日誌群組和串流的許可,以及將日誌寫入建立的日誌串流。 |
2021 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此政策現在准許取得 Amazon OpenSearch Service (OpenSearch Service) 網域/網域的詳細資訊,以及取得特定 Amazon Relational Database Service (AmazonRDS) 資料庫參數群組的詳細參數清單。此政策也授予許可,以取得有關 Amazon ElastiCache 快照的銷毀。 |
2021 年 9 月 8 日 |
|
AWS_ConfigRole – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此政策現在准許取得 Amazon OpenSearch Service (OpenSearch Service) 網域/網域的詳細資訊,以及取得特定 Amazon Relational Database Service (AmazonRDS) 資料庫參數群組的詳細參數清單。此政策也授予許可,以取得有關 Amazon ElastiCache 快照的銷毀。 |
2021 年 9 月 8 日 |
|
AWSConfigServiceRolePolicy – 新增 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine,以及 AWS 資源類型的其他許可 |
此政策現在授予的許可,可列出日誌群組標籤、列出狀態機器標籤,以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker、Amazon Simple Notification Service AWS Database Migration Service、 AWS Global Accelerator和 的其他許可 AWS Storage Gateway。 |
2021 年 7 月 28 日 |
|
AWS_ConfigRole – 新增 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine,以及 AWS 資源類型的其他許可 |
此政策現在授予的許可,可列出日誌群組標籤、列出狀態機器標籤,以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker、Amazon Simple Notification Service AWS Database Migration Service、 AWS Global Accelerator和 的其他許可 AWS Storage Gateway。 |
2021 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 新增 ssm:DescribeDocumentPermission AWS 資源類型的 和其他許可 |
此政策現在授予許可,以檢視有關 IAM Access Analyzer AWS Systems Manager 的文件和資訊的許可。此政策現在支援 Amazon Kinesis 、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon ) 的其他 AWS 資源類型RDS。這些許可變更 AWS Config 允許叫用支援這些資源類型APIs所需的唯讀。此政策現在也支援篩選受lambda-inside-vpc AWS Config 管規則的 Lambda@Edge 函數。 |
2021 年 6 月 8 日 |
|
AWS_ConfigRole – 新增 ssm:DescribeDocumentPermission AWS 資源類型的 和其他許可 |
此政策現在授予許可,以檢視有關 IAM Access Analyzer AWS Systems Manager 的文件和資訊的許可。此政策現在支援 Amazon Kinesis 、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon ) 的其他 AWS 資源類型RDS。這些許可變更 AWS Config 允許叫用支援這些資源類型APIs所需的唯讀。此政策現在也支援篩選受lambda-inside-vpc AWS Config 管規則的 Lambda@Edge 函數。 |
2021 年 6 月 8 日 |
|
AWSConfigServiceRolePolicy – 新增 apigateway:GET 對 API Gateway 和 進行唯讀GET呼叫的許可 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 叫用 Amazon S3 唯讀的許可 APIs |
此政策現在授予許可, AWS Config 允許 對 API Gateway 進行唯讀GET呼叫,以支援 API Gateway 的 AWS Config 規則。此政策也會新增許可 AWS Config ,允許叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs,這是支援新 |
2021 年 5 月 10 日 |
|
AWS_ConfigRole – 新增 apigateway:GET 對 API Gateway 和 進行唯讀GET呼叫的許可 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 叫用 Amazon S3 唯讀的許可 APIs |
此政策現在授予許可,允許 AWS Config 對 API Gateway 進行唯讀GET呼叫,以支援 AWS Config for API Gateway。此政策也會新增許可 AWS Config ,允許叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs,這是支援新 |
2021 年 5 月 10 日 |
|
AWSConfigServiceRolePolicy – 新增 ssm:ListDocuments AWS 資源類型的許可和其他許可 |
此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在也支援 AWS Backup、Amazon Elastic File System 、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis SageMaker AWS Database Migration Service、Amazon 和 Amazon Route 53 的其他 AWS 資源類型。這些許可變更 AWS Config 允許叫用支援這些資源類型APIs所需的唯讀。 |
2021 年 4 月 1 日 |
|
AWS_ConfigRole – 新增 ssm:ListDocuments AWS 資源類型的許可和其他許可 |
此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在也支援 AWS Backup、Amazon Elastic File System 、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis SageMaker AWS Database Migration Service、Amazon 和 Amazon Route 53 的其他 AWS 資源類型。這些許可變更 AWS Config 允許叫用支援這些資源類型APIs所需的唯讀。 |
2021 年 4 月 1 日 |
|
|
|
2021 年 4 月 1 日 |
|
AWS Config 已開始追蹤變更 |
AWS Config 已開始追蹤其 AWS 受管政策的變更。 |
2021 年 4 月 1 日 |
