AWS 的 受管政策 AWS Config

AWS_ConfigRole – 新增 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

此政策現在支援 AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2) AWS HealthOmics、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Email Service (Amazon SES) 的額外許可。

AWSConfigServiceRolePolicy – 新增 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

此政策現在支援 AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2) AWS HealthOmics、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Email Service (Amazon SES) 的額外許可。

AWSConfigServiceRolePolicy – 新增 "organizations:ListAWSServiceAccessForOrganization"

此政策現在支援 的其他許可 AWS Organizations。

AWS_ConfigRole – 新增 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

此政策現在支援 AWS AppConfig AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOpsGuru AWS Glue、Identity Store AWS IoT、 AWS IoT FleetWise、 AWS IoT Wireless、Amazon Interactive Video Service (Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3) AWS Systems Manager、Amazon EventBridge Scheduler 和 Amazon VPC Lattice 的額外許可。

AWSConfigServiceRolePolicy – 新增 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

此政策現在支援 AWS AppConfig AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOpsGuru AWS Glue、Identity Store AWS IoT、 AWS IoT FleetWise、 AWS IoT Wireless、Amazon Interactive Video Service (Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3) AWS Systems Manager、Amazon EventBridge Scheduler 和 Amazon VPC Lattice 的額外許可。

AWS_ConfigRole – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、 AWS CloudTrail AWS Glue、EC2 Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect AWS Elemental MediaTailor AWS HealthOmics和 Amazon EventBridge Scheduler 的額外許可。

AWSConfigServiceRolePolicy – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、 AWS CloudTrail AWS Glue、EC2 Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect AWS Elemental MediaTailor AWS HealthOmics和 Amazon EventBridge Scheduler 的額外許可。

AWS_ConfigRole – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的額外許可 適用於 SAP 的 AWS Systems Manager。

AWSConfigServiceRolePolicy – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的額外許可 適用於 SAP 的 AWS Systems Manager。

此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、 AWS Glue AWS Identity and Access Management (IAM) AWS Lambda AWS RAM、、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service (Amazon SNS) 的額外許可。

此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、 AWS Glue AWS Identity and Access Management (IAM) AWS Lambda AWS RAM、、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service (Amazon SNS) 的額外許可。

AWSConfigUserAccess – AWS Config 開始追蹤此 AWS 受管政策的變更

此政策提供使用 的存取權 AWS Config，包括依資源上的標籤搜尋和讀取所有標籤。這不提供設定 的許可 AWS Config，這需要管理權限。

此政策現在支援 Amazon Managed Service for Prometheus AWS AppConfig、(AWS DMS)、 AWS Database Migration Service (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的額外許可。

此政策現在支援 Amazon Managed Service for Prometheus AWS AppConfig、(AWS DMS)、 AWS Database Migration Service (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的額外許可。

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS) AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可 AWS Transfer Family。

此政策現在會新增AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID和 AWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS) AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可 AWS Transfer Family。

此政策現在會新增AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID和 AWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

此政策現在支援 AWS Private CA、 AWS App Mesh、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoT AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda AWS Network Manager AWS Organizations和 Amazon SageMaker AI 的額外許可。

此政策現在支援 AWS Private CA、 AWS App Mesh、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoT AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda AWS Network Manager AWS Organizations和 Amazon SageMaker AI 的額外許可。

此政策現在會移除 AWS Systems Manager (Systems Manager) 的許可。

此政策現在支援 AWS App Mesh AWS CloudFormation、Amazon CloudFront AWS CodeBuild、 AWS CodeArtifact、Amazon Connect AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT、 AWS IoT TwinMaker、 AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Network Manager、 AWS Organizations、 AWS 資源總管、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Notification Service (Amazon SNS) 的額外許可。

此政策現在支援 AWS App Mesh Amazon AppStream 2.0 AWS CloudFormation、Amazon CloudFront AWS CodeArtifact、、 AWS CodeBuild Amazon Connect AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT、 AWS IoT TwinMaker AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Network Manager、 AWS Organizations、 AWS 資源總管、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS) 和 Amazon EC2 Systems Manager (SSM) 的額外許可。

此政策現在支援 的其他許可 AWS Amplify， Amazon Connect、 AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、 AWS Batch AWS CloudFormation、 AWS CloudTrail、、 AWS CodeArtifact Amazon CodeGuru AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon CloudWatch Evidently AWS Organizations、 Amazon Forecast AWS IoT Greengrass、 AWS Ground Station AWS Identity and Access Management (IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail、 Amazon CloudWatch Logs、 AWS Elemental MediaConnect AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon QuickSight AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI， AWS Transfer Family。

此政策現在支援 的其他許可 AWS Amplify， Amazon Connect、 AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、 AWS Batch AWS CloudFormation、 AWS CloudTrail、、 AWS CodeArtifact Amazon CodeGuru AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon CloudWatch Evidently AWS Organizations、Amazon Forecast AWS IoT Greengrass、 AWS Ground Station AWS Identity and Access Management (IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail、 Amazon CloudWatch Logs、 AWS Elemental MediaConnect AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon QuickSight AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI， AWS Transfer Family。

此政策現在支援適用於 AWS App Mesh、 AWS App Runner、Amazon CloudFront、 AWS CodeArtifact Amazon Elastic Compute Cloud、Amazon Kendra AWS Amplify、Amazon Macie、Amazon Route 53、Amazon SageMaker AI AWS Transfer Family、Amazon Pinpoint AWS Migration Hub、 AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service 和 的 Amazon Managed Workflows 額外許可 AWS WAF。

此政策現在支援適用於 AWS App Mesh、 AWS App Runner、Amazon CloudFront、 AWS CodeArtifact Amazon Elastic Compute Cloud、Amazon Kendra AWS Amplify、Amazon Macie、Amazon Route 53、Amazon SageMaker AI AWS Transfer Family、Amazon Pinpoint AWS Migration Hub、 AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service 和 的 Amazon Managed Workflows 額外許可 AWS WAF。

此政策現在支援 Amazon AppFlow、Amazon AppStream 2.0 AWS App Runner、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact、 AWS CodeCommit AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、 AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT、Amazon MemoryDB、Amazon Pinpoint、 AWS Network Manager AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI 的 Amazon Managed Workflows 額外許可。

此政策現在支援適用於 Amazon AppFlow AWS App Runner、Amazon AppStream 2.0 AWS CloudFormation、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact AWS CodeCommit、Amazon Elastic Compute Cloud (Amazon EC2) AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT、Amazon MemoryDB、Amazon Pinpoint AWS Network Manager AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI 的 Amazon Managed Workflows 額外許可。

AWSConfigRulesExecutionRole – AWS Config 開始追蹤此 AWS 受管政策的變更

此政策允許 AWS Lambda 函數存取 API AWS Config 和定期 AWS Config 交付至 Amazon S3 的組態快照。評估 AWS 自訂 Lambda 規則組態變更的函數需要此存取權。

AWSConfigRoleForOrganizations – AWS Config 開始追蹤此 AWS 受管政策的變更

此政策允許 AWS Config 呼叫唯讀 AWS Organizations APIs。

AWSConfigRemediationServiceRolePolicy – AWS Config 開始追蹤此 AWS 受管政策的變更

此政策允許 代表您 AWS Config 修復NON_COMPLIANT資源。

AWSConfigServiceRolePolicy – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。

AWS_ConfigRole – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。

AWSConfigMultiAccountSetupPolicy – AWS Config 開始追蹤此 AWS 受管政策的變更

此政策允許 呼叫 AWS Config AWS 服務，並使用 跨組織部署 AWS Config 資源 AWS Organizations。

AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的額外許可。

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的額外許可。

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務，此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT、Amazon Lightsail AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT、Amazon Lightsail AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定 AWS CloudFormation 堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定 AWS CloudFormation 堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可 AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow AWS Amplify、 AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint AWS OpsWorks、 AWS Panorama、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、 AWS RoboMaker AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、 和 AWS Security Token Service。

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可 AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow AWS Amplify、 AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint AWS OpsWorks、 AWS Panorama、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、 AWS RoboMaker AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、 和 AWS Security Token Service。

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定 AWS Glue 資料表之 Data Catalog 中的資料表定義。

AWS_ConfigRole – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定 AWS Glue 資料表之 Data Catalog 中的資料表定義。

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的額外許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)， Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9、 AWS Directory Service、 AWS DataSync AWS Elemental MediaPackage、 AWS Glue、 AWS IoT、 AWS IoT Analytics AWS IoT Events、 AWS IoT SiteWise、 AWS IoT TwinMaker、 AWS Lake Formation AWS License Manager AWS Resilience Hub AWS Signer和 AWS Transfer Family。

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的額外許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)， Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9、 AWS Directory Service、 AWS DataSync AWS Elemental MediaPackage、 AWS Glue、 AWS IoT、 AWS IoT Analytics AWS IoT Events、 AWS IoT SiteWise、 AWS IoT TwinMaker、 AWS Lake Formation AWS License Manager AWS Resilience Hub AWS Signer和 AWS Transfer Family

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC) AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的額外許可。

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務，此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、 AWS IoT、Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、 AWS Audit Manager、 AWS Device Farm、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、 AWS IoT、Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的額外許可。

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定 AWS CloudFormation 堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定 AWS CloudFormation 堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可 AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint AWS OpsWorks、 AWS Panorama、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、 和 AWS Security Token Service。

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可 AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint AWS OpsWorks、 AWS Panorama、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、 和 AWS Security Token Service。

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定 AWS Glue 資料表之 Data Catalog 中的資料表定義。

AWS_ConfigRole – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定 AWS Glue 資料表之 Data Catalog 中的資料表定義。

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的額外許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)， Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling AWS Backup、 AWS Budgets、、 AWS Cost Explorer、 AWS Cloud9 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events AWS IoT SiteWise、、 AWS IoT TwinMaker、 AWS Lake Formation AWS License Manager AWS Resilience Hub、 AWS Signer和 AWS Transfer Family。

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的額外許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)， Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling AWS Backup、 AWS Budgets、、 AWS Cost Explorer、 AWS Cloud9 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue AWS IoT、 AWS IoT Analytics、 AWS IoT Events AWS IoT SiteWise、、 AWS IoT TwinMaker、 AWS Lake Formation AWS License Manager AWS Resilience Hub、 AWS Signer和 AWS Transfer Family

AWSConfigServiceRolePolicy – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予許可，以傳回 中的客服人員、DataSync 來源和目的地以及 DataSync 任務清單 AWS DataSync AWS 帳戶；列出與 AWS Cloud Map 中一或多個指定命名空間相關聯的命名空間和服務摘要資訊 AWS 帳戶；並列出所有可用的 Amazon Simple Email Service (Amazon SES) 聯絡清單 AWS 帳戶。

AWS_ConfigRole – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予許可，以傳回 中的客服人員、DataSync 來源和目的地以及 DataSync 任務清單 AWS DataSync AWS 帳戶；列出與 AWS Cloud Map 中一或多個指定命名空間相關聯的命名空間和服務摘要資訊 AWS 帳戶；並列出所有可用的 Amazon Simple Email Service (Amazon SES) 聯絡清單 AWS 帳戶。

ConfigConformsServiceRolePolicy – 新增 cloudwatch:PutMetricData

此政策現在會授予可將指標資料點發布至 Amazon CloudWatch 的許可。

AWSConfigServiceRolePolicy – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync、 AWS Billing Conductor、、 AWS DataSync、 AWS Glue、 AWS Firewall Manager、、 AWS IAM Identity Center 、(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing 的額外許可。

AWS_ConfigRole – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync、 AWS Billing Conductor、、 AWS DataSync、 AWS Glue、 AWS Firewall Manager、、 AWS IAM Identity Center 、(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing 的額外許可。

AWSConfigServiceRolePolicy – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄的許可， 在 中列出 Athena 資料目錄 AWS 帳戶， 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤； 取得 Amazon Detective 行為圖表的清單，並列出 Detective 行為圖表的標籤； 取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單， 取得指定 AWS Glue 開發端點的相關資訊， 在 AWS Glue 中取得所有開發端點 AWS 帳戶， 擷取指定的 AWS Glue 安全組態、 取得所有 AWS Glue 安全組態、 取得與 AWS Glue 資源相關聯的標籤清單， 取得具有指定名稱 AWS Glue 的工作群組相關資訊， 擷取 帳戶中所有 AWS Glue 爬蟲程式資源 AWS 的名稱， 取得 中所有 AWS Glue DevEndpoint資源的名稱 AWS 帳戶， 列出 中所有 AWS Glue 任務資源的名稱 AWS 帳戶， 取得 AWS Glue 成員帳戶的詳細資訊， 列出在 帳戶中建立的 AWS Glue 工作流程名稱， 和 列出帳戶的可用 AWS Glue 工作群組； 擷取 Amazon GuardDuty 篩選條件的詳細資訊， 擷取 GuardDuty IPSet、 擷取 GuardDuty ThreatIntelSet、 擷取 GuardDuty 成員帳戶、 取得 GuardDuty 篩選條件清單， 取得 GuardDuty 服務的 IPSets， 擷取 GuardDuty Service 的標籤， 並取得 GuardDuty 服務的 ThreatIntelSets； 取得 Amazon Macie 帳戶的目前狀態和組態設定； 擷取 AWS Resource Access Manager (AWS RAM) 資源共用的資源和主體關聯，並擷取資源共用的詳細資訊 AWS RAM ； 取得 Amazon Simple Email Service (Amazon SES) 現有組態設定的相關資訊， 取得與 Amazon SES 組態設定相關聯的事件目的地清單， 和 列出與 Amazon SES 帳戶相關聯的所有組態集； 若要取得 Identity Center 目錄屬性的清單， 取得 AWS IAM Identity Center 許可集的詳細資訊， 取得連接至指定 IAM Identity Center 許可集的 IAM 受管政策， 取得 IAM Identity Center 執行個體的許可集， 並取得 IAM Identity Center 資源的標籤。

AWS_ConfigRole – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄的許可， 在 中列出 Athena 資料目錄 AWS 帳戶， 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤； 取得 Amazon Detective 行為圖表的清單，並列出 Detective 行為圖表的標籤； 取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單， 取得指定 AWS Glue 開發端點的相關資訊， 在 AWS Glue 中取得所有開發端點 AWS 帳戶， 擷取指定的 AWS Glue 安全組態、 取得所有 AWS Glue 安全組態、 取得與 AWS Glue 資源相關聯的標籤清單， 取得具有指定名稱 AWS Glue 的工作群組相關資訊， 擷取 帳戶中所有 AWS Glue 爬蟲程式資源 AWS 的名稱， 取得 中所有 AWS Glue DevEndpoint資源的名稱 AWS 帳戶， 列出 中所有 AWS Glue 任務資源的名稱 AWS 帳戶， 取得 AWS Glue 成員帳戶的詳細資訊， 列出在 帳戶中建立的 AWS Glue 工作流程名稱， 和 列出帳戶的可用 AWS Glue 工作群組； 擷取 Amazon GuardDuty 篩選條件的詳細資訊， 擷取 GuardDuty IPSet、 擷取 GuardDuty ThreatIntelSet、 擷取 GuardDuty 成員帳戶、 取得 GuardDuty 篩選條件清單， 取得 GuardDuty 服務的 IPSets， 擷取 GuardDuty Service 的標籤， 並取得 GuardDuty 服務的 ThreatIntelSets； 取得 Amazon Macie 帳戶的目前狀態和組態設定； 擷取 AWS Resource Access Manager (AWS RAM) 資源共用的資源和主體關聯，並擷取資源共用的詳細資訊 AWS RAM ； 取得 Amazon Simple Email Service (Amazon SES) 現有組態設定的相關資訊， 取得與 Amazon SES 組態設定相關聯的事件目的地清單， 和 列出與 Amazon SES 帳戶相關聯的所有組態集； 若要取得 Identity Center 目錄屬性的清單， 取得 AWS IAM Identity Center 許可集的詳細資訊， 取得連接至指定 IAM Identity Center 許可集的 IAM 受管政策， 取得 IAM Identity Center 執行個體的許可集， 並取得 IAM Identity Center 資源的標籤。

AWSConfigServiceRolePolicy – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此政策現在授予許可，以取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 的資訊、取得所有或指定 AWS CloudFormation 資源的資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前存取區域中帳戶複 AWS Database Migration Service AWS DMS寫任務的相關資訊，以及取得 AWS Organizations 指定類型 中的所有政策清單。

AWS_ConfigRole – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此政策現在授予許可，以取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 的資訊、取得所有或指定 AWS CloudFormation 資源的資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前存取區域中帳戶複 AWS Database Migration Service AWS DMS寫任務的相關資訊，以及取得 AWS Organizations 指定類型 中的所有政策清單。

AWSConfigServiceRolePolicy – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援 AWS Backup、 AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、Amazon Relational Database Service、 AWS WAF V2 和 Amazon WorkSpaces AWS OpsWorks的額外許可。

AWS_ConfigRole – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援 AWS Backup、 AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、Amazon Relational Database Service、 AWS WAF V2 和 Amazon WorkSpaces AWS OpsWorks的額外許可。

AWSConfigServiceRolePolicy – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予的許可，可取得 Elastic Beanstalk 環境的詳細資訊和指定 Elastic Beanstalk 組態集設定的描述、取得 OpenSearch 或 Elasticsearch 版本的映射、描述資料庫可用的 Amazon RDS 選項群組，以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可，以擷取連接至 的指定替代聯絡人 AWS 帳戶、擷取 AWS Organizations 政策的相關資訊、擷取 Amazon ECR 儲存庫政策、擷取封存 AWS Config 規則的相關資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs)，以及列出連接至指定目標根、組織單位或帳戶的政策。

AWS_ConfigRole – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予的許可，可取得 Elastic Beanstalk 環境的詳細資訊和指定 Elastic Beanstalk 組態集設定的描述、取得 OpenSearch 或 Elasticsearch 版本的映射、描述資料庫可用的 Amazon RDS 選項群組，以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可，以擷取連接至 的指定替代聯絡人 AWS 帳戶、擷取 AWS Organizations 政策的相關資訊、擷取 Amazon ECR 儲存庫政策、擷取封存 AWS Config 規則的相關資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs)，以及列出連接至指定目標根、組織單位或帳戶的政策。

AWSConfigServiceRolePolicy – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予的許可，可建立 Amazon CloudWatch 日誌群組和串流，並可將日誌寫入所建立的日誌串流。

AWS_ConfigRole – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予的許可，可建立 Amazon CloudWatch 日誌群組和串流，並可將日誌寫入所建立的日誌串流。

AWSConfigServiceRolePolicy – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予的許可，可取得一或多個 Amazon OpenSearch Service (OpenSearch Service) 網域的詳細資訊，以及取得特定 Amazon Relational Database Service (Amazon RDS) 資料庫參數群組的詳細參數清單。此政策也授予可取得 Amazon ElastiCache 快照詳細資訊的許可。

AWS_ConfigRole – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予的許可，可取得一或多個 Amazon OpenSearch Service (OpenSearch Service) 網域的詳細資訊，以及取得特定 Amazon Relational Database Service (Amazon RDS) 資料庫參數群組的詳細參數清單。此政策也授予可取得 Amazon ElastiCache 快照詳細資訊的許可。

AWSConfigServiceRolePolicy – 新增 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine和資源 AWS 類型的其他許可

此政策現在授予的許可，可列出日誌群組標籤、列出狀態機器標籤，以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Global Accelerator、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、 和 的額外許可 AWS Storage Gateway。

AWS_ConfigRole – 新增 AWS 資源類型的 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine和其他許可

此政策現在授予的許可，可列出日誌群組標籤、列出狀態機器標籤，以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Global Accelerator、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、 和 的額外許可 AWS Storage Gateway。

AWSConfigServiceRolePolicy – 新增 AWS 資源類型的 ssm:DescribeDocumentPermission和其他許可

此政策現在會授予可檢視 AWS Systems Manager 文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon RDS) 的其他 AWS 資源類型。這些許可變更 AWS Config 允許 叫用支援這些資源類型所需的唯讀 APIs。此政策現在也支援篩選 lambda-inside-vpc 受管規則的 Lambda AWS Config @Edge 函數。

AWS_ConfigRole – 新增 AWS 資源類型的 ssm:DescribeDocumentPermission和其他許可

此政策現在會授予可檢視 AWS Systems Manager 文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon RDS) 的其他 AWS 資源類型。這些許可變更 AWS Config 允許 叫用支援這些資源類型所需的唯讀 APIs。此政策現在也支援篩選 lambda-inside-vpc 受管規則的 Lambda AWS Config @Edge 函數。

AWSConfigServiceRolePolicy - 新增可向 API Gateway 發出唯讀 GET 呼叫的 apigateway:GET 許可，以及可調用 Amazon S3 唯讀 API 的 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 許可

此政策現在授予許可， AWS Config 允許 對 API Gateway 進行唯讀 GET 呼叫，以支援 API Gateway 的 AWS Config 規則。政策也會新增許可 AWS Config ，允許 叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs，這是支援新AWS::S3::AccessPoint資源類型的必要項目。

AWS_ConfigRole – 新增可向 API Gateway 發出唯讀 GET 呼叫的 apigateway:GET 許可，以及可調用 Amazon S3 唯讀 API 的 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 許可

此政策現在授予許可， AWS Config 允許 對 API Gateway 進行唯讀 GET 呼叫，以支援適用於 API Gateway AWS Config 的 。政策也會新增許可 AWS Config ，允許 叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs，這是支援新AWS::S3::AccessPoint資源類型的必要項目。

AWSConfigServiceRolePolicy – 新增 AWS 資源類型的ssm:ListDocuments許可和其他許可

此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在也支援 Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Database Migration Service、Amazon Kinesis、Amazon SageMaker AI 和 Amazon Route 53 的其他 AWS 資源類型。這些許可變更 AWS Config 允許 叫用支援這些資源類型所需的唯讀 APIs。

AWS_ConfigRole – 新增 AWS 資源類型的ssm:ListDocuments許可和其他許可

此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在也支援 Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Database Migration Service、Amazon Kinesis、Amazon SageMaker AI 和 Amazon Route 53 的其他 AWS 資源類型。這些許可變更 AWS Config 允許 叫用支援這些資源類型所需的唯讀 APIs。

AWSConfigRole 已棄用

AWSConfigRole 已棄用。替換政策是 AWS_ConfigRole。

AWS Config 已開始追蹤變更

AWS Config 已開始追蹤其 AWS 受管政策的變更。