本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon 的托管策略 Amazon Config
Amazon 托管策略是由创建和管理的独立策略 Amazon。 Amazon 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住, Amazon 托管策略可能不会为您的特定用例授予最低权限权限,因为它们可供所有 Amazon 客户使用。我们建议通过定义特定于您的使用场景的客户管理型策略来进一步减少权限。
您无法更改 Amazon 托管策略中定义的权限。如果 Amazon 更新 Amazon 托管策略中定义的权限,则更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 Amazon 当新服务启动或现有服务 Amazon Web Services 服务 有新API操作可用时,最有可能更新 Amazon 托管策略。
有关更多信息,请参阅 IAM IAM 用户指南中的 Amazon 托管式策略。
Amazon 托管策略:AWSConfigServiceRolePolicy
Amazon Config 使用名为的服务相关角色 AWSServiceRoleForConfig代表您致电其他 Amazon 服务。使用 Amazon Web Services Management Console 进行设置时 Amazon Config, Amazon Config 如果您选择使用 Amazon Config SLR而不是您自己SLR的 Amazon Identity and Access Management (IAM) 服务角色的选项,则会自动创建此角色。
这些区域有:AWSServiceRoleForConfigSLR包含托管策略AWSConfigServiceRolePolicy
。此托管策略包含 Amazon Config 资源的只读和只写权限,以及其他支持的服务中资源的只读权限。 Amazon Config 有关更多信息,请参阅支持的资源类型 Amazon Config 和将服务相关角色用于 Amazon Config。
查看策略:AWSConfigServiceRolePolicy。
Amazon 托管策略:AWS_ConfigRole
要记录您的 Amazon 资源配置, Amazon Config 需要获取有关您的资源的配置详细信息的IAM权限。如果要为创建IAM角色 Amazon Config,则可以使用托管策略AWS_ConfigRole
并将其附加到您的IAM角色。
每次 Amazon Config 添加对 Amazon 资源类型的支持时,都会更新此IAM政策。这意味着,只要该角色已附加此托管策略,该AWS_ConfigRole角色 Amazon Config 将继续拥有记录所支持资源类型的配置数据所需的权限。有关更多信息,请参阅支持的资源类型 Amazon Config 和分配给的IAM角色的权限 Amazon Config。
查看策略:AWS_ConfigRole。
Amazon 托管策略:AWSConfigUserAccess
此IAM政策提供使用权限 Amazon Config,包括按资源标签搜索和读取所有标签。这不提供配置权限 Amazon Config,而配置权限需要管理权限。
查看策略:AWSConfigUserAccess。
Amazon 托管策略:ConfigConformsServiceRolePolicy
要部署和管理一致性包, Amazon Config 需要其他 Amazon 服务的IAM权限和特定权限。它们允许您部署和管理具有完整功能的一致性包,并且每次都会更新,为一致性包 Amazon Config 添加新功能。有关合规包的更多信息,请参阅合规包。
查看策略:ConfigConformsServiceRolePolicy。
Amazon 托管策略:AWSConfigRulesExecutionRole
要部署 Amazon 自定义 Lambda 规则, Amazon Config 需要其他 Amazon 服务的IAM权限和特定权限。它们允许 Amazon Lambda 函数访问 Amazon Config API和定期发送到 Amazon S3 的配置快照。 Amazon Config 评估 Amazon 自定义 Lambda 规则的配置更改的函数需要此访问权限,并且每次 Amazon Config 添加新功能时都会更新。有关 Amazon 自定义 Lambda 规则的更多信息,请参阅创建自定义 Amazon Config Lambda 规则和规则组件。 Amazon Config 有关配置快照的更多信息,请参阅概念 | 配置快照。有关传输配置快照的更多信息,请参阅管理传输通道。
查看策略:AWSConfigRulesExecutionRole。
Amazon 托管策略:AWSConfigMultiAccountSetupPolicy
要在组织中的成员账户中集中部署、更新和删除 Amazon Config 规则和合规包 Amazon Organizations, Amazon Config 需要其他 Amazon 服务的IAM权限和特定权限。每次为多账户设置 Amazon Config 添加新功能时,都会更新此托管政策。有关更多信息,请参阅管理组织中所有账户的 Amazon Config 规则和管理组织中所有账户的合规包。
查看策略:AWSConfigMultiAccountSetupPolicy。
Amazon 托管策略:AWSConfigRoleForOrganizations
Amazon Config 要允许只读调用 Amazon Organizations APIs, Amazon Config 需要其他 Amazon 服务的IAM权限和特定权限。每次为多账户设置 Amazon Config 添加新功能时,都会更新此托管政策。有关更多信息,请参阅管理组织中所有账户的 Amazon Config 规则和管理组织中所有账户的合规包。
查看策略:AWSConfigRoleForOrganizations。
Amazon 托管策略:AWSConfigRemediationServiceRolePolicy
Amazon Config 要允许代表您修复NON_COMPLIANT
资源, Amazon Config 需要其他 Amazon 服务的IAM权限和特定权限。每次 Amazon Config 添加新的补救功能时,都会更新此托管策略。有关补救的更多信息,请参阅使用规则修复不合规的 Amazon Config 资源。有关启动可能的 Amazon Config 评估结果的条件的更多信息,请参阅概念 | Amazon Config 规则。
查看策略:AWSConfigRemediationServiceRolePolicy。
Amazon ConfigAmazon 托管策略的更新
查看 Amazon Config 自该服务开始跟踪这些更改以来 Amazon 托管策略更新的详细信息。要获得有关此页面变更的自动提醒,请订阅 “ Amazon Config 文档历史记录” 页面上的订阅RSS源。
更改 | 描述 | 日期 |
---|---|---|
AWSConfigServiceRolePolicy— 添加 "organizations:ListAWSServiceAccessForOrganization" |
此策略现在支持对的额外权限 Amazon Organizations。 |
2024 年 12 月 18 日 |
AWS_ConfigRole— 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
该政策现在支持、、Amazon Connect Amazon AppConfig Amazon CloudTrail、Amazon、Amazon DevOps Guru DataZone、、Identity Store、、、 Amazon IoT Amazon IoT FleetWise、亚马逊互动视频服务 (亚马逊IVS) Amazon IoT Wireless、亚马逊 CloudWatch 日志、亚马逊 CloudWatch 可观察性访问管理器、、亚马逊关系数据库服务 (亚马逊)、亚马逊 Rekognition Amazon Payment Cryptography、亚马逊简单存储服务 (Amazon S3RDS)、亚马逊简单存储服务 (Amazon S3)、亚马逊的额外权限 Scheduler、和 Amazon Lattice。 Amazon Glue EventBridge Amazon Systems Manager VPC |
2024 年 11 月 7 日 |
AWSConfigServiceRolePolicy— 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
该政策现在支持、、Amazon Connect Amazon AppConfig Amazon CloudTrail、Amazon、Amazon DevOps Guru DataZone、、Identity Store、、、 Amazon IoT Amazon IoT FleetWise、亚马逊互动视频服务 (亚马逊IVS) Amazon IoT Wireless、亚马逊 CloudWatch 日志、亚马逊 CloudWatch 可观察性访问管理器、、亚马逊关系数据库服务 (亚马逊)、亚马逊 Rekognition Amazon Payment Cryptography、亚马逊简单存储服务 (Amazon S3RDS)、亚马逊简单存储服务 (Amazon S3)、亚马逊的额外权限 Scheduler、和 Amazon Lattice。 Amazon Glue EventBridge Amazon Systems Manager VPC |
2024 年 11 月 7 日 |
AWS_ConfigRole— 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
该政策现在支持亚马逊 OpenSearch 服务 Severless、Amazon、、、 AppStream、 Amazon Backup Amazon CloudTrail、 Amazon Glue EC2 Image Builder、 Amazon IoT、亚马逊互动视频服务 (亚马逊IVS)、、 AWS Elemental MediaConnect AWS Elemental MediaTailor Amazon HealthOmics、和 Amazon S EventBridge cheduler 的额外权限。 |
2024 年 9 月 16 日 |
AWSConfigServiceRolePolicy— 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
该政策现在支持亚马逊 OpenSearch 服务 Severless、Amazon、、、 AppStream、 Amazon Backup Amazon CloudTrail、 Amazon Glue EC2 Image Builder、 Amazon IoT、亚马逊互动视频服务 (亚马逊IVS)、、 AWS Elemental MediaConnect AWS Elemental MediaTailor Amazon HealthOmics、和 Amazon S EventBridge cheduler 的额外权限。 |
2024 年 9 月 16 日 |
AWS_ConfigRole— 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
该政策现在支持亚马逊弹性文件系统(亚马逊EFS)、亚马逊 Redshift 和的额外权限。 适用于 SAP 的 Amazon Systems Manager |
2024 年 6 月 17 日 |
AWSConfigServiceRolePolicy— 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
该政策现在支持亚马逊弹性文件系统(亚马逊EFS)、亚马逊 Redshift 和的额外权限。 适用于 SAP 的 Amazon Systems Manager |
2024 年 6 月 17 日 |
AWS_ConfigRole— 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito CloudWatch、亚马逊、亚马逊、、IAM ()、、、、A ElastiCache mazon Redshift Serverless Amazon Lambda、 Amazon RAM Amazon AI 和亚马逊简单通知服务 ( SageMaker 亚马逊) 的额外权限。FSx Amazon Glue Amazon Identity and Access Management SNS |
2024 年 2 月 22 日 |
AWSConfigServiceRolePolicy— 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito CloudWatch、亚马逊、亚马逊、、IAM ()、、、、A ElastiCache mazon Redshift Serverless Amazon Lambda、 Amazon RAM Amazon AI 和亚马逊简单通知服务 ( SageMaker 亚马逊) 的额外权限。FSx Amazon Glue Amazon Identity and Access Management SNS |
2024 年 2 月 22 日 |
AWSConfigUserAccess— Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此政策提供使用权限 Amazon Config,包括按资源标签搜索和读取所有标签。这不提供配置权限 Amazon Config,而配置权限需要管理权限。 |
2024 年 2 月 22 日 |
AWS_ConfigRole— 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
该政策现在支持适用于 Prometheus 的亚马逊托管服务 Amazon AppConfig、(Amazon Identity and Access Management) Amazon Database Migration Service IAM、Amazon DMS()、适用于 Apache Kafka 的亚马逊托管流媒体(亚马逊)、亚马逊 Amazon Organizations日志和MSK亚马逊简单存储服务 ( CloudWatch Amazon S3) 的额外权限。 |
2023 年 12 月 5 日 |
AWSConfigServiceRolePolicy— 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
该政策现在支持适用于 Prometheus 的亚马逊托管服务 Amazon AppConfig、(Amazon Identity and Access Management) Amazon Database Migration Service IAM、Amazon DMS()、适用于 Apache Kafka 的亚马逊托管流媒体(亚马逊)、亚马逊 Amazon Organizations日志和MSK亚马逊简单存储服务 ( CloudWatch Amazon S3) 的额外权限。 |
2023 年 12 月 5 日 |
AWS_ConfigRole— 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊、、、、Amazon MemoryDB EMR Amazon Ground Station、 Amazon Mainframe Modernization亚马逊、亚马逊关系数据库服务(亚马逊) QuickSight、 Amazon Organizations亚马逊 Redshift、RDS亚马逊 Redshift、Amazon Route 53 和。 Amazon Service Catalog Amazon Transfer Family |
2023 年 11 月 17 日 |
AWS_ConfigRole— 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
AWSConfigServiceRolePolicy— 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊、、、、Amazon MemoryDB EMR Amazon Ground Station、 Amazon Mainframe Modernization亚马逊、亚马逊关系数据库服务(亚马逊) QuickSight、 Amazon Organizations亚马逊 Redshift、RDS亚马逊 Redshift、Amazon Route 53 和。 Amazon Service Catalog Amazon Transfer Family |
2023 年 11 月 17 日 |
AWSConfigServiceRolePolicy— 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
AWS_ConfigRole— 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
该政策现在支持、、Amazon Connect Amazon Private CA Amazon App Mesh、亚马逊弹性容器服务(亚马逊ECS)、亚马逊 CloudWatch Evicently、Amazon Managed Grafana、亚马逊、 GuardDuty Amazon Inspector Amazon IoT、、、 Amazon IoT TwinMaker、Amazon Managed KafkaMSK(亚马逊 Amazon Lambda) Amazon Network Manager、、、和亚马逊人工智能的额外权限。 Amazon Organizations SageMaker |
2023 年 10 月 4 日 |
AWSConfigServiceRolePolicy— 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
该政策现在支持、、Amazon Connect Amazon Private CA Amazon App Mesh、亚马逊弹性容器服务(亚马逊ECS)、亚马逊 CloudWatch Evicently、Amazon Managed Grafana、亚马逊、 GuardDuty Amazon Inspector Amazon IoT、、、 Amazon IoT TwinMaker、Amazon Managed KafkaMSK(亚马逊 Amazon Lambda) Amazon Network Manager、、、和亚马逊人工智能的额外权限。 Amazon Organizations SageMaker |
2023 年 10 月 4 日 |
AWSConfigServiceRolePolicy— 移除 "ssm:GetParameter" |
此策略现在会移除 Amazon Systems Manager (Systems Manager)的权限。 |
2023 年 9 月 6 日 |
AWS_ConfigRole— 添加 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
该政策现在支持、、亚马逊 Amazon App Mesh、、 Amazon CloudFormation、Amazon Connect CloudFront Amazon CodeArtifact Amazon CodeBuild、、亚马逊、 Amazon Identity and Access Management (IAM) Amazon Glue GuardDuty、Amazon Inspector、、 Amazon IoT、 Amazon IoT TwinMaker Amazon IoT Wireless、Amazon Inspector、、、、Amazon Macie AWS Elemental MediaConnect、、、 Amazon Network Manager、Amazon Route 53 Amazon Organizations Amazon 资源探索器、亚马逊简单存储服务 (Amazon S3) 和亚马逊简单通知服务 (亚马逊) 的额外权限。SNS |
2023 年 7 月 28 日 |
AWSConfigServiceRolePolicy— 添加 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
该政策现在支持亚马逊 AppStream 2.0 Amazon App Mesh、、亚马逊、、、、Amazon Connect CloudFront Amazon CodeArtifact、 Amazon CodeBuild、亚马逊、 Amazon Identity and Access Management (IAM) Amazon Glue GuardDuty、Amazon Inspector、、、、 Amazon IoT Amazon IoT TwinMaker Amazon IoT Wireless、Amazon Macie、、、、、、Amazon Route 53 AWS Elemental MediaConnect、亚马逊简单存储服务 (Amazon S3) Amazon Network Manager Amazon Organizations Amazon 资源探索器、亚马逊简单通知服务 (Amazon S3)、亚马逊简单通知服务 (亚马逊)SNS和亚马逊 Systems Manager ()。 Amazon CloudFormation EC2 SSM |
2023 年 7 月 28 日 |
AWS_ConfigRole— 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
该政策现在支持 Amazon Connect Amazon Amplify、、Prometheus 的亚马逊托管服务 Amazon App Mesh、亚马逊 Athena、、、、、、、、亚马逊、、、亚马逊 DynamoDB、亚马逊弹性计算云(亚马逊) Amazon CloudFormation Amazon CloudTrail Amazon CodeArtifact、 Amazon Batch Amazon Evicently CodeGuru Amazon Directory Service、、Amazon Forecast、、、(EC2) CloudWatch 、Amazon M Amazon Ground Station anaged Streaming for Apache 的 Amazon Organizations亚马逊托管流媒体的额外权限 Amazon Identity and Access Management ( Amazon IoT Greengrass亚马逊IAM)、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、MSK亚马逊 CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor虚拟私有云(亚马逊VPC)、Amazon Personalize、亚马逊 QuickSight、 Amazon Migration Hub Refactor Spaces、亚马逊简单存储服务 (Amazon S3) Simple Service、A SageMaker mazon AI 等。 Amazon Transfer Family |
2023 年 6 月 13 日 |
AWSConfigServiceRolePolicy— 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
该政策现在支持 Amazon Connect Amazon Amplify、、Prometheus 的亚马逊托管服务 Amazon App Mesh、亚马逊 Athena、、、、、、、、亚马逊、、、亚马逊 DynamoDB、亚马逊弹性计算云(亚马逊) Amazon CloudFormation Amazon CloudTrail Amazon CodeArtifact、 Amazon Batch Amazon Evicently CodeGuru Amazon Directory Service、、Amazon Forecast、、、(EC2) CloudWatch 、Amazon M Amazon Ground Station anaged Streaming for Apache 的 Amazon Organizations亚马逊托管流媒体的额外权限 Amazon Identity and Access Management ( Amazon IoT Greengrass亚马逊IAM)、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、MSK亚马逊 CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor虚拟私有云(亚马逊VPC)、Amazon Personalize、亚马逊 QuickSight、 Amazon Migration Hub Refactor Spaces、亚马逊简单存储服务 (Amazon S3) Simple Service、A SageMaker mazon AI 等。 Amazon Transfer Family |
2023 年 6 月 13 日 |
AWSConfigServiceRolePolicy— 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
该政策现在支持亚马逊托管工作流程的额外权限,包括、、、亚马逊 Amazon Amplify、、亚马逊弹性计算云 Amazon App Mesh Amazon App Runner CloudFront、亚马逊 Kendra Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊 A Amazon Transfer Family I、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊 Amazon Migration Hub Amazon 、Di Amazon rectory Service 和。 CloudWatch Amazon WAF |
2023 年 4 月 13 日 |
AWS_ConfigRole— 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
该政策现在支持亚马逊托管工作流程的额外权限,包括、、、亚马逊 Amazon Amplify、、亚马逊弹性计算云 Amazon App Mesh Amazon App Runner CloudFront、亚马逊 Kendra Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊 A Amazon Transfer Family I、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊 Amazon Migration Hub Amazon 、Di Amazon rectory Service 和。 CloudWatch Amazon WAF |
2023 年 4 月 13 日 |
AWSConfigServiceRolePolicy— 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
该政策现在支持亚马逊、亚马逊 AppStream 2.0、亚马逊、亚马逊 AppFlow、亚马逊、、、、亚马逊 Amazon App Runner、、、Amazon CloudWatch Evicently CloudFront CloudWatch Amazon CodeArtifact Amazon CodeCommit Amazon Device Farm、Amazon Forecast、、 Amazon Identity and Access Management (IAM)、Amazon MemoryDB Amazon IoT、Amazon Pinpoint、、、、亚马逊关系数据库 Amazon Panorama服务(亚马逊) Amazon Network Manager、Amazon Redshift 和RDS亚马逊 AI 的额外权限。 Amazon Ground Station SageMaker |
2023 年 3 月 30 日 |
AWS_ConfigRole— 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
该政策现在支持亚马逊、亚马逊 AppStream 2.0、亚马逊、亚马逊 AppFlow、、亚马逊、 Amazon App Runner、、、亚马逊弹性计算云(亚马逊) CloudFront CloudWatch Amazon CodeArtifact、亚马逊 CloudWatch Evicently Amazon CodeCommit Amazon Device Farm、Amazon Forecast、、(EC2)、、Amazon MemoryDB Amazon Ground Station、 Amazon Identity and Access Management Amazon Pinpoint Amazon IoT、、、、亚马逊关系数据库 Amazon Panorama服务(亚马逊IAM) Amazon Network Manager、Amazon Redshift 和亚马RDS逊 AI 的额外权限。 Amazon CloudFormation SageMaker |
2023 年 3 月 30 日 |
AWSConfigRulesExecutionRole— Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略允许 Amazon Lambda 函数访问 Amazon Config API和定期发送到 Amazon S3 的配置快照。 Amazon Config 评估 Amazon 自定义 Lambda 规则的配置更改的函数需要此访问权限。 |
2023 年 3 月 7 日 |
AWSConfigRoleForOrganizations— Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略 Amazon Config 允许只读调用 Amazon Organizations APIs。 |
2023 年 3 月 7 日 |
AWSConfigRemediationServiceRolePolicy— Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此政策 Amazon Config 允许代表您修复 |
2023 年 3 月 7 日 |
AWSConfigServiceRolePolicy— 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 Amazon Audit Manager中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
AWS_ConfigRole— 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 Amazon Audit Manager中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
AWSConfigMultiAccountSetupPolicy— Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略 Amazon Config 允许使用调用 Amazon 服务并在整个组织中部署 Amazon Config 资源 Amazon Organizations。 |
2023 年 2 月 27 日 |
AWSConfigServiceRolePolicy— 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、 Amazon HealthLake Amazon Kinesis Video Streams、亚马逊应用程序恢复控制器 ()、亚马逊弹性计算云 (亚马逊ARC) Amazon Device Farm、亚马逊 Pinpoint EC2、()、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 Amazon Identity and Access Management IAM GuardDuty CloudWatch |
2023 年 2 月 1 日 |
AWS_ConfigRole— 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、 Amazon HealthLake Amazon Kinesis Video Streams、亚马逊应用程序恢复控制器 ()、亚马逊弹性计算云 (亚马逊ARC) Amazon Device Farm、亚马逊 Pinpoint EC2、()、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 Amazon Identity and Access Management IAM GuardDuty CloudWatch |
2023 年 2 月 1 日 |
ConfigConformsServiceRolePolicy— 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
AWSConfigServiceRolePolicy— 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
该政策现在支持亚马逊托管服务 Prometheus、、、、、()、亚马逊弹性计算云 Amazon Database Migration Service (亚马逊Amazon DMS) Amazon Audit Manager、 Amazon Device Farm、、Amazon Lightsail Amazon Directory Service、、、、亚马逊、 Amazon Glue、EC2 Amazon IoT亚马逊应用程序恢复控制器 () AWS Elemental MediaPackage QuickSight Amazon Resource Access Manager、 Amazon Network Manager亚马逊简单存储服务 (Amazon S3ARC) Simple Storage S3和Amazon Timestream的额外权限。 |
2022 年 12 月 15 日 |
AWS_ConfigRole— 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
该政策现在支持亚马逊托管服务 Prometheus、、、、、()、亚马逊弹性计算云 Amazon Database Migration Service (亚马逊Amazon DMS) Amazon Audit Manager、 Amazon Device Farm、、Amazon Lightsail Amazon Directory Service、、、、亚马逊、 Amazon Glue、EC2 Amazon IoT亚马逊应用程序恢复控制器 () AWS Elemental MediaPackage QuickSight Amazon Resource Access Manager、 Amazon Network Manager亚马逊简单存储服务 (Amazon S3ARC) Simple Storage S3和Amazon Timestream的额外权限。 |
2022 年 12 月 15 日 |
AWSConfigServiceRolePolicy— 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定堆栈的摘要信息 StackStatusFilter. |
2022 年 11 月 7 日 |
AWS_ConfigRole— 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定堆栈的摘要信息 StackStatusFilter. |
2022 年 11 月 7 日 |
AWSConfigServiceRolePolicy— 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
该政策现在支持以下方面的额外权限:Apache Airflow Amazon Certificate Manager、、、 Amazon AppConfig亚马逊密钥空间、亚马逊 Amazon Amplify、Amazon Connect、 CloudWatch亚马逊弹性计算云(亚马逊) Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务(EC2亚马逊)、亚马逊、亚马逊欺诈探测器、亚马逊、EKS亚马逊 Amazon Fault Injection Service、 EventBridge亚马逊定位服务、、Lex Amazon,FSx GameLift亚马逊 Lightsail Amazon IoT、Amazon Pinpoint Amazon OpsWorks、、、、、亚马逊、亚马逊关系数据库 Amazon Panorama Amazon Resource Access Manager QuickSight服务(亚马逊RDS)、亚马逊 Amazon RoboMaker Rekognition、、、亚马逊 Route 53 Amazon Resource Groups、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3) Simple Service、以及。 Amazon Security Token Service |
2022 年 10 月 19 日 |
AWS_ConfigRole— 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
该政策现在支持以下方面的额外权限:Apache Airflow Amazon Certificate Manager、、、 Amazon AppConfig亚马逊密钥空间、亚马逊 Amazon Amplify、Amazon Connect、 CloudWatch亚马逊弹性计算云(亚马逊) Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务(EC2亚马逊)、亚马逊、亚马逊欺诈探测器、亚马逊、EKS亚马逊 Amazon Fault Injection Service、 EventBridge亚马逊定位服务、、Lex Amazon,FSx GameLift亚马逊 Lightsail Amazon IoT、Amazon Pinpoint Amazon OpsWorks、、、、、亚马逊、亚马逊关系数据库 Amazon Panorama Amazon Resource Access Manager QuickSight服务(亚马逊RDS)、亚马逊 Amazon RoboMaker Rekognition、、、亚马逊 Route 53 Amazon Resource Groups、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3) Simple Service、以及。 Amazon Security Token Service |
2022 年 10 月 19 日 |
AWSConfigServiceRolePolicy— 添加 Glue::GetTable |
现在,此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。 |
2022 年 9 月 14 日 |
AWS_ConfigRole— 添加 Glue::GetTable |
现在,此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。 |
2022 年 9 月 14 日 |
AWSConfigServiceRolePolicy— 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊、亚马 CloudWatch逊 S CloudWatch ynthetics CloudWatch RUM、Amazon Connect 客户档案、Amazon Connect 语音识别码 DevOps、Amazon Guru、亚马逊弹性计算云(亚马逊)EC2、亚马逊、亚马逊、亚马逊 EventBridge 架构、EMR亚马逊 Amazon FinSpace欺诈探测器、 EventBridge亚马逊、亚马逊互动视频服务(亚马逊)、 GameLift亚马逊托管服务的额外权限适用于 Apache Flink IVS、Image Builder、Amazon EC2 EC2Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinpo QuickSight int、 StudioAmazon 亚马逊、亚马逊ARC应用程序恢复 Amazon Route 53 Resolver控制器 ()、亚马逊简单存储服务 (Amazon S3) Service SimpleDB、Amazon SimpleDB、亚马逊SES简单电子邮件服务(亚马逊)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT、 Amazon IoT Analytics、 Amazon IoT Events、 Amazon IoT SiteWise、 Amazon IoT TwinMaker、 Amazon Lake Formation、、 Amazon License Manager、 Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family。 |
2022 年 9 月 7 日 |
AWS_ConfigRole— 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊、亚马 CloudWatch逊 S CloudWatch ynthetics CloudWatch RUM、Amazon Connect 客户档案、Amazon Connect 语音识别码 DevOps、Amazon Guru、亚马逊弹性计算云(亚马逊)EC2、亚马逊、亚马逊、亚马逊 EventBridge 架构、EMR亚马逊 Amazon FinSpace欺诈探测器、 EventBridge亚马逊、亚马逊互动视频服务(亚马逊)、 GameLift亚马逊托管服务的额外权限适用于 Apache Flink IVS、Image Builder、Amazon EC2 EC2Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinpo QuickSight int、 StudioAmazon 亚马逊、亚马逊ARC应用程序恢复 Amazon Route 53 Resolver控制器 ()、亚马逊简单存储服务 (Amazon S3) Service SimpleDB、Amazon SimpleDB、亚马逊SES简单电子邮件服务(亚马逊)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT、 Amazon IoT Analytics、 Amazon IoT Events、 Amazon IoT SiteWise、 Amazon IoT TwinMaker、、 Amazon Lake Formation、 Amazon License Manager、 Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family |
2022 年 9 月 7 日 |
AWSConfigServiceRolePolicy— 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | 该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、 Amazon HealthLake Amazon Kinesis Video Streams、亚马逊应用程序恢复控制器 ()、亚马逊弹性计算云 (亚马逊ARC) Amazon Device Farm、亚马逊 Pinpoint EC2、()、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 Amazon Identity and Access Management IAM GuardDuty CloudWatch | 2023 年 2 月 1 日 |
AWS_ConfigRole— 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、 Amazon HealthLake Amazon Kinesis Video Streams、亚马逊应用程序恢复控制器 ()、亚马逊弹性计算云 (亚马逊ARC) Amazon Device Farm、亚马逊 Pinpoint EC2、()、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 Amazon Identity and Access Management IAM GuardDuty CloudWatch |
2023 年 2 月 1 日 |
ConfigConformsServiceRolePolicy— 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
AWSConfigServiceRolePolicy— 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
该政策现在支持亚马逊托管服务 Prometheus、、、、、()、亚马逊弹性计算云 Amazon Database Migration Service (亚马逊Amazon DMS) Amazon Audit Manager、 Amazon Device Farm、、Amazon Lightsail Amazon Directory Service、、、、亚马逊、 Amazon Glue、EC2 Amazon IoT亚马逊应用程序恢复控制器 () AWS Elemental MediaPackage QuickSight Amazon Resource Access Manager、 Amazon Network Manager亚马逊简单存储服务 (Amazon S3ARC) Simple Storage S3和Amazon Timestream的额外权限。 |
2022 年 12 月 15 日 |
AWS_ConfigRole— 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
该政策现在支持亚马逊托管服务 Prometheus、、、、、()、亚马逊弹性计算云 Amazon Database Migration Service (亚马逊Amazon DMS) Amazon Audit Manager、 Amazon Device Farm、、Amazon Lightsail Amazon Directory Service、、、、亚马逊、 Amazon Glue、EC2 Amazon IoT亚马逊应用程序恢复控制器 () AWS Elemental MediaPackage QuickSight Amazon Resource Access Manager、 Amazon Network Manager亚马逊简单存储服务 (Amazon S3ARC) Simple Storage S3和Amazon Timestream的额外权限。 |
2022 年 12 月 15 日 |
AWSConfigServiceRolePolicy— 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定堆栈的摘要信息 StackStatusFilter. |
2022 年 11 月 7 日 |
AWS_ConfigRole— 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定堆栈的摘要信息 StackStatusFilter. |
2022 年 11 月 7 日 |
AWSConfigServiceRolePolicy— 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
该政策现在支持 Apache Airflow 的亚马逊托管工作流程 Amazon Certificate Manager、、、亚马逊密钥空间、 Amazon AppConfig亚马逊 Amazon Amplify、Amazon Connect、 CloudWatch亚马逊弹性计算云(亚马逊) Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务(EC2亚马逊)、亚马逊、亚马逊欺诈探测器、亚马逊、亚马逊 Amazon Fault Injection Service、EKS EventBridge亚马逊定位服务、、Lex Amazon、亚马逊 Lightsail、 GameLift Amazon Pinpoin Amazon OpsWorks t Amazon IoT、、、、、亚马逊、Amazon Relational FSx Amazon Panorama Amazon Resource Access Manager QuickSight数据库服务(亚马逊RDS)、亚马逊 Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3) Simple Service、和 Amazon Security Token Service |
2022 年 10 月 19 日 |
AWS_ConfigRole— 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
该政策现在支持 Apache Airflow 的亚马逊托管工作流程 Amazon Certificate Manager、、、亚马逊密钥空间、 Amazon AppConfig亚马逊 Amazon Amplify、Amazon Connect、 CloudWatch亚马逊弹性计算云(亚马逊) Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务(EC2亚马逊)、亚马逊、亚马逊欺诈探测器、亚马逊、亚马逊 Amazon Fault Injection Service、EKS EventBridge亚马逊定位服务、、Lex Amazon、亚马逊 Lightsail、 GameLift Amazon Pinpoin Amazon OpsWorks t Amazon IoT、、、、、亚马逊、Amazon Relational FSx Amazon Panorama Amazon Resource Access Manager QuickSight数据库服务(亚马逊RDS)、亚马逊 Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3) Simple Service、和 Amazon Security Token Service |
2022 年 10 月 19 日 |
AWSConfigServiceRolePolicy— 添加 Glue::GetTable |
现在,此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。 |
2022 年 9 月 14 日 |
AWS_ConfigRole— 添加 Glue::GetTable |
现在,此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。 |
2022 年 9 月 14 日 |
AWSConfigServiceRolePolicy— 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊、亚马 CloudWatch逊 S CloudWatch ynthetics CloudWatch RUM、Amazon Connect 客户档案、Amazon Connect 语音识别码 DevOps、Amazon Guru、亚马逊弹性计算云(亚马逊)EC2、亚马逊、亚马逊、亚马逊 EventBridge 架构、EMR亚马逊 Amazon FinSpace欺诈探测器、 EventBridge亚马逊、亚马逊互动视频服务(亚马逊)、 GameLift亚马逊托管服务的额外权限适用于 Apache Flink IVS、Image Builder、Amazon EC2 EC2Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinpo QuickSight int、 StudioAmazon 亚马逊、亚马逊ARC应用程序恢复 Amazon Route 53 Resolver控制器 ()、亚马逊简单存储服务 (Amazon S3) Service SimpleDB、Amazon SimpleDB、亚马逊SES简单电子邮件服务(亚马逊)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT、 Amazon IoT Analytics、 Amazon IoT Events、 Amazon IoT SiteWise、 Amazon IoT TwinMaker、 Amazon Lake Formation、、 Amazon License Manager、 Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family。 |
2022 年 9 月 7 日 |
AWS_ConfigRole— 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊、亚马 CloudWatch逊 S CloudWatch ynthetics CloudWatch RUM、Amazon Connect 客户档案、Amazon Connect 语音识别码 DevOps、Amazon Guru、亚马逊弹性计算云(亚马逊)EC2、亚马逊、亚马逊、亚马逊 EventBridge 架构、EMR亚马逊 Amazon FinSpace欺诈探测器、 EventBridge亚马逊、亚马逊互动视频服务(亚马逊)、 GameLift亚马逊托管服务的额外权限适用于 Apache Flink IVS、Image Builder、Amazon EC2 EC2Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinpo QuickSight int、 StudioAmazon 亚马逊、亚马逊ARC应用程序恢复 Amazon Route 53 Resolver控制器 ()、亚马逊简单存储服务 (Amazon S3) Service SimpleDB、Amazon SimpleDB、亚马逊SES简单电子邮件服务(亚马逊)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT、 Amazon IoT Analytics、 Amazon IoT Events、 Amazon IoT SiteWise、 Amazon IoT TwinMaker、、 Amazon Lake Formation、 Amazon License Manager、 Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family |
2022 年 9 月 7 日 |
AWSConfigServiceRolePolicy— 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此政策现在允许返回中 Amazon DataSync 代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表 Amazon Web Services 账户;列出与中一个或多个指定 Amazon Cloud Map 命名空间关联的命名空间和服务的摘要信息 Amazon Web Services 账户;以及列出中可用的所有亚马逊简单电子邮件服务 (AmazonSES) 联系人列表。 Amazon Web Services 账户 |
2022 年 8 月 22 日 |
AWS_ConfigRole— 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此政策现在允许返回中 Amazon DataSync 代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表 Amazon Web Services 账户;列出与中一个或多个指定 Amazon Cloud Map 命名空间关联的命名空间和服务的摘要信息 Amazon Web Services 账户;以及列出中可用的所有亚马逊简单电子邮件服务 (AmazonSES) 联系人列表。 Amazon Web Services 账户 |
2022 年 8 月 22 日 |
ConfigConformsServiceRolePolicy— 添加 cloudwatch:PutMetricData |
该政策现在授予向 Amazon 发布指标数据点的权限 CloudWatch。 |
2022 年 7 月 25 日 |
AWSConfigServiceRolePolicy— 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
该政策现在支持亚马逊弹性容器服务(亚马逊ECS)、亚马逊、亚马逊、亚马逊 ElastiCache、适用于 A EventBridge pache Flink 的亚马逊托管服务FSx、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、 QuickSight亚马逊、亚马逊 Rekognition、 Amazon RoboMaker亚马逊简单存储服务(亚马逊 S3)、亚马逊的额外权限简单电子邮件SES服务 (Amazon)、、、、、、、、( Amazon Amplify身份中心)、图片 Amazon AppConfig Amazon AppSync Amazon Billing Conductor Amazon DataSync Amazon Firewall Manager Amazon Glue Amazon IAM Identity Center IAM EC2生成器和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
AWS_ConfigRole— 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
该政策现在支持亚马逊弹性容器服务(亚马逊ECS)、亚马逊、亚马逊、亚马逊 ElastiCache、适用于 A EventBridge pache Flink 的亚马逊托管服务FSx、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、 QuickSight亚马逊、亚马逊 Rekognition、 Amazon RoboMaker亚马逊简单存储服务(亚马逊 S3)、亚马逊的额外权限简单电子邮件SES服务 (Amazon)、、、、、、、、( Amazon Amplify身份中心)、图片 Amazon AppConfig Amazon AppSync Amazon Billing Conductor Amazon DataSync Amazon Firewall Manager Amazon Glue Amazon IAM Identity Center IAM EC2生成器和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
AWSConfigServiceRolePolicy— 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此政策现在授予以下权限:获取指定的 Amazon Athena 数据目录 Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图列表并列出侦探行为图的标签;获取给定开发终端节点名称列表的资源元数据列表,获取有关指定开发的信息端点,获取所有开发端点,检索 Amazon Glue 指定的安全性 Amazon Glue Amazon Glue
Amazon Web Services 账户 Amazon Glue 配置,获取所有 Amazon Glue 安全配置,获取与 Amazon Glue 资源关联的标签列表,获取有关具有指定名称 Amazon Glue 的工作组的信息,检索 Amazon
账户中所有 Amazon Glue 爬虫资源的名称,获取中所有 Amazon Glue |
2022 年 5 月 31 日 |
AWS_ConfigRole— 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此政策现在授予以下权限:获取指定的 Amazon Athena 数据目录 Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图列表并列出侦探行为图的标签;获取给定开发终端节点名称列表的资源元数据列表,获取有关指定开发的信息端点,获取所有开发端点,检索 Amazon Glue 指定的安全性 Amazon Glue Amazon Glue
Amazon Web Services 账户 Amazon Glue 配置,获取所有 Amazon Glue 安全配置,获取与 Amazon Glue 资源关联的标签列表,获取有关具有指定名称 Amazon Glue 的工作组的信息,检索 Amazon
账户中所有 Amazon Glue 爬虫资源的名称,获取中所有 Amazon Glue |
2022 年 5 月 31 日 |
AWSConfigServiceRolePolicy— 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
现在,此策略授予以下权限:获取有关所有或指定 Amazon CloudTrail 事件数据存储的信息 (EDS)、获取有关全部或指定 Amazon CloudFormation 资源的信息、获取 DynamoDB Accelerator DAX () 参数组或子网组的列表、获取 Amazon Database Migration Service 有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息,以及获取指定类型的所有策略的列表。 Amazon Organizations |
2022 年 4 月 7 日 |
AWS_ConfigRole— 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
现在,此策略授予以下权限:获取有关所有或指定 Amazon CloudTrail 事件数据存储的信息 (EDS)、获取有关全部或指定 Amazon CloudFormation 资源的信息、获取 DynamoDB Accelerator DAX () 参数组或子网组的列表、获取 Amazon Database Migration Service 有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息,以及获取指定类型的所有策略的列表。 Amazon Organizations |
2022 年 4 月 7 日 |
AWSConfigServiceRolePolicy— 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
该策略现在支持、、DynamoDB 加速器 Amazon Backup Amazon Batch、亚马逊 DynamoDB、 Amazon Database Migration Service亚马逊弹性计算云(EC2亚马逊)、亚马逊 Elastic Kubernetes Service、亚马逊、、、、亚马逊关系数据库服务、V2 和FSx亚马逊的额外权限。 GuardDuty Amazon Key Management Service Amazon OpsWorks Amazon WAF WorkSpaces |
2022 年 3 月 14 日 |
AWS_ConfigRole— 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
该策略现在支持、、DynamoDB 加速器 Amazon Backup Amazon Batch、亚马逊 DynamoDB、 Amazon Database Migration Service亚马逊弹性计算云(EC2亚马逊)、亚马逊 Elastic Kubernetes Service、亚马逊、、、、亚马逊关系数据库服务、V2 和FSx亚马逊的额外权限。 GuardDuty Amazon Key Management Service Amazon OpsWorks Amazon WAF WorkSpaces |
2022 年 3 月 14 日 |
AWSConfigServiceRolePolicy— 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
现在,该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本 OpenSearch 的地图、描述数据库的可用RDS亚马逊选项组以及获取有关部署配置的信息。 CodeDeploy 现在,该策略还授予以下权限:检索附加到的指定备用联系人、检索有关 Amazon Organizations 政策的信息、检索亚马逊ECR存储库策略、检索有关存档 Amazon Config 规则的信息、检索亚马逊ECS任务定义系列列表、列出指定子组织单位或账户的根或上级组织单位 (OUs),以及列出附加到指定目标根、组织单位或账户的策略。 Amazon Web Services 账户 |
2022 年 2 月 10 日 |
AWS_ConfigRole— 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
现在,该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本 OpenSearch 的地图、描述数据库的可用RDS亚马逊选项组以及获取有关部署配置的信息。 CodeDeploy 现在,该策略还授予以下权限:检索附加到的指定备用联系人、检索有关 Amazon Organizations 政策的信息、检索亚马逊ECR存储库策略、检索有关存档 Amazon Config 规则的信息、检索亚马逊ECS任务定义系列列表、列出指定子组织单位或账户的根或上级组织单位 (OUs),以及列出附加到指定目标根、组织单位或账户的策略。 Amazon Web Services 账户 |
2022 年 2 月 10 日 |
AWSConfigServiceRolePolicy— 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
该策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
AWS_ConfigRole— 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
该策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
AWSConfigServiceRolePolicy— 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
该策略现在授予获取有关亚马逊 OpenSearch 服务(OpenSearch 服务)域/域的详细信息以及获取特定亚马逊关系数据库服务 (AmazonRDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。 |
2021 年 9 月 8 日 |
AWS_ConfigRole— 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
该策略现在授予获取有关亚马逊 OpenSearch 服务(OpenSearch 服务)域/域的详细信息以及获取特定亚马逊关系数据库服务 (AmazonRDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。 |
2021 年 9 月 8 日 |
AWSConfigServiceRolePolicy— 添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine,以及 Amazon 资源类型的额外权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊EC2系统管理器 (SSM)、亚马逊弹性容器注册表、亚马逊、亚马逊数据 Firehose FSx、Amazon Data Firehose、适用于 Apache Kafka 的亚马逊托管流媒体MSK(亚马逊)、亚马逊关系数据库服务(RDS亚马逊)、亚马逊 Route 53、 SageMaker 亚马逊 AI、亚马逊简单 Amazon Database Migration Service通知 Amazon Global Accelerator服务和。 Amazon Storage Gateway |
2021 年 7 月 28 日 |
AWS_ConfigRole— 添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine,以及 Amazon 资源类型的额外权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊EC2系统管理器 (SSM)、亚马逊弹性容器注册表、亚马逊、亚马逊数据 Firehose FSx、Amazon Data Firehose、适用于 Apache Kafka 的亚马逊托管流媒体MSK(亚马逊)、亚马逊关系数据库服务(RDS亚马逊)、亚马逊 Route 53、 SageMaker 亚马逊 AI、亚马逊简单 Amazon Database Migration Service通知 Amazon Global Accelerator服务和。 Amazon Storage Gateway |
2021 年 7 月 28 日 |
AWSConfigServiceRolePolicy— 添加 ssm:DescribeDocumentPermission 以及 Amazon 资源类型的额外权限 |
此策略现在授予查看 Amazon Systems Manager 文档权限和有关 A IAM ccess Analyzer 的信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊、亚马逊EMR、 ElastiCache亚马逊 Route 53 和 Amazon Network Firewall亚马逊关系数据库服务(亚马逊)的其他 Amazon 资源类型。RDS这些权限更改 Amazon Config 允许调用支持这些资源类型APIs所需的只读权限。此策略现在还支持筛选lambda-inside-vpc Amazon Config 托管规则的 Lambda @Edge 函数。 |
2021 年 6 月 8 日 |
AWS_ConfigRole— 添加 ssm:DescribeDocumentPermission 以及 Amazon 资源类型的额外权限 |
此策略现在授予查看 Amazon Systems Manager 文档权限和有关 A IAM ccess Analyzer 的信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊、亚马逊EMR、 ElastiCache亚马逊 Route 53 和 Amazon Network Firewall亚马逊关系数据库服务(亚马逊)的其他 Amazon 资源类型。RDS这些权限更改 Amazon Config 允许调用支持这些资源类型APIs所需的只读权限。此策略现在还支持筛选lambda-inside-vpc Amazon Config 托管规则的 Lambda @Edge 函数。 |
2021 年 6 月 8 日 |
AWSConfigServiceRolePolicy— 添加 apigateway:GET 对 Gate API way 进行只读GET调用的权限以及 s3:GetAccessPointPolicy 许可和 s3:GetAccessPointPolicyStatus 只读调用 Amazon S3 的权限 APIs |
现在,此策略授予允许对 API Gateway Amazon Config 进行只读GET调用的权限,以支持 G API ateway Amazon Config 规则。该策略还增加了允许 Amazon Config 以APIs只读方式调用 Amazon Simple Storage Service (Amazon S3) 的权限,这些权限是支持 |
2021 年 5 月 10 日 |
AWS_ConfigRole— 添加 apigateway:GET 对 Gate API way 进行只读GET调用的权限以及 s3:GetAccessPointPolicy 许可和 s3:GetAccessPointPolicyStatus 只读调用 Amazon S3 的权限 APIs |
现在,此策略授予的权限允许 Amazon Config 对 API Gateway 进行只读GET调用,以支持 fo Amazon Config r API Gateway。该策略还增加了允许 Amazon Config 以APIs只读方式调用 Amazon Simple Storage Service (Amazon S3) 的权限,这些权限是支持 |
2021 年 5 月 10 日 |
AWSConfigServiceRolePolicy— 添加 ssm:ListDocuments Amazon 资源类型的权限和其他权限 |
此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统 Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (亚马逊)、亚马逊 Kinesis、EC2亚马逊 AI 和 SageMaker 亚马逊 Route 53 的其他 Amazon 资源类型。 Amazon Database Migration Service这些权限更改 Amazon Config 允许调用支持这些资源类型APIs所需的只读权限。 |
2021 年 4 月 1 日 |
AWS_ConfigRole— 添加 ssm:ListDocuments Amazon 资源类型的权限和其他权限 |
此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统 Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (亚马逊)、亚马逊 Kinesis、EC2亚马逊 AI 和 SageMaker 亚马逊 Route 53 的其他 Amazon 资源类型。 Amazon Database Migration Service这些权限更改 Amazon Config 允许调用支持这些资源类型APIs所需的只读权限。 |
2021 年 4 月 1 日 |
|
|
2021 年 4 月 1 日 |
Amazon Config 开始跟踪更改 |
Amazon Config 开始跟踪其 Amazon 托管策略的更改。 |
2021 年 4 月 1 日 |