Amazon适用于 的 托管式策略Amazon Config
Amazon 托管式策略是由 Amazon 创建和管理的独立策略。Amazon 托管式策略旨在为许多常见使用场景提供权限,以便您可以开始为用户、组和角色分配权限。
请记住,Amazon 托管策略可能不会为您的特定使用场景授予最低权限,因为它们可供所有 Amazon 客户使用。我们建议通过定义特定于您的使用场景的客户管理型策略来进一步减少权限。
您无法更改 Amazon 托管策略中定义的权限。如果 Amazon 更新在 Amazon 托管策略中定义的权限,则更新会影响该策略所附加到的所有主体身份(用户、组和角色)。当新的 Amazon Web Services 服务 启动或新的 API 操作可用于现有服务时,Amazon 最有可能更新 Amazon 托管策略。
有关更多信息,请参阅《IAM 用户指南》中的 Amazon 托管式策略。
Amazon 托管式策略:AWSConfigServiceRolePolicy
Amazon Config 使用名为 AWSServiceRoleForConfig 的服务相关角色代表您调用其他 Amazon 服务。使用 Amazon Web Services 管理控制台 设置 Amazon Config 时,如果您选择使用 Amazon Config SLR 而不是您自己的 Amazon Identity and Access Management(IAM)服务角色的选项,Amazon Config 会自动创建此 SLR。
AWSServiceRoleForConfig SLR 包含托管策略。AWSConfigServiceRolePolicy此托管策略包含对 Amazon Config 资源的只读和只写权限,以及对 Amazon Config 支持的其他服务中资源的只读权限。有关更多信息,请参阅Amazon Config 支持的资源类型和对 Amazon Config 使用服务相关角色。
查看策略:AWSConfigServiceRolePolicy。
推荐:使用服务相关角色
除非您有特定的使用案例,否则建议您使用服务相关角色。服务相关角色可添加 Amazon Config 按预期运行所需的所有必要权限。某些功能(例如服务相关配置记录器)要求您使用服务相关角色。
Amazon 托管式策略:AWS_ConfigRole
为了记录您的 Amazon 资源配置,Amazon Config 需要 IAM 权限才能获取有关您的资源的配置详细信息。如果要为 Amazon Config 创建 IAM 角色,可以使用管理型策略 AWS_ConfigRole 并将其附加到 IAM 角色。
每次 Amazon Config 添加对 Amazon 资源类型的支持时,都会更新此 IAM 策略。这意味着,只要 AWS_ConfigRole 角色附加了此托管策略,Amazon Config 就会继续拥有记录受支持资源类型的配置数据所需的权限。有关更多信息,请参阅Amazon Config 支持的资源类型和分配给 Amazon Config 的 IAM 角色的权限。
查看策略:AWS_ConfigRole。
Amazon 托管式策略:AWSConfigUserAccess
此 IAM 策略提供使用 Amazon Config 的访问权限,包括按资源上的标签进行搜索,以及读取所有标签。这不提供配置 Amazon Config 的权限(这需要管理权限)。
查看策略:AWSConfigUserAccess。
Amazon 托管式策略:ConfigConformsServiceRolePolicy
要部署和管理合规包,Amazon Config 需要 IAM 权限和来自其他 Amazon 服务的特定权限。这些权限允许您部署和管理具有完整功能的合规包,并且每次 Amazon Config 为合规包添加新功能时,都会更新这些权限。有关合规包的更多信息,请参阅合规包。
查看策略:ConfigConformsServiceRolePolicy。
Amazon 托管式策略:AWSConfigRulesExecutionRole
要部署 Amazon 自定义 Lambda 规则,Amazon Config 需要 IAM 权限和来自其他 Amazon 服务的特定权限。这些权限允许 Amazon Lambda 函数访问 Amazon Config 定期发送到 Amazon S3 的 Amazon Config API 和配置快照。评估 Amazon 自定义 Lambda 规则配置更改的函数需要此访问权限,并且每次 Amazon Config 添加新功能时都会更新此访问权限。有关 Amazon 自定义 Lambda 规则的更多信息,请参阅创建 Amazon Config 自定义 Lambda 规则。有关配置快照的更多信息,请参阅概念 | 配置快照。有关传输配置快照的更多信息,请参阅管理传输通道。
查看策略:AWSConfigRulesExecutionRole。
Amazon 托管式策略:AWSConfigMultiAccountSetupPolicy
要在 Amazon Organizations 中的组织中的成员账户中集中部署、更新和删除 Amazon Config 规则和合规包,Amazon Config 需要 IAM 权限和来自其他 Amazon 服务的特定权限。每次 Amazon Config 为多账户设置添加新功能时,都会更新此托管策略。有关更多信息,请参阅管理组织内所有账户的 Amazon Config 规则和管理组织内所有账户的合规包。
查看策略:AWSConfigMultiAccountSetupPolicy。
Amazon 托管式策略:AWSConfigRoleForOrganizations
要允许 Amazon Config 调用只读 Amazon Organizations API,Amazon Config 需要 IAM 权限和来自其他 Amazon 服务的特定权限。每次 Amazon Config 为多账户设置添加新功能时,都会更新此托管策略。有关更多信息,请参阅管理组织内所有账户的 Amazon Config 规则和管理组织内所有账户的合规包。
查看策略:AWSConfigRoleForOrganizations。
Amazon 托管式策略:AWSConfigRemediationServiceRolePolicy
要允许 Amazon Config 代表您修复 NON_COMPLIANT 资源,Amazon Config 需要 IAM 权限和来自其他 Amazon 服务的特定权限。每次 Amazon Config 添加新的修复功能时,都会更新此托管策略。有关修复的更多信息,请参阅使用 Amazon Config 规则修复不合规的资源。有关启动可能的 Amazon Config 评估结果的条件的更多信息,请参阅概念 | Amazon Config 规则。
查看策略:AWSConfigRemediationServiceRolePolicy。
Amazon Config 更新了 Amazon 托管式策略
查看有关 Amazon Config 的 Amazon 托管式策略更新的详细信息(从该服务开始跟踪这些更改开始)。有关此页面更改的自动提示,请订阅Amazon Config 文档历史记录页面上的 RSS 信息源。
| 更改 | 描述 | 日期 |
|---|---|---|
|
AWS_ConfigRole – 添加“amplify:GetDomainAssociation”、“amplify:ListDomainAssociations”、“amplify:ListTagsForResource”、“appsync:GetSourceApiAssociation”、“appsync:ListSourceApiAssociations”、“bedrock:GetFlow”、“bedrock:ListAgentCollaborators”、“bedrock:ListFlows”、“bedrock:ListPrompts”、“cloudTrail:GetResourcePolicy”、“cloudformation:DescribePublisher”、“codeartifact:DescribePackageGroup”、“codeartifact:ListAllowedRepositoriesForGroup”、“codeartifact:ListPackageGroups”、“codepipeline:ListActionTypes”、“codepipeline:ListTagsForResource”、“codepipeline:ListWebhooks”、“connect:DescribeTrafficDistributionGroup”、“connect:ListTrafficDistributionGroups”、“deadline:ListFarms”、“ec2:GetTransitGatewayRouteTablePropagations”、“ec2:SearchLocalGatewayRoutes”、“ec2:SearchTransitGatewayMulticastGroups”、“entityresolution:GetMatchingWorkflow”、“entityresolution:ListMatchingWorkflows”、“iotsitewise:ListAssetModelCompositeModels”、“iotsitewise:ListAssetModelProperties”、“iotsitewise:ListAssetProperties”、“iotsitewise:ListAssociatedAssets”、“ivs:ListPublicKeys”、“lambda:GetProvisionedConcurrencyConfig”、“lambda:GetRuntimeManagementConfig”、“lambda:ListFunctionEventInvokeConfigs”、“lambda:ListFunctionUrlConfigs”、“pipes:DescribePipe”、“pipes:ListPipes”、“quicksight:DescribeRefreshSchedule”、“quicksight:ListRefreshSchedules”、“redshift-serverless:ListSnapshotCopyConfigurations”、“redshift:GetResourcePolicy”、“rolesanywhere:GetCrl”、“rolesanywhere:ListCrls”、“sagemaker:DescribeApp”、“sagemaker:DescribeUserProfile”、“sagemaker:ListApps”、“sagemaker:ListModelPackages”、“sagemaker:ListUserProfiles”、“secretsmanager:GetResourcePolicy”、“securitylake:ListSubscribers”、“securitylake:ListTagsForResource”、“servicecatalog:DescribeServiceAction”、“servicecatalog:ListApplications”、“servicecatalog:ListAssociatedResources”、“shield:ListProtectionGroups”、“shield:ListTagsForResource”、“ssm-incidents:GetReplicationSet”、“ssm-incidents:ListReplicationSets”、“ssm:DescribeAssociation”、“ssm:DescribePatchBaselines”、“ssm:GetDefaultPatchBaseline”、“ssm:GetPatchBaseline”、“ssm:GetResourcePolicies”、“ssm:ListAssociations”ssm:ListResourceDataSync”、“wafv2:ListLoggingConfigurations”、“bedrock-agentcore:ListCodeInterpreters”、“bedrock-agentcore:GetCodeInterpreter”、“bedrock-agentcore:ListBrowsers”、“bedrock-agentcore:GetBrowser”、“bedrock-agentcore:ListAgentRuntimes”、“bedrock-agentcore:GetAgentRuntime”、“bedrock-agentcore:ListAgentRuntimeEndpoints”、“bedrock-agentcore:GetAgentRuntimeEndpoint” |
此策略现在支持以下各项的更多权限:Amazon Amplify、Amazon AppSync、Amazon Bedrock、Amazon CloudTrail、Amazon CloudFormation、Amazon CodeArtifact、Amazon CodePipeline、Amazon Connect、Amazon Deadline Cloud、Amazon EC2、Amazon Entity Resolution 数据匹配服务、Amazon IoT SiteWise、Amazon IVS、Amazon Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、Amazon Identity and Access Management Roles Anywhere、Amazon SageMaker、Amazon Secrets Manager、Amazon Security Lake、Amazon Service Catalog、Amazon Shield、Amazon EC2 Systems Manager 和 Amazon WAFV2 |
2025 年 10 月 1 日 |
|
AWSConfigServiceRolePolicy – 添加“amplify:GetDomainAssociation”、“amplify:ListDomainAssociations”、“amplify:ListTagsForResource”、“appsync:GetSourceApiAssociation”、“appsync:ListSourceApiAssociations”、“bedrock:GetFlow”、“bedrock:ListAgentCollaborators”、“bedrock:ListFlows”、“bedrock:ListPrompts”、“cloudTrail:GetResourcePolicy”、“cloudformation:DescribePublisher”、“codeartifact:DescribePackageGroup”、“codeartifact:ListAllowedRepositoriesForGroup”、“codeartifact:ListPackageGroups”、“codepipeline:ListActionTypes”、“codepipeline:ListTagsForResource”、“codepipeline:ListWebhooks”、“connect:DescribeTrafficDistributionGroup”、“connect:ListTrafficDistributionGroups”、“deadline:ListFarms”、“ec2:GetTransitGatewayRouteTablePropagations”、“ec2:SearchLocalGatewayRoutes”、“ec2:SearchTransitGatewayMulticastGroups”、“entityresolution:GetMatchingWorkflow”、“entityresolution:ListMatchingWorkflows”、“iotsitewise:ListAssetModelCompositeModels”、“iotsitewise:ListAssetModelProperties”、“iotsitewise:ListAssetProperties”、“iotsitewise:ListAssociatedAssets”、“ivs:ListPublicKeys”、“lambda:GetProvisionedConcurrencyConfig”、“lambda:GetRuntimeManagementConfig”、“lambda:ListFunctionEventInvokeConfigs”、“lambda:ListFunctionUrlConfigs”、“pipes:DescribePipe”、“pipes:ListPipes”、“quicksight:DescribeRefreshSchedule”、“quicksight:ListRefreshSchedules”、“redshift-serverless:ListSnapshotCopyConfigurations”、“redshift:GetResourcePolicy”、“rolesanywhere:GetCrl”、“rolesanywhere:ListCrls”、“sagemaker:DescribeApp”、“sagemaker:DescribeUserProfile”、“sagemaker:ListApps”、“sagemaker:ListModelPackages”、“sagemaker:ListUserProfiles”、“secretsmanager:GetResourcePolicy”、“securitylake:ListSubscribers”、“securitylake:ListTagsForResource”、“servicecatalog:DescribeServiceAction”、“servicecatalog:ListApplications”、“servicecatalog:ListAssociatedResources”、“shield:ListProtectionGroups”、“shield:ListTagsForResource”、“ssm-incidents:GetReplicationSet”、“ssm-incidents:ListReplicationSets”、“ssm:DescribeAssociation”、“ssm:DescribePatchBaselines”、“ssm:GetDefaultPatchBaseline”、“ssm:GetPatchBaseline”、“ssm:GetResourcePolicies”、“ssm:ListAssociations”ssm:ListResourceDataSync”、“wafv2:ListLoggingConfigurations”、“bedrock-agentcore:ListCodeInterpreters”、“bedrock-agentcore:GetCodeInterpreter”、“bedrock-agentcore:ListBrowsers”、“bedrock-agentcore:GetBrowser”、“bedrock-agentcore:ListAgentRuntimes”、“bedrock-agentcore:GetAgentRuntime”、“bedrock-agentcore:ListAgentRuntimeEndpoints”、“bedrock-agentcore:GetAgentRuntimeEndpoint” |
此策略现在支持以下各项的更多权限:Amazon Amplify、Amazon AppSync、Amazon Bedrock、Amazon CloudTrail、Amazon CloudFormation、Amazon CodeArtifact、Amazon CodePipeline、Amazon Connect、Amazon Deadline Cloud、Amazon EC2、Amazon Entity Resolution 数据匹配服务、Amazon IoT SiteWise、Amazon IVS、Amazon Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、Amazon Identity and Access Management Roles Anywhere、Amazon SageMaker、Amazon Secrets Manager、Amazon Security Lake、Amazon Service Catalog、Amazon Shield、Amazon EC2 Systems Manager 和 Amazon WAFV2 |
2025 年 10 月 1 日 |
|
AWS_ConfigRole – 添加“arc-zonal-shift:GetAutoshiftObserverNotificationStatus”、“bedrock:GetModelInvocationLoggingConfiguration”、“cloudtrail:GetEventConfiguration”、“codeartifact:DescribeDomain”、“codeartifact:GetDomainPermissionsPolicy”、“deadline:GetFleet”、“deadline:GetQueueFleetAssociation”、“deadline:ListFleets”、“deadline:ListQueueFleetAssociations”、“deadline:ListTagsForResource”、“dms:DescribeDataMigrations”、“dms:ListMigrationProjects”、“glue:GetDataCatalogEncryptionSettings”、“kafkaconnect:DescribeCustomPlugin”、“kafkaconnect:DescribeWorkerConfiguration”、“kafkaconnect:ListCustomPlugins”、“kafkaconnect:ListTagsForResource”、“kafkaconnect:ListWorkerConfigurations”、“lakeformation:DescribeLakeFormationIdentityCenterConfiguration”、“medialive:DescribeMultiplexProgram”、“medialive:ListMultiplexPrograms”、“mediapackagev2:GetChannelGroup”、“mediapackagev2:ListChannelGroups”、“rds:DescribeEngineDefaultParameters”、“rolesanywhere:GetProfile”、“rolesanywhere:GetTrustAnchor”、“rolesanywhere:ListProfiles”、“rolesanywhere:ListTagsForResource”、“rolesanywhere:ListTrustAnchors”、“s3:GetAccessGrant”、“s3:ListAccessGrants”、“secretsmanager:DescribeSecret”、“securitylake:ListDataLakeExceptions”、“securitylake:ListDataLakes”、“securitylake:ListLogSources”、“servicecatalog:GetAttributeGroup”、“servicecatalog:ListAttributeGroups”、“servicecatalog:ListServiceActions”、“servicecatalog:ListServiceActionsForProvisioningArtifact”、“ses:GetTrafficPolicy”、“ses:ListTagsForResource”、“ses:ListTrafficPolicies”、“xray:GetGroup”、“xray:GetGroups”、“xray:GetSamplingRules”、“xray:ListResourcePolicies”、“xray:ListTagsForResource” |
此策略现在支持以下各项的更多权限:Amazon ARC - Zonal Shift、Amazon Bedrock、Amazon CloudTrail、Amazon CodeArtifact、Amazon Deadline Cloud、Amazon Database Migration Service、Amazon Glue、Amazon Identity and Access Management、Amazon Managed Streaming for Apache Kafka、Amazon Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、Amazon Secrets Manager、Amazon Security Lake、Amazon Service Catalog、Amazon Simple Email Service 和 Amazon X-Ray |
2025 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 添加 “arc-zonal-shift:GetAutoshiftObserverNotificationStatus”、“bedrock:GetModelInvocationLoggingConfiguration”、“cloudtrail:GetEventConfiguration”、“codeartifact:DescribeDomain”、“codeartifact:GetDomainPermissionsPolicy”、“deadline:GetFleet”、“deadline:GetQueueFleetAssociation”、“deadline:ListFleets”、“deadline:ListQueueFleetAssociations”、“deadline:ListTagsForResource”、“dms:DescribeDataMigrations”、“dms:ListMigrationProjects”、“glue:GetDataCatalogEncryptionSettings”、“iam:ListPolicies”、“kafkaconnect:DescribeCustomPlugin”、“kafkaconnect:DescribeWorkerConfiguration”、“kafkaconnect:ListCustomPlugins”、“kafkaconnect:ListTagsForResource”、“kafkaconnect:ListWorkerConfigurations”、“lakeformation:DescribeLakeFormationIdentityCenterConfiguration”、“logs:DescribeIndexPolicies”、“logs:ListTagsForResource”、“medialive:DescribeMultiplexProgram”、“medialive:ListMultiplexPrograms”、“mediapackagev2:GetChannelGroup”、“mediapackagev2:ListChannelGroups”、“rds:DescribeEngineDefaultParameters”、“rolesanywhere:GetProfile”、“rolesanywhere:GetTrustAnchor”、“rolesanywhere:ListProfiles”、“rolesanywhere:ListTagsForResource”、“rolesanywhere:ListTrustAnchors”、“s3:GetAccessGrant”、“s3:ListAccessGrants”、“secretsmanager:DescribeSecret”、“securitylake:ListDataLakeExceptions”、“securitylake:ListDataLakes”、“securitylake:ListLogSources”、“servicecatalog:GetAttributeGroup”、“servicecatalog:ListAttributeGroups”、“servicecatalog:ListServiceActions”、“servicecatalog:ListServiceActionsForProvisioningArtifact”、“ses:GetTrafficPolicy”、“ses:ListTagsForResource”、“ses:ListTrafficPolicies”、“xray:GetGroup”、“xray:GetGroups”、“xray:GetSamplingRules”、“xray:ListResourcePolicies”、“xray:ListTagsForResource”、“arn:aws:apigateway:::/account”、“arn:aws:apigateway:::/usageplans”、“arn:aws:apigateway:::/usageplans/”。 |
此策略现在支持为以下各项授予更多权限:Amazon ARC - Zonal Shift、Amazon Bedrock、Amazon CloudTrail、Amazon CodeArtifact、Amazon Deadline Cloud、Amazon Database Migration Service、Amazon Glue、Amazon Identity and Access Management、Amazon Managed Streaming for Apache Kafka、Amazon Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、Amazon Secrets Manager、Amazon Security Lake、Amazon Service Catalog、Amazon Simple Email Service、Amazon X-Ray 和 Amazon API Gateway。 |
2025 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 添加“backup-gateway:GetHypervisor”、“backup-gateway:ListHypervisors”、“bcm-data-exports:GetExport”、“bcm-data-exports:ListExports”、“bcm-data-exports:ListTagsForResource”、“bedrock:GetAgent”、“bedrock:GetAgentActionGroup”、“bedrock:GetAgentKnowledgeBase”、“bedrock:GetDataSource”、“bedrock:GetFlowAlias”、“bedrock:GetFlowVersion”、“bedrock:ListAgentActionGroups”、“bedrock:ListAgentKnowledgeBases”、“bedrock:ListDataSources”、“bedrock:ListFlowAliases”、“bedrock:ListFlowVersions”、“cloudformation:BatchDescribeTypeConfigurations”、“cloudformation:DescribeStackInstance”、“cloudformation:DescribeStackSet”、“cloudformation:ListStackInstances”、“cloudformation:ListStackSets”、“cloudfront:GetPublicKey”、“cloudfront:GetRealtimeLogConfig”、“cloudfront:ListPublicKeys”、“cloudfront:ListRealtimeLogConfigs”、“entityresolution:GetIdMappingWorkflow”、“entityresolution:GetSchemaMapping”、“entityresolution:ListIdMappingWorkflows”、“entityresolution:ListSchemaMappings”、“entityresolution:ListTagsForResource”、“iotdeviceadvisor:GetSuiteDefinition”、“iotdeviceadvisor:ListSuiteDefinitions”、“lambda:GetEventSourceMapping”、“lambda:ListEventSourceMappings”、“mediapackagev2:GetChannel”、“mediapackagev2:ListChannels”、“networkmanager:GetTransitGatewayPeering”、“networkmanager:ListPeerings”、“pca-connector-ad:GetDirectoryRegistration”、“pca-connector-ad:ListDirectoryRegistrations”、“pca-connector-ad:ListTagsForResource”、“rds:DescribeDBShardGroups”、“rds:DescribeIntegrations”、“redshift:DescribeIntegrations”、“s3tables:GetTableBucket”、“s3tables:GetTableBucketEncryption”、“s3tables:GetTableBucketMaintenanceConfiguration”、“s3tables:ListTableBuckets”、“ssm-quicksetup:GetConfigurationManager”、“ssm-quicksetup:ListConfigurationManagers” |
此策略现在支持为以下各项授予更多权限:Amazon Backup gateway、Amazon 账单与成本管理、Amazon Bedrock、Amazon CloudFormation、Amazon CloudFront、Amazon Entity Resolution 数据匹配服务、Amazon IoT Core Device Advisor、Amazon Lambda、Amazon Network Manager、Amazon 私有证书颁发机构、Amazon Relational Database Service、Amazon Redshift、Amazon S3 表类数据存储服务、Amazon Systems Manager 快速设置功能。 |
2025 年 6 月 18 日 |
AWS_ConfigRole – 添加“backup-gateway:GetHypervisor”、“backup-gateway:ListHypervisors”、“bcm-data-exports:GetExport”、“bcm-data-exports:ListExports”、“bcm-data-exports:ListTagsForResource”、“bedrock:GetAgent”、“bedrock:GetAgentActionGroup”、“bedrock:GetAgentKnowledgeBase”、“bedrock:GetDataSource”、“bedrock:GetFlowAlias”、“bedrock:GetFlowVersion”、“bedrock:ListAgentActionGroups”、“bedrock:ListAgentKnowledgeBases”、“bedrock:ListDataSources”、“bedrock:ListFlowAliases”、“bedrock:ListFlowVersions”、“cloudformation:BatchDescribeTypeConfigurations”、“cloudformation:DescribeStackInstance”、“cloudformation:DescribeStackSet”、“cloudformation:ListStackInstances”、“cloudformation:ListStackSets”、“cloudfront:GetPublicKey”、“cloudfront:GetRealtimeLogConfig”、“cloudfront:ListPublicKeys”、“cloudfront:ListRealtimeLogConfigs”、“entityresolution:GetIdMappingWorkflow”、“entityresolution:GetSchemaMapping”、“entityresolution:ListIdMappingWorkflows”、“entityresolution:ListSchemaMappings”、“entityresolution:ListTagsForResource”、“iotdeviceadvisor:GetSuiteDefinition”、“iotdeviceadvisor:ListSuiteDefinitions”、“lambda:GetEventSourceMapping”、“lambda:ListEventSourceMappings”、“networkmanager:GetTransitGatewayPeering”、“networkmanager:ListPeerings”、“pca-connector-ad:GetDirectoryRegistration”、“pca-connector-ad:ListDirectoryRegistrations”、“pca-connector-ad:ListTagsForResource”、“rds:DescribeDBShardGroups”、“rds:DescribeIntegrations”、“redshift:DescribeIntegrations”、“s3tables:GetTableBucket”、“s3tables:GetTableBucketEncryption”、“s3tables:GetTableBucketMaintenanceConfiguration”、“s3tables:ListTableBuckets”、“ssm-quicksetup:GetConfigurationManager”、“ssm-quicksetup:ListConfigurationManagers” |
此策略现在支持为以下各项授予更多权限:Amazon Backup gateway、Amazon 账单与成本管理、Amazon Bedrock、Amazon CloudFormation、Amazon CloudFront、Amazon Entity Resolution 数据匹配服务、Amazon IoT Core Device Advisor、Amazon Lambda、Amazon Network Manager、Amazon 私有证书颁发机构、Amazon Relational Database Service、Amazon Redshift、Amazon S3 表类数据存储服务、Amazon Systems Manager 快速设置功能。 |
2025 年 6 月 18 日 |
|
AWS_ConfigRole – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" |
此策略现在支持为 Amazon Bedrock 授予更多权限。 |
2025 年 5 月 27 日 |
|
AWSConfigServiceRolePolicy – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" |
此策略现在支持为 Amazon Bedrock 授予更多权限。 |
2025 年 5 月 27 日 |
|
AWS_ConfigRole – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" |
此策略现在支持为以下各项授予更多权限:Amazon B2B Data Interchange、Amazon Bedrock、Amazon Clean Rooms、Amazon CodeConnections、Amazon Direct Connect、Amazon Database Migration Service(Amazon DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI、Amazon Security Hub CSPM、Amazon Systems Manager Incident Manager、Amazon Systems Manager Incident Manager 联系人和。Amazon Systems Manager |
2025 年 4 月 8 日 |
|
AWSConfigServiceRolePolicy – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" |
此策略现在支持为以下各项授予更多权限:Amazon B2B Data Interchange、Amazon Bedrock、Amazon Clean Rooms、Amazon CodeConnections、Amazon Direct Connect、Amazon Database Migration Service(Amazon DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI、Amazon Security Hub CSPM、Amazon Systems Manager Incident Manager、Amazon Systems Manager Incident Manager 联系人和。Amazon Systems Manager此策略现在还支持通过包含资源模式“ |
2025 年 4 月 8 日 |
|
AWS_ConfigRole – 添加 "ec2:GetAllowedImagesSettings" |
此策略现在支持为 Amazon Elastic Compute Cloud(Amazon EC2)授予更多权限。 |
2025 年 3 月 4 日 |
|
AWSConfigServiceRolePolicy – 添加 "ec2:GetAllowedImagesSettings" |
此策略现在支持为 Amazon Elastic Compute Cloud(Amazon EC2)授予更多权限。 |
2025 年 3 月 4 日 |
|
AWS_ConfigRole – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" |
此策略现在支持为以下各项授予更多权限:Amazon Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon HealthOmics、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Email Service(Amazon SES)。 |
2025 年 1 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" |
此策略现在支持为以下各项授予更多权限:Amazon Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon HealthOmics、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Email Service(Amazon SES)。 |
2025 年 1 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "organizations:ListAWSServiceAccessForOrganization" |
此策略现在支持为 Amazon Organizations 授予更多权限。 |
2024 年 12 月 18 日 |
|
AWS_ConfigRole – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
此策略现在支持为以下各项授予更多权限:Amazon AppConfig、Amazon CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOps Guru、Amazon Glue、Identity Store、Amazon IoT、Amazon IoT FleetWise、Amazon IoT Wireless、Amazon Interactive Video Service(Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、Amazon Payment Cryptography、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service(Amazon S3)、Amazon EventBridge 调度器、Amazon Systems Manager 和 Amazon VPC Lattice。 |
2024 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
此策略现在支持为以下各项授予更多权限:Amazon AppConfig、Amazon CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOps Guru、Amazon Glue、Identity Store、Amazon IoT、Amazon IoT FleetWise、Amazon IoT Wireless、Amazon Interactive Video Service(Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、Amazon Payment Cryptography、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service(Amazon S3)、Amazon EventBridge 调度器、Amazon Systems Manager 和 Amazon VPC Lattice。 |
2024 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此策略现在支持为以下各项授予更多权限:Amazon OpenSearch Service Severless、Amazon AppStream、Amazon Backup、Amazon CloudTrail、Amazon Glue、EC2 Image Builder、Amazon IoT、Amazon Interactive Video Service(Amazon IVS)、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon HealthOmics 和 Amazon EventBridge 调度器。 |
2024 年 9 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此策略现在支持为以下各项授予更多权限:Amazon OpenSearch Service Severless、Amazon AppStream、Amazon Backup、Amazon CloudTrail、Amazon Glue、EC2 Image Builder、Amazon IoT、Amazon Interactive Video Service(Amazon IVS)、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon HealthOmics 和 Amazon EventBridge 调度器。 |
2024 年 9 月 16 日 |
|
AWS_ConfigRole – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此策略现在支持 Amazon Elastic File System(Amazon EFS)、Amazon Redshift 和 适用于 SAP 的 Amazon Systems Manager 的更多权限。 |
2024 年 6 月 17 日 |
|
AWSConfigServiceRolePolicy – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此策略现在支持 Amazon Elastic File System(Amazon EFS)、Amazon Redshift 和 适用于 SAP 的 Amazon Systems Manager 的更多权限。 |
2024 年 6 月 17 日 |
| AWS_ConfigRole – 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、Amazon Glue、Amazon Identity and Access Management(IAM)、Amazon Lambda、Amazon RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service(Amazon SNS)。 |
2024 年 2 月 22 日 |
| AWSConfigServiceRolePolicy – 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、Amazon Glue、Amazon Identity and Access Management(IAM)、Amazon Lambda、Amazon RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service(Amazon SNS)。 |
2024 年 2 月 22 日 |
|
AWSConfigUserAccess – Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略提供使用 Amazon Config 的访问权限,包括按资源上的标签进行搜索,以及读取所有标签。这不提供配置 Amazon Config 的权限(这需要管理权限)。 |
2024 年 2 月 22 日 |
| AWS_ConfigRole – 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此策略现在支持以下各项的额外权限:Amazon AppConfig、Amazon Managed Service for Prometheus、Amazon Database Migration Service(Amazon DMS)、(Amazon Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon CloudWatch Logs、Amazon Organizations 和 Amazon Simple Storage Service(Amazon S3)。 |
2023 年 12 月 5 日 |
| AWSConfigServiceRolePolicy – 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此策略现在支持以下各项的额外权限:Amazon AppConfig、Amazon Managed Service for Prometheus、Amazon Database Migration Service(Amazon DMS)、(Amazon Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon CloudWatch Logs、Amazon Organizations 和 Amazon Simple Storage Service(Amazon S3)。 |
2023 年 12 月 5 日 |
| AWS_ConfigRole – 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此策略现在支持为以下各项授予更多权限:Amazon Cognito、Amazon Connect、Amazon EMR、Amazon Ground Station、Amazon Mainframe Modernization、Amazon MemoryDB、Amazon Organizations、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift、Amazon Route 53、Amazon Service Catalog 和 Amazon Transfer Family |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此策略现在支持为以下各项授予更多权限:Amazon Cognito、Amazon Connect、Amazon EMR、Amazon Ground Station、Amazon Mainframe Modernization、Amazon MemoryDB、Amazon Organizations、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift、Amazon Route 53、Amazon Service Catalog 和 Amazon Transfer Family |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此策略现在支持为以下各项授予更多权限:Amazon 私有 CA、Amazon App Mesh、Amazon Connect、Amazon Elastic Container Service(Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、Amazon IoT、Amazon IoT TwinMaker、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lambda、Amazon Network Manager、Amazon Organizations 和 Amazon SageMaker AI。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此策略现在支持为以下各项授予更多权限:Amazon 私有 CA、Amazon App Mesh、Amazon Connect、Amazon Elastic Container Service(Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、Amazon IoT、Amazon IoT TwinMaker、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lambda、Amazon Network Manager、Amazon Organizations 和 Amazon SageMaker AI。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 移除 "ssm:GetParameter" |
此策略现在会移除 Amazon Systems Manager(Systems Manager)的权限。 |
2023 年 9 月 6 日 |
| AWS_ConfigRole – 添加 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
此策略现在支持、Amazon App MeshAmazon CloudFormation、Amazon CloudFront、Amazon CodeArtifactAmazon CodeBuild、Amazon Connect、Amazon Glue、Amazon GuardDuty、Amazon Identity and Access Management(IAM)、Amazon Inspector、Amazon IoT、Amazon IoT TwinMaker、Amazon IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnect、Amazon Network Manager、Amazon Organizations、Amazon 资源探索器、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Notification Service(Amazon SNS)的更多权限。 |
2023 年 7 月 28 日 |
| AWSConfigServiceRolePolicy – 添加 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
此策略现在支持、Amazon App MeshAmazon AppStream 2.0、Amazon CloudFormation、Amazon CloudFront、Amazon CodeArtifact、Amazon CodeBuild、Amazon Connect、Amazon Glue、Amazon GuardDuty、Amazon Identity and Access Management(IAM)、Amazon Inspector、Amazon IoT、Amazon IoT TwinMaker、Amazon IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnect、Amazon Network Manager、Amazon Organizations、Amazon 资源探索器、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Notification Service(Amazon SNS)和 Amazon EC2 Systems Manager(SSM)的更多权限。 |
2023 年 7 月 28 日 |
| AWS_ConfigRole – 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此策略现在支持为以下各项授予更多权限:Amazon Amplify、Amazon Connect、Amazon App Mesh、Amazon Managed Service for Prometheus、Amazon Athena、Amazon Batch、Amazon CloudFormation、Amazon CloudTrail、Amazon CodeArtifact、Amazon CodeGuru、Amazon Directory Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、Amazon Organizations、Amazon Forecast、Amazon IoT Greengrass、Amazon Ground Station、Amazon Identity and Access Management(IAM)、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lightsail、Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon Pinpoint、Amazon Virtual Private Cloud(Amazon VPC)、Amazon Personalize、Amazon Quick Suite、Amazon Migration Hub Refactor Spaces、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI 和 Amazon Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此策略现在支持为以下各项授予更多权限:Amazon Amplify、Amazon Connect、Amazon App Mesh、Amazon Managed Service for Prometheus、Amazon Athena、Amazon Batch、Amazon CloudFormation、Amazon CloudTrail、Amazon CodeArtifact、Amazon CodeGuru、Amazon Directory Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、Amazon Organizations、Amazon Forecast、Amazon IoT Greengrass、Amazon Ground Station、Amazon Identity and Access Management(IAM)、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lightsail、Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon Pinpoint、Amazon Virtual Private Cloud(Amazon VPC)、Amazon Personalize、Amazon Quick Suite、Amazon Migration Hub Refactor Spaces、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI 和 Amazon Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for、Amazon AmplifyAmazon App Mesh、Amazon App Runner、Amazon CloudFront、Amazon CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、Amazon Transfer Family、Amazon Pinpoint、Amazon Migration Hub、Amazon 韧性监测中心、Amazon CloudWatch、Amazon Directory Service 和 Amazon WAF |
2023 年 4 月 13 日 |
| AWS_ConfigRole – 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for、Amazon AmplifyAmazon App Mesh、Amazon App Runner、Amazon CloudFront、Amazon CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、Amazon Transfer Family、Amazon Pinpoint、Amazon Migration Hub、Amazon 韧性监测中心、Amazon CloudWatch、Amazon Directory Service 和 Amazon WAF |
2023 年 4 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for Amazon AppFlow、Amazon App Runner、Amazon AppStream 2.0、Amazon CloudFront、Amazon CloudWatch、Amazon CodeArtifact、Amazon CodeCommit、Amazon Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、Amazon Ground Station、Amazon Identity and Access Management(IAM)、Amazon IoT、Amazon MemoryDB、Amazon Pinpoint、Amazon Network Manager、Amazon Panorama、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI。 |
2023 年 3 月 30 日 |
| AWS_ConfigRole – 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for Amazon AppFlow、Amazon App Runner、Amazon AppStream 2.0、Amazon CloudFormation、Amazon CloudFront、Amazon CloudWatch、Amazon CodeArtifact、Amazon CodeCommit、Amazon Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast、Amazon Ground Station、Amazon Identity and Access Management(IAM)、Amazon IoT、Amazon MemoryDB、Amazon Pinpoint、Amazon Network Manager、Amazon Panorama、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI。 |
2023 年 3 月 30 日 |
|
AWSConfigRulesExecutionRole – Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略允许 Amazon Lambda 函数访问 Amazon Config 定期发送到 Amazon S3 的 Amazon Config API 和配置快照。对 Amazon 自定义 Lambda 规则的配置更改执行评估的函数需要此访问权限。 |
2023 年 3 月 7 日 |
|
AWSConfigRoleForOrganizations – Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略允许 Amazon Config 调用只读 Amazon Organizations API。 |
2023 年 3 月 7 日 |
|
AWSConfigRemediationServiceRolePolicy – Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略允许 Amazon Config 代表您修复 |
2023 年 3 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 Amazon Audit Manager 中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
|
AWS_ConfigRole – 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 Amazon Audit Manager 中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
|
AWSConfigMultiAccountSetupPolicy – Amazon Config 开始跟踪此 Amazon 托管策略的更改 |
此策略允许 Amazon Config 使用 Amazon Organizations 调用 Amazon 服务并在整个组织中部署 Amazon Config 资源。 |
2023 年 2 月 27 日 |
|
AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、Amazon IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、Amazon Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、Amazon Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、Amazon IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、Amazon Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、Amazon Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon Audit Manager、Amazon Device Farm、Amazon Database Migration Service(Amazon DMS)、Amazon Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Glue、Amazon IoT、Amazon Lightsail、AWS Elemental MediaPackage、Amazon Network Manager、Amazon Quick Suite、Amazon Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon Audit Manager、Amazon Device Farm、Amazon Database Migration Service(Amazon DMS)、Amazon Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Glue、Amazon IoT、Amazon Lightsail、AWS Elemental MediaPackage、Amazon Network Manager、Amazon Quick Suite、Amazon Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 Amazon CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 Amazon CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:Amazon Certificate Manager、Amazon Managed Workflows for Apache Airflow、Amazon Amplify、Amazon AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、Amazon Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、Amazon Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、Amazon IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、Amazon OpsWorks、Amazon Panorama、Amazon Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon RoboMaker、Amazon Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Cloud Map 和 Amazon Security Token Service |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:Amazon Certificate Manager、Amazon Managed Workflows for Apache Airflow、Amazon Amplify、Amazon AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、Amazon Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、Amazon Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、Amazon IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、Amazon OpsWorks、Amazon Panorama、Amazon Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon RoboMaker、Amazon Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Cloud Map 和 Amazon Security Token Service |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 Amazon Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 Amazon Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、Amazon AppConfig、Amazon AppSync、Amazon Auto Scaling、Amazon Backup、Amazon Budgets、Amazon Cost Explorer、Amazon Cloud9、Amazon Directory Service、Amazon DataSync、AWS Elemental MediaPackage、Amazon Glue、Amazon IoT、Amazon IoT Analytics、Amazon IoT Events、Amazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer 和 Amazon Transfer Family |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、Amazon AppConfig、Amazon AppSync、Amazon Auto Scaling、Amazon Backup、Amazon Budgets、Amazon Cost Explorer、Amazon Cloud9、Amazon Directory Service、Amazon DataSync、AWS Elemental MediaPackage、Amazon Glue、Amazon IoT、Amazon IoT Analytics、Amazon IoT Events、Amazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer 和 Amazon Transfer Family |
2022 年 9 月 7 日 |
| AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | 此策略现在支持 Amazon Managed Workflows for Apache Airflow、Amazon IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、Amazon Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、Amazon Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 | 2023 年 2 月 1 日 |
|
AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、Amazon IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、Amazon Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、Amazon Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon Audit Manager、Amazon Device Farm、Amazon Database Migration Service(Amazon DMS)、Amazon Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Glue、Amazon IoT、Amazon Lightsail、AWS Elemental MediaPackage、Amazon Network Manager、Amazon Quick Suite、Amazon Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon Audit Manager、Amazon Device Farm、Amazon Database Migration Service(Amazon DMS)、Amazon Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Glue、Amazon IoT、Amazon Lightsail、AWS Elemental MediaPackage、Amazon Network Manager、Amazon Quick Suite、Amazon Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 Amazon CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 Amazon CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:Amazon Certificate Manager、Amazon Managed Workflows for Apache Airflow、Amazon Amplify、Amazon AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、Amazon Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、Amazon Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、Amazon IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、Amazon OpsWorks、Amazon Panorama、Amazon Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon RoboMaker、Amazon Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Cloud Map 和 Amazon Security Token Service |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:Amazon Certificate Manager、Amazon Managed Workflows for Apache Airflow、Amazon Amplify、Amazon AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、Amazon Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、Amazon Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、Amazon IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、Amazon OpsWorks、Amazon Panorama、Amazon Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon RoboMaker、Amazon Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Cloud Map 和 Amazon Security Token Service |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 Amazon Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 Amazon Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、Amazon AppConfig、Amazon AppSync、Amazon Auto Scaling、Amazon Backup、Amazon Budgets、Amazon Cost Explorer、Amazon Cloud9、Amazon Directory Service、Amazon DataSync、AWS Elemental MediaPackage、Amazon Glue、Amazon IoT、Amazon IoT Analytics、Amazon IoT Events、Amazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer 和 Amazon Transfer Family |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、Amazon AppConfig、Amazon AppSync、Amazon Auto Scaling、Amazon Backup、Amazon Budgets、Amazon Cost Explorer、Amazon Cloud9、Amazon Directory Service、Amazon DataSync、AWS Elemental MediaPackage、Amazon Glue、Amazon IoT、Amazon IoT Analytics、Amazon IoT Events、Amazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer 和 Amazon Transfer Family |
2022 年 9 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此策略现在授予以下权限:返回 Amazon Web Services 账户中的 Amazon DataSync 代理、DataSync 源和目标位置,以及 DataSync 任务的列表;列出与 Amazon Web Services 账户中一个或多个指定命名空间关联的 Amazon Cloud Map 命名空间和服务的摘要信息;以及列出 Amazon Web Services 账户中所有可用的 Amazon Simple Email Service(Amazon SES)联系人列表。 |
2022 年 8 月 22 日 |
|
AWS_ConfigRole – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此策略现在授予以下权限:返回 Amazon Web Services 账户中的 Amazon DataSync 代理、DataSync 源和目标位置,以及 DataSync 任务的列表;列出与 Amazon Web Services 账户中一个或多个指定命名空间关联的 Amazon Cloud Map 命名空间和服务的摘要信息;以及列出 Amazon Web Services 账户中所有可用的 Amazon Simple Email Service(Amazon SES)联系人列表。 |
2022 年 8 月 22 日 |
|
ConfigConformsServiceRolePolicy – 添加 cloudwatch:PutMetricData |
此策略现在授予将指标数据点发布到 Amazon CloudWatch 的权限。 |
2022 年 7 月 25 日 |
|
AWSConfigServiceRolePolicy – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此策略现在支持为以下各项授予更多权限:Amazon Elastic Container Service(Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、适用于 Apache Flink 的亚马逊托管服务、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、Amazon RoboMaker、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Email Service(Amazon SES)、Amazon Amplify、Amazon AppConfig、Amazon AppSync、Amazon Billing Conductor、Amazon DataSync、Amazon Firewall Manager、Amazon Glue、Amazon IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
|
AWS_ConfigRole – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此策略现在支持为以下各项授予更多权限:Amazon Elastic Container Service(Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、适用于 Apache Flink 的亚马逊托管服务、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、Amazon RoboMaker、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Email Service(Amazon SES)、Amazon Amplify、Amazon AppConfig、Amazon AppSync、Amazon Billing Conductor、Amazon DataSync、Amazon Firewall Manager、Amazon Glue、Amazon IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此策略现在授予以下权限:获取指定的 Amazon Athena 数据目录,列出 Amazon Web Services 账户中的 Athena 数据目录,以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图形列表,列出侦查行为图形的标签;获取给定 Amazon Glue 开发端点名称列表的资源元数据列表,获取有关指定 Amazon Glue 开发端点的信息,获取 Amazon Web Services 账户中的所有 Amazon Glue 开发端点,检索指定的 Amazon Glue 安全配置,获取所有 Amazon Glue 安全配置,获取与 Amazon Glue 资源关联的标签列表,获取有关具有指定名称的 Amazon Glue 工作组的信息,检索 Amazon中所有 Amazon Glue 爬网程序资源的名称,获取 Amazon Web Services 账户中所有 Amazon Glue |
2022 年 5 月 31 日 |
|
AWS_ConfigRole – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此策略现在授予以下权限:获取指定的 Amazon Athena 数据目录,列出 Amazon Web Services 账户中的 Athena 数据目录,以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图形列表,列出侦查行为图形的标签;获取给定 Amazon Glue 开发端点名称列表的资源元数据列表,获取有关指定 Amazon Glue 开发端点的信息,获取 Amazon Web Services 账户中的所有 Amazon Glue 开发端点,检索指定的 Amazon Glue 安全配置,获取所有 Amazon Glue 安全配置,获取与 Amazon Glue 资源关联的标签列表,获取有关具有指定名称的 Amazon Glue 工作组的信息,检索 Amazon中所有 Amazon Glue 爬网程序资源的名称,获取 Amazon Web Services 账户中所有 Amazon Glue |
2022 年 5 月 31 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此策略现在授予以下权限:获取有关所有或指定 Amazon CloudTrail 事件数据存储(EDS)的信息,获取有关全部或指定 Amazon CloudFormation 资源的信息,获取 DynamoDB Accelerator(DAX)参数组或子网组的列表,获取有关当前正在访问的区域中您的账户的 Amazon Database Migration Service(Amazon DMS)复制任务的信息,以及获取指定类型 Amazon Organizations 的所有策略列表。 |
2022 年 4 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此策略现在授予以下权限:获取有关所有或指定 Amazon CloudTrail 事件数据存储(EDS)的信息,获取有关全部或指定 Amazon CloudFormation 资源的信息,获取 DynamoDB Accelerator(DAX)参数组或子网组的列表,获取有关当前正在访问的区域中您的账户的 Amazon Database Migration Service(Amazon DMS)复制任务的信息,以及获取指定类型 Amazon Organizations 的所有策略列表。 |
2022 年 4 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此策略现在支持、Amazon BackupAmazon Batch、DynamoDB Accelerator、Amazon Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、Amazon Key Management Service、Amazon OpsWorks、Amazon Relational Database Service、Amazon WAFV2 和 Amazon WorkSpaces 的更多权限。 |
2022 年 3 月 14 日 |
|
AWS_ConfigRole – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此策略现在支持、Amazon BackupAmazon Batch、DynamoDB Accelerator、Amazon Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、Amazon Key Management Service、Amazon OpsWorks、Amazon Relational Database Service、Amazon WAFV2 和 Amazon WorkSpaces 的更多权限。 |
2022 年 3 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此策略现在授予以下权限:获取有关 Elastic Beanstalk 环境的详细信息,以及指定 Elastic Beanstalk 配置集的设置说明;获取 OpenSearch 或 Elasticsearch 版本地图,描述数据库的可用 Amazon RDS 选项组,以及获取有关 CodeDeploy 部署配置的信息。此策略现在还授予以下权限:检索附加到 Amazon Web Services 账户的指定备用联系人,检索有关 Amazon Organizations 策略的信息,检索 Amazon ECR 存储库策略,检索有关存档的 Amazon Config 规则的信息,检索 Amazon ECS 任务定义系列的列表,列出指定子 OU 或账户的根或父级组织单位(OU),以及列出附加到指定目标根目录、组织单位或账户的策略。 |
2022 年 2 月 10 日 |
|
AWS_ConfigRole – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此策略现在授予以下权限:获取有关 Elastic Beanstalk 环境的详细信息,以及指定 Elastic Beanstalk 配置集的设置说明;获取 OpenSearch 或 Elasticsearch 版本地图,描述数据库的可用 Amazon RDS 选项组,以及获取有关 CodeDeploy 部署配置的信息。此策略现在还授予以下权限:检索附加到 Amazon Web Services 账户的指定备用联系人,检索有关 Amazon Organizations 策略的信息,检索 Amazon ECR 存储库策略,检索有关存档的 Amazon Config 规则的信息,检索 Amazon ECS 任务定义系列的列表,列出指定子 OU 或账户的根或父级组织单位(OU),以及列出附加到指定目标根目录、组织单位或账户的策略。 |
2022 年 2 月 10 日 |
|
AWSConfigServiceRolePolicy – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此策略现在授予创建 Amazon CloudWatch logs 组和流,以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此策略现在授予创建 Amazon CloudWatch logs 组和流,以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此策略现在授予以下权限:获取有关 Amazon OpenSearch Service(OpenSearch Service)域/域的详细信息,以及获取特定 Amazon Relational Database Service(Amazon RDS)数据库参数组的详细参数列表。此策略还授予获取有关 Amazon ElastiCache 快照的详细信息的权限。 |
2021 年 9 月 8 日 |
|
AWS_ConfigRole – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此策略现在授予以下权限:获取有关 Amazon OpenSearch Service(OpenSearch Service)域/域的详细信息,以及获取特定 Amazon Relational Database Service(Amazon RDS)数据库参数组的详细参数列表。此策略还授予获取有关 Amazon ElastiCache 快照的详细信息的权限。 |
2021 年 9 月 8 日 |
|
AWSConfigServiceRolePolicy – 为 Amazon 资源类型添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 和其他权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。此策略现在支持为以下各项授予更多权限:Amazon EC2 Systems Manager(SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Relational Database Service(Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、Amazon Database Migration Service、Amazon Global Accelerator 和 Amazon Storage Gateway |
2021 年 7 月 28 日 |
|
AWS_ConfigRole – 为 Amazon 资源类型添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 和其他权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。此策略现在支持为以下各项授予更多权限:Amazon EC2 Systems Manager(SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Relational Database Service(Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、Amazon Database Migration Service、Amazon Global Accelerator 和 Amazon Storage Gateway |
2021 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 为 Amazon 资源类型添加 ssm:DescribeDocumentPermission 和其他权限 |
此策略现在授予查看有关 IAM Access Analyzer 的 Amazon Systems Manager 文档和信息的权限。此策略现在支持 Amazon Kinesis、Amazon ElastiCache、Amazon EMR、Amazon Network Firewall、Amazon Route 53 和 Amazon Relational Database Service(Amazon RDS)的更多 Amazon 资源类型。这些权限更改允许 Amazon Config 调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 lambda-inside-vpc Amazon Config 托管规则的 Lambda@Edge 函数。 |
2021 年 6 月 8 日 |
|
AWS_ConfigRole – 为 Amazon 资源类型添加 ssm:DescribeDocumentPermission 和其他权限 |
此策略现在授予查看有关 IAM Access Analyzer 的 Amazon Systems Manager 文档和信息的权限。此策略现在支持 Amazon Kinesis、Amazon ElastiCache、Amazon EMR、Amazon Network Firewall、Amazon Route 53 和 Amazon Relational Database Service(Amazon RDS)的更多 Amazon 资源类型。这些权限更改允许 Amazon Config 调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 lambda-inside-vpc Amazon Config 托管规则的 Lambda@Edge 函数。 |
2021 年 6 月 8 日 |
|
AWSConfigServiceRolePolicy – 添加 apigateway:GET 权限,以对 API Gateway 进行只读 GET 调用,添加 s3:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus 权限,以调用 Amazon S3 只读 API |
此策略现在授予权限,以允许 Amazon Config 对 API Gateway 进行只读 GET 调用,以支持 API Gateway 的 Amazon Config 规则。此策略还添加了权限,允许 Amazon Config 调用 Amazon Simple Storage Service(Amazon S3)只读 API,支持新 |
2021 年 5 月 10 日 |
|
AWS_ConfigRole – 添加 apigateway:GET 权限,以对 API Gateway 进行只读 GET 调用,添加 s3:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus 权限,以调用 Amazon S3 只读 API |
此策略现在授予权限,以允许 Amazon Config 对 API Gateway 进行只读 GET 调用,以支持 API Gateway 的。Amazon Config此策略还添加了权限,允许 Amazon Config 调用 Amazon Simple Storage Service(Amazon S3)只读 API,支持新 |
2021 年 5 月 10 日 |
|
AWSConfigServiceRolePolicy – 为 Amazon 资源类型添加 ssm:ListDocuments 权限和其他权限 |
此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 此策略现在还支持以下各项的更多 Amazon 资源类型:Amazon Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service(Amazon S3)、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI、Amazon Database Migration Service 和 Amazon Route 53。这些权限更改允许 Amazon Config 调用支持这些资源类型所需的只读 API。 |
2021 年 4 月 1 日 |
|
AWS_ConfigRole – 为 Amazon 资源类型添加 ssm:ListDocuments 权限和其他权限 |
此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 此策略现在还支持以下各项的更多 Amazon 资源类型:Amazon Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service(Amazon S3)、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI、Amazon Database Migration Service 和 Amazon Route 53。这些权限更改允许 Amazon Config 调用支持这些资源类型所需的只读 API。 |
2021 年 4 月 1 日 |
|
|
|
2021 年 4 月 1 日 |
|
Amazon Config 开启了跟踪更改 |
Amazon Config 为其 Amazon 托管式策略开启了跟踪更改。 |
2021 年 4 月 1 日 |