Amazon适用于 Amazon Config 的托管策略 - Amazon Config
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Amazon适用于 Amazon Config 的托管策略

要向用户、组和角色添加权限,与自己编写策略相比,使用 Amazon 托管策略更简单。创建仅为团队提供所需权限的 IAM 客户托管策略需要时间和专业知识。要快速入门,您可以使用我们的 Amazon 托管式策略。这些策略涵盖常见使用案例,可在您的 Amazon Web Services 账户 中使用。有关 Amazon 托管式策略的更多信息,请参阅 IAM 用户指南中的Amazon 托管式策略

Amazon Web Services 负责维护和更新 Amazon 托管式策略。您无法更改 Amazon 托管式策略中的权限。服务偶尔会向 Amazon 托管式策略添加额外权限以支持新功能。此类更新会影响附加策略的所有身份(用户、组和角色)。当启动新功能或新操作可用时,服务最有可能会更新 Amazon 托管式策略。服务不会从 Amazon 托管式策略中删除权限,因此策略更新不会破坏您的现有权限。

此外,Amazon 还支持跨多种服务的工作职能的托管式策略。例如,ViewOnlyAccess Amazon 托管式策略提供对许多 Amazon Web Services 服务和资源的只读访问权限。当服务启动新功能时,Amazon 会为新操作和资源添加只读权限。有关工作职能策略的列表和说明,请参阅 IAM 用户指南中的适用于工作职能的 Amazon 托管策略

Amazon托管策略: AWSConfigServiceRolePolicy

Amazon Config使用名为的服务相关角色AWSServiceRoleForConfig打电话给其他人Amazon代表您提供的服务。当您使用以下应用程序时:Amazon要设置的管理控制台Amazon Config,这个 SLR 是由自动创建的Amazon Config如果你选择了使用Amazon ConfigSLR 而不是你自己的Amazon Identity and Access Management(IAM) 服务角色。

这些区域有:AWSServiceRoleForConfigSLR 包含托管策略AWSConfigServiceRolePolicy. 此只只只只只只只只只只只只只只只只只只只写Amazon Config资源和其他服务中资源的只读权限Amazon Config支持。有关更多信息,请参阅 支持的资源类型对 Amazon Config 使用服务相关角色

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "apigateway:GET", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "athena:GetDataCatalog", "athena:GetWorkGroup", "athena:ListDataCatalogs", "athena:ListTagsForResource", "athena:ListWorkGroups", "autoscaling-plans:DescribeScalingPlanResources", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", "backup:DescribeFramework", "backup:DescribeRecoveryPoint", "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:ListTagsForResource", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListTagsForResource", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionsForBudget", "budgets:ViewBudget", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", "cloudformation:ListTypes", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStream", "cloudwatch:ListMetricStreams", "codedeploy:GetDeploymentConfig", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", "devops-guru:GetResourceCollection", "dms:DescribeCertificates", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheParameters", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:GetCompatibleElasticsearchVersions", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", "events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeRule", "events:ListArchives", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "finspace:GetEnvironment", "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:ListPolicies", "fms:ListTagsForResource", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetVariables", "frauddetector:ListTagsForResource", "fsx:DescribeFileSystems", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "gamelift:DescribeMatchmakingRuleSets", "gamelift:DescribeAlias", "gamelift:DescribeBuild", "gamelift:DescribeFleetAttributes", "gamelift:DescribeFleetCapacity", "gamelift:DescribeFleetLocationAttributes", "gamelift:DescribeFleetLocationCapacity", "gamelift:DescribeFleetPortSettings", "gamelift:DescribeGameServerGroup", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeRuntimeConfiguration", "gamelift:DescribeScript", "gamelift:DescribeVpcPeeringAuthorizations", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListFleets", "gamelift:ListGameServerGroups", "gamelift:ListScripts", "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", "geo:DescribeTracker", "geo:ListMaps", "geo:ListTrackerConsumers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListWorkflows", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListFindings", "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "iot:DescribeCertificate", "iot:DescribeDimension", "iot:DescribeRoleAlias", "iot:DescribeSecurityProfile", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListCertificates", "iot:ListDimensions", "iot:ListPolicies", "iot:ListRoleAliases", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:ValidateSecurityProfileBehaviors", "iotanalytics:DescribeChannel", "iotanalytics:DescribeDataset", "iotanalytics:DescribeDatastore", "iotanalytics:DescribePipeline", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotanalytics:ListTagsForResource", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:ListAccessPolicies", "iotsitewise:ListAssets", "iottwinmaker:GetEntity", "iottwinmaker:GetScene", "iottwinmaker:GetWorkspace", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", "ivs:GetPlaybackKeyPair", "ivs:GetRecordingConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", "ivs:ListPlaybackKeyPairs", "ivs:ListRecordingConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:ListClusters", "kafka:ListClustersV2", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", "lakeformation:DescribeResource", "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions", "lakeformation:ListResources", "lambda:GetAlias", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeResourcePolicy", "lex:ListBotAliases", "lex:ListBotLocales", "lex:ListBots", "lex:ListTagsForResource", "license-manager:GetGrant", "license-manager:GetLicense", "license-manager:ListDistributedGrants", "license-manager:ListLicenses", "license-manager:ListReceivedGrants", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListTagsForResource", "lookoutmetrics:DescribeAlert", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:ListMetricSets", "lookoutmetrics:ListTagsForResource", "lookoutvision:DescribeProject", "lookoutvision:ListProjects", "macie2:GetMacieSession", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", "mobiletargeting:GetInAppTemplate", "mobiletargeting:ListTemplates", "mq:DescribeBroker", "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", "opsworks:DescribeLayers", "opsworks:ListTags", "organizations:DescribeOrganization", "organizations:DescribePolicy", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "profile:GetDomain", "profile:GetIntegration", "profile:GetProfileObjectType", "profile:ListDomains", "profile:ListIntegrations", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:DescribeDataSet", "quicksight:DescribeDataSetPermissions", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions", "quicksight:ListAnalyses", "quicksight:ListDataSets", "quicksight:ListTagsForResource", "quicksight:ListThemes", "ram:GetResourceShareAssociations", "ram:GetResourceShares", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "rekognition:DescribeStreamProcessor", "rekognition:ListTagsForResource", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListApps", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListResiliencyPolicies", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallDomains", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRules", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListTagsForResource", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListEndpoints", "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribeWorkteam", "sagemaker:ListCodeRepositories", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListTags", "sagemaker:ListWorkteams", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "sdb:GetAttributes", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningProfiles", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListPermissionSets", "sso:ListTagsForResource", "states:DescribeActivity", "states:DescribeStateMachine", "states:ListActivities", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "support:DescribeCases", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:ListTagsForResource", "tag:GetResources", "timestream:DescribeDatabase", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:DescribeWorkflow", "transfer:ListServers", "transfer:ListUsers", "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", "wafv2:GetRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "workspaces:DescribeConnectionAliases", "workspaces:DescribeTags", "workspaces:DescribeWorkspaces" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*" }, { "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" } ] }

Amazon托管策略:AWS_ConfigRole

要录制你的Amazon资源配置,Amazon Config需要 IAM 权限才能获取有关您的资源的配置详细信息。如果您要为以下公司创建 IAM 角色Amazon Config,你可以使用托管策略AWS_ConfigRole并将其附加到您的 IAM 角色。

此 IAM 策略每次都会更新Amazon Config添加了对 an的支持Amazon资源类型。这意味着Amazon Config将继续拥有记录所支持资源类型的配置数据所需的权限,只要AWS_ConfigRole角色已附加此托管策略。有关更多信息,请参阅 支持的资源类型分配给的 IAM 角色的权限Amazon Config

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "apigateway:GET", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "athena:GetDataCatalog", "athena:GetWorkGroup", "athena:ListDataCatalogs", "athena:ListTagsForResource", "athena:ListWorkGroups", "autoscaling-plans:DescribeScalingPlanResources", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", "backup:DescribeFramework", "backup:DescribeRecoveryPoint", "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:ListTagsForResource", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListTagsForResource", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionsForBudget", "budgets:ViewBudget", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", "cloudformation:ListTypes", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStream", "cloudwatch:ListMetricStreams", "codedeploy:GetDeploymentConfig", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", "devops-guru:GetResourceCollection", "dms:DescribeCertificates", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheParameters", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:GetCompatibleElasticsearchVersions", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", "events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeRule", "events:ListArchives", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "finspace:GetEnvironment", "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:ListPolicies", "fms:ListTagsForResource", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetVariables", "frauddetector:ListTagsForResource", "fsx:DescribeFileSystems", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "gamelift:DescribeMatchmakingRuleSets", "gamelift:DescribeAlias", "gamelift:DescribeBuild", "gamelift:DescribeFleetAttributes", "gamelift:DescribeFleetCapacity", "gamelift:DescribeFleetLocationAttributes", "gamelift:DescribeFleetLocationCapacity", "gamelift:DescribeFleetPortSettings", "gamelift:DescribeGameServerGroup", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeRuntimeConfiguration", "gamelift:DescribeScript", "gamelift:DescribeVpcPeeringAuthorizations", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListFleets", "gamelift:ListGameServerGroups", "gamelift:ListScripts", "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", "geo:DescribeTracker", "geo:ListMaps", "geo:ListTrackerConsumers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListWorkflows", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListFindings", "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "iot:DescribeCertificate", "iot:DescribeDimension", "iot:DescribeRoleAlias", "iot:DescribeSecurityProfile", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListCertificates", "iot:ListDimensions", "iot:ListPolicies", "iot:ListRoleAliases", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:ValidateSecurityProfileBehaviors", "iotanalytics:DescribeChannel", "iotanalytics:DescribeDataset", "iotanalytics:DescribeDatastore", "iotanalytics:DescribePipeline", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotanalytics:ListTagsForResource", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:ListAccessPolicies", "iotsitewise:ListAssets", "iottwinmaker:GetEntity", "iottwinmaker:GetScene", "iottwinmaker:GetWorkspace", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", "ivs:GetPlaybackKeyPair", "ivs:GetRecordingConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", "ivs:ListPlaybackKeyPairs", "ivs:ListRecordingConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:ListClusters", "kafka:ListClustersV2", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", "lakeformation:DescribeResource", "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions", "lakeformation:ListResources", "lambda:GetAlias", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeResourcePolicy", "lex:ListBotAliases", "lex:ListBotLocales", "lex:ListBots", "lex:ListTagsForResource", "license-manager:GetGrant", "license-manager:GetLicense", "license-manager:ListDistributedGrants", "license-manager:ListLicenses", "license-manager:ListReceivedGrants", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListTagsForResource", "lookoutmetrics:DescribeAlert", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:ListMetricSets", "lookoutmetrics:ListTagsForResource", "lookoutvision:DescribeProject", "lookoutvision:ListProjects", "macie2:GetMacieSession", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", "mobiletargeting:GetInAppTemplate", "mobiletargeting:ListTemplates", "mq:DescribeBroker", "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", "opsworks:DescribeLayers", "opsworks:ListTags", "organizations:DescribeOrganization", "organizations:DescribePolicy", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "profile:GetDomain", "profile:GetIntegration", "profile:GetProfileObjectType", "profile:ListDomains", "profile:ListIntegrations", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:DescribeDataSet", "quicksight:DescribeDataSetPermissions", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions", "quicksight:ListAnalyses", "quicksight:ListDataSets", "quicksight:ListTagsForResource", "quicksight:ListThemes", "ram:GetResourceShareAssociations", "ram:GetResourceShares", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "rekognition:DescribeStreamProcessor", "rekognition:ListTagsForResource", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListApps", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListResiliencyPolicies", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallDomains", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRules", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListTagsForResource", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListEndpoints", "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribeWorkteam", "sagemaker:ListCodeRepositories", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListTags", "sagemaker:ListWorkteams", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "sdb:GetAttributes", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningProfiles", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListPermissionSets", "sso:ListTagsForResource", "states:DescribeActivity", "states:DescribeStateMachine", "states:ListActivities", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "support:DescribeCases", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:ListTagsForResource", "tag:GetResources", "timestream:DescribeDatabase", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:DescribeWorkflow", "transfer:ListServers", "transfer:ListUsers", "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", "wafv2:GetRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "workspaces:DescribeConnectionAliases", "workspaces:DescribeTags", "workspaces:DescribeWorkspaces" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*" }, { "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" } ] }

Amazon托管策略: ConfigConformsServiceRolePolicy

要部署和管理一致性包,Amazon Config需要 IAM 权限和其他人的某些权限Amazon服务。它们允许您部署和管理具有全部功能的合规包,并且每次都会更新Amazon Config为一致性包添加了新功能。有关一致性包的更多信息,请参阅一致性包.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "config:PutConfigRule", "config:DeleteConfigRule", "config:DescribeConfigRules" ], "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.aws.internal*" }, { "Effect": "Allow", "Action": [ "config:DescribeRemediationConfigurations", "config:DeleteRemediationConfiguration", "config:PutRemediationConfigurations" ], "Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.aws.internal*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.aws.internal/*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation", "Condition": { "StringLike": { "iam:AWSServiceName": "remediation.config.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "ssm.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:DescribeDocument", "ssm:GetDocument" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetBucketAcl" ], "Resource": "arn:aws:s3:::awsconfigconforms*" }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetStackPolicy", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack", "cloudformation:UpdateTerminationProtection", "cloudformation:ValidateTemplate", "cloudformation:ListStackResources" ], "Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": "AWS/Config" } } } ] }

对 Amazon 托管式策略的 Amazon Config 更新

查看有关 Amazon Config 的 Amazon 托管式策略更新的详细信息(从该服务开始跟踪这些更改开始)。要获得有关此页面更改的自动提示,请订阅上的 RSS 源Amazon Config 文档历史记录请参页面...

更改 说明 日期

AWSConfigServiceRolePolicy— 添加Glue::GetTable

此策略现在授予检索权限Amazon Glue数据目录中指定表的表定义。

2021 年 9 月 14 日

AWS_ConfigRole— 添加Glue::GetTable

此策略现在授予检索权限Amazon Glue数据目录中指定表的表定义。

2021 年 9 月 14 日

AWSConfigServiceRolePolicy— 添加 appconfig:ListApplications,appflow:DescribeConnectorProfiles,appsync:GetApiCache,自动扩展计划:DescribeScalingPlanResources,自动扩展计划:DescribeScalingPlans,自动扩展计划:GetScalingPlanResourceForecastData,自动扩展:DescribeWarmPool,备份:DescribeFramework,备份:DescribeReportPlan,备份:ListFrameworks,备份:ListReportPlans,,预算DescribeBudgetAction,,预算DescribeBudgetActionsForAccount,,预算DescribeBudgetActionsForBudget,,预算ViewBudget,ce:GetAnomalyMonitors,ce:GetAnomalySubscriptions,cloud9:DescribeEnvironmentMemberships,cloud9:DescribeEnvironments,cloud9:ListEnvironments,cloud9:ListTagsForResource,coudwatch:GetMetricStream,coudwatch:ListMetricStreams,数据同步:DescribeLocationFsxWindows,devops-guru:GetResourceCollection,ds:DescribeDirectories请参阅...DescribeTrafficMirrorFilters请参阅...DescribeTrafficMirrorTargets请参阅...GetNetworkInsightsAccessScopeAnalysisFindings请参阅...GetNetworkInsightsAccessScopeContent,elasticmapreduce/DescribeStudio,elasticmapreduce/GetStudioSessionMapping,elasticmapreduce/ListStudios,elasticmapreduce/ListStudioSessionMappings,事件:DescribeEndpoint,事件:DescribeEventBus,事件:DescribeRule,事件:ListArchives,事件:ListEndpoints,事件:ListEventBuses,事件:ListRules,事件:ListTagsForResource,事件:ListTargetsByRule,finspace:GetEnvironment,finspace:ListEnvironments,欺诈探测器:GetDetectors,欺诈探测器:GetDetectorVersion,欺诈探测器:GetEntityTypes,欺诈探测器:GetEventTypes,欺诈探测器:GetExternalModels,欺诈探测器:GetLabels,欺诈探测器:GetModels,欺诈探测器:GetOutcomes,欺诈探测器:GetVariables,欺诈探测器:ListTagsForResource,gamelift:DescribeAlias,gamelift:DescribeBuild,gamelift:DescribeFleetAttributes,gamelift:DescribeFleetCapacity,gamelift:DescribeFleetLocationAttributes,gamelift:DescribeFleetLocationCapacity,gamelift:DescribeFleetPortSettings,gamelift:DescribeGameServerGroup,gamelift:DescribeGameSessionQueues,gamelift:DescribeMatchmakingConfigurations,gamelift:DescribeMatchmakingRuleSets,gamelift:DescribeRuntimeConfiguration,gamelift:DescribeScript,gamelift:DescribeVpcPeeringAuthorizations,gamelift:ListAliases,gamelift:ListBuilds,gamelift:ListFleets,gamelift:ListGameServerGroups,gamelift:ListScripts,gamelift:ListTagsForResource请参此...ListMaps,胶水:GetClassifier,胶水:GetClassifiers,imagebuilder:GetContainerRecipe,imagebuilder:GetImage,imagebuilder:GetImagePipeline,imagebuilder:GetImageRecipe,imagebuilder:ListContainerRecipes,imagebuilder:ListImageBuildVersions,imagebuilder:ListImagePipelines,imagebuilder:ListImageRecipes,imagebuilder:ListImages,物联网:DescribeCertificate,物联网:DescribeDimension,物联网:DescribeRoleAlias,物联网:DescribeSecurityProfile,物联网:GetPolicy,物联网:GetTopicRule,物联网:GetTopicRuleDestination,物联网:ListCertificates,物联网:ListDimensions,物联网:ListPolicies,物联网:ListRoleAliases,物联网:ListSecurityProfiles,物联网:ListSecurityProfilesForTarget,物联网:ListTagsForResource,物联网:ListTargetsForSecurityProfile,物联网:ListTopicRuleDestinations,物联网:ListTopicRules,物联网:Listv2LoggingLevels,物联网:ValidateSecurityProfileBehaviors,物联网分析:DescribeChannel,物联网分析:DescribeDataset,物联网分析:DescribeDatastore,物联网分析:DescribePipeline,物联网分析:ListChannels,物联网分析:ListDatasets,物联网分析:ListDatastores,物联网分析:ListPipelines,物联网分析:ListTagsForResource,IotEns:DescribeAlarmModel,IotEns:DescribeDetectorModel,IotEns:DescribeInput,IotEns:ListAlarmModels,IotEns:ListDetectorModels,IotEvents:ListInputs,IotEvents:ListTagsForResource,Iotsitewise:DescribeAccessPolicy,Iotsitewise:DescribeAsset,Iotsitewise:ListAccessPolicies,Iotsitewise:ListAssets,iottwinmaker:GetEntity,iottwinmaker:GetScene,iottwinmaker:GetWorkspace,iottwinmaker:ListEntities,iottwinmaker:ListScenes,iottwinmaker:ListTagsForResource,iottwinmaker:ListWorkspaces请参此GetPlaybackKeyPair请参此GetRecordingConfiguration请参此GetStreamKey请参此ListChannels请参此ListPlaybackKeyPairs,ivs:ListRecordingConfigurations,ivs:ListStreamKeys,ivs:ListTagsForResource,运动分析:ListApplications,湖泊形成:DescribeResource,湖泊形成:GetDataLakeSettings,湖泊形成:ListPermissions,湖泊形成:ListResources,lex:DescribeBot,lex:DescribeBotAlias,lex:DescribeResourcePolicy,lex:ListBotAliases,lex:ListBotLocales,lex:ListBots,lex:ListTagsForResource,许可证管理器:GetGrant,许可证管理器:GetLicense,许可证管理器:ListDistributedGrants,许可证管理器:ListLicenses,许可证管理器:ListReceivedGrants,轻帆:GetAlarms,轻帆:GetBuckets,轻帆:GetCertificates,轻帆:GetDisk,轻帆:GetDisks,轻帆:GetInstance,轻帆:GetInstances,轻帆:GetKeyPair,轻帆:GetLoadBalancer,轻帆:GetLoadBalancers,轻帆:GetLoadBalancerTlsCertificates,轻帆:GetStaticIp,轻帆:GetStaticIps,监视设备:DescribeInferenceScheduler,监视设备:ListTagsForResource,lookoutmetrics:DescribeAlert,lookoutmetrics:DescribeAnomalyDetector,lookoutmetrics:ListAlerts,lookoutmetrics:ListAnomalyDetectors,lookoutmetrics:ListMetricSets,lookoutmetrics:ListTagsForResource,lookoutvision:DescribeProject,lookoutvision:ListProjects, managedblockchain:GetMember,托管区块链:GetNetwork,托管区块链:GetNode,托管区块链:ListInvitations,托管区块链:ListMembers,托管区块链:ListNodes,mediapackage-vod:DescribePackagingGroup,mediapackage-vod:ListPackagingGroups,mediapackage-vod:ListTagsForResource,移动定位:GetInAppTemplate,移动定位:ListTemplates,mq:DescribeBroker,mq:ListBrokers,灵活:GetLaunchProfile,灵活:GetLaunchProfileDetails,灵活:GetStreamingImage,灵活:GetStudio,灵活:GetStudioComponent,灵活:ListLaunchProfiles,灵活:ListStreamingImages,灵活:ListStudioComponents,灵活:ListStudios,,配置文件GetDomain,,配置文件GetIntegration,,配置文件GetProfileObjectType,,配置文件ListDomains,,配置文件ListIntegrations,,配置文件ListProfileObjectTypes,,配置文件ListTagsForResource,quicksight:DescribeAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:DescribeDataSet,quicksight:DescribeDataSetPermissions,quicksight:DescribeTheme,quicksight:DescribeThemePermissions,quicksight:ListAnalyses,quicksight:ListDataSets,quicksight:ListThemes,弹性中心:DescribeApp,弹性中心:DescribeAppVersionTemplate,弹性中心:DescribeResiliencyPolicy,弹性中心:ListApps,弹性中心:ListAppVersionResourceMappings,弹性中心:ListResiliencyPolicies,route53-route53-recovery-readGetCell,route53-route53-recovery-readGetReadinessCheck,route53-route53-recovery-readGetRecoveryGroup,route53-route53-recovery-readGetResourceSet,route53-route53-recovery-readListCells,route53-route53-recovery-readListReadinessChecks,route53-route53-recovery-readListRecoveryGroups,route53-route53-recovery-readListResourceSets,route53 解析器:GetFirewallDomainList,route53 解析器:GetFirewallRuleGroup,route53 解析器:GetFirewallRuleGroupAssociation,route53 解析器:GetResolverQueryLogConfig,route53 解析器:ListFirewallDomainLists,route53 解析器:ListFirewallDomains,route53 解析器:ListFirewallRuleGroupAssociations,route53 解析器:ListFirewallRuleGroups,route53 解析器:ListFirewallRules,route53 解析器:ListResolverQueryLogConfigs,朗姆酒:GetAppMonitor,朗姆酒:GetAppMonitorData,朗姆酒:ListAppMonitors,朗姆酒:ListTagsForResource,s3-前哨基地:GetAccessPoint,s3-前哨基地:GetAccessPointPolicy,s3-前哨基地:GetBucket,s3-前哨基地:GetBucketPolicy,s3-前哨基地:GetBucketTagging,s3-前哨基地:GetLifecycleConfiguration,s3-前哨基地:ListAccessPoints,s3-前哨基地:ListEndpoints,s3-前哨基地:ListRegionalBuckets,,架构DescribeDiscoverer,,架构DescribeRegistry,,架构DescribeSchema,,架构ListDiscoverers,,架构ListRegistries,,架构ListSchemas,sdb:GetAttributes,sdb:ListDomains,请参阅:ListEmailTemplates,请参阅:ListReceiptFilters,请参阅:ListReceiptRuleSets,请参阅:ListTemplates,签名者:GetSigningProfile,签名者:ListProfilePermissions,签名者:ListSigningProfiles,合成纤维:DescribeCanaries,合成纤维:DescribeCanariesLastRun,合成纤维:DescribeRuntimeVersions,合成纤维:GetCanary,合成纤维:GetCanaryRuns,合成纤维:ListTagsForResource,时间流:DescribeDatabase,时间流:DescribeTable,时间流:ListDatabases,时间流:ListTables,时间流:ListTagsForResource,传输:DescribeServer,传输:DescribeUser,传输:DescribeWorkflow,传输:ListServers,传输:ListUsers,传输:ListWorkflows,voiceid:DescribeDomain,还有 voiceid:ListTagsForResource

该政策现在支持亚马逊的额外权限 AppFlow,Azon CloudWatch,Azon CloudWatch RUM CloudWatch Synthetics、Amazon Connect 客户档案、亚马逊 Connect DevOpsGuru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Sc EventBridge,Azon EventBridge Schems,Amazon FinSpace、Amazon FFraud Detector t GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Kinesis Data Analytics s、EC2 Image Builder、Amazon Lex、Amazon Lightsail ail、亚马逊Location Service、亚马逊寻找设备、亚马逊监控指标、亚马逊Lookout for Vision 察、Amazon Managed Blockchain、Amazon MQ、亚马逊 Nimble StudioAmazon Pinpoint,Amazon QuickSight,Amazon Route 53 应用程序恢复控制器,Amazon Route 53 Resolver、Amazon Simple Storage Storage Storage Storage Storage SerSimple Email Service (Amazon SES)、Amazon TimestreamAmazon AppConfig,Amazon AppSync,Amazon Auto Scaling,Amazon Backup,Amazon Budgets,Amazon Cost Explorer,Amazon Cloud9,Amazon Directory Service,Amazon DataSync,AWS Elemental MediaPackage,Amazon Glue,Amazon IoT,Amazon IoT Analytics,Amazon IoT Events,Amazon IoT SiteWise,Amazon IoT TwinMaker,Amazon Lake Formation,Amazon License Manager,Amazon Resilience Hub,Amazon Signer,以及Amazon Transfer Family.

2021 年 9 月 7 日

AWS_ConfigRole— 添加 appconfig:ListApplications,appflow:DescribeConnectorProfiles,appsync:GetApiCache,自动扩展计划:DescribeScalingPlanResources,自动扩展计划:DescribeScalingPlans,自动扩展计划:GetScalingPlanResourceForecastData,自动扩展:DescribeWarmPool,备份:DescribeFramework,备份:DescribeReportPlan,备份:ListFrameworks,备份:ListReportPlans,,预算DescribeBudgetAction,,预算DescribeBudgetActionsForAccount,,预算DescribeBudgetActionsForBudget,,预算ViewBudget,ce:GetAnomalyMonitors,ce:GetAnomalySubscriptions,cloud9:DescribeEnvironmentMemberships,cloud9:DescribeEnvironments,cloud9:ListEnvironments,cloud9:ListTagsForResource,coudwatch:GetMetricStream,coudwatch:ListMetricStreams,数据同步:DescribeLocationFsxWindows,devops-guru:GetResourceCollection,ds:DescribeDirectories请参阅...DescribeTrafficMirrorFilters请参阅...DescribeTrafficMirrorTargets请参阅...GetNetworkInsightsAccessScopeAnalysisFindings请参阅...GetNetworkInsightsAccessScopeContent,elasticmapreduce/DescribeStudio,elasticmapreduce:GetStudioSessionMapping,elasticmapreduce/ListStudios,elasticmapreduce/ListStudioSessionMappings,事件:DescribeEndpoint,事件:DescribeEventBus,事件:DescribeRule,事件:ListArchives,事件:ListEndpoints,事件:ListEventBuses,事件:ListRules,事件:ListTagsForResource,事件:ListTargetsByRule,finspace:GetEnvironment,finspace:ListEnvironments,欺诈探测器:GetDetectors,欺诈探测器:GetDetectorVersion,欺诈探测器:GetEntityTypes,欺诈探测器:GetEventTypes,欺诈探测器:GetExternalModels,欺诈探测器:GetLabels,欺诈探测器:GetModels,欺诈探测器:GetOutcomes,欺诈探测器:GetVariables,欺诈探测器:ListTagsForResource,gamelift:DescribeAlias,gamelift:DescribeBuild,gamelift:DescribeFleetAttributes,gamelift:DescribeFleetCapacity,gamelift:DescribeFleetLocationAttributes,gamelift:DescribeFleetLocationCapacity,gamelift:DescribeFleetPortSettings,gamelift:DescribeGameServerGroup,gamelift:DescribeGameSessionQueues,gamelift:DescribeMatchmakingConfigurations,gamelift:DescribeMatchmakingRuleSets,gamelift:DescribeRuntimeConfiguration,gamelift:DescribeScript,gamelift:DescribeVpcPeeringAuthorizations,gamelift:ListAliases,gamelift:ListBuilds,gamelift:ListFleets,gamelift:ListGameServerGroups,gamelift:ListScripts,gamelift:ListTagsForResource请参此...ListMaps,胶水:GetClassifier,胶水:GetClassifiers,imagebuilder:GetContainerRecipe,imagebuilder:GetImage,imagebuilder:GetImagePipeline,imagebuilder:GetImageRecipe,imagebuilder:ListContainerRecipes,imagebuilder:ListImageBuildVersions,imagebuilder:ListImagePipelines,imagebuilder:ListImageRecipes,imagebuilder:ListImages,物联网:DescribeCertificate,物联网:DescribeDimension,物联网:DescribeRoleAlias,物联网:DescribeSecurityProfile,物联网:GetPolicy,物联网:GetTopicRule,物联网:GetTopicRuleDestination,物联网:ListCertificates,物联网:ListDimensions,物联网:ListPolicies,物联网:ListRoleAliases,物联网:ListSecurityProfiles,物联网:ListSecurityProfilesForTarget,物联网:ListTagsForResource,物联网:ListTargetsForSecurityProfile,物联网:ListTopicRuleDestinations,物联网:ListTopicRules,物联网:listv2LoggingLevels,物联网:ValidateSecurityProfileBehaviors,物联网分析:DescribeChannel,物联网分析:DescribeDataset,物联网分析:DescribeDatastore,物联网分析:DescribePipeline,物联网分析:ListChannels,物联网分析:ListDatasets,物联网分析:ListDatastores,物联网分析:ListPipelines,物联网分析:ListTagsForResource,IotEns:DescribeAlarmModel,IotEns:DescribeDetectorModel,IotEns:DescribeInput,IotEns:ListAlarmModels,IotEns:ListDetectorModels,IotEns:ListInputs,IotEns:ListTagsForResource,Iotsitewise:DescribeAccessPolicy,Iotsitewise:DescribeAsset,Iotsitewise:ListAccessPolicies,Iotsitewise:ListAssets,iottwinmaker:GetEntity,iottwinmaker:GetScene,iottwinmaker:GetWorkspace,iottwinmaker:ListEntities,iottwinmaker:ListScenes,iottwinmaker:ListTagsForResource,iottwinmaker:ListWorkspaces请参此GetPlaybackKeyPair请参此GetRecordingConfiguration请参此GetStreamKey请参此ListChannels请参此ListPlaybackKeyPairs请参此ListRecordingConfigurations请参此ListStreamKeys请参此ListTagsForResource,运动分析:ListApplications,湖泊形成:DescribeResource,湖泊形成:GetDataLakeSettings,湖泊形成:ListPermissions,湖泊形成:ListResources,lex:DescribeBot,lex:DescribeBotAlias,lex:DescribeResourcePolicy,lex:ListBotAliases,lex:ListBotLocales,lex:ListBots,lex:ListTagsForResource,许可证管理器:GetGrant,许可证管理器:GetLicense,许可证管理器:ListDistributedGrants,许可证管理器:ListLicenses,许可证管理器:ListReceivedGrants,轻帆:GetAlarms,轻帆:GetBuckets,轻帆:GetCertificates,轻帆:GetDisk,轻帆:GetDisks,轻帆:GetInstance,轻帆:GetInstances,轻帆:GetKeyPair,轻帆:GetLoadBalancer,轻帆:GetLoadBalancers,轻帆:GetLoadBalancerTlsCertificates,轻帆:GetStaticIp,轻帆:GetStaticIps,监视设备:DescribeInferenceScheduler,监视设备:ListTagsForResource,lookoutmetrics:DescribeAlert,lookoutmetrics:DescribeAnomalyDetector,lookoutmetrics:ListAlerts,lookoutmetrics:ListAnomalyDetectors,lookoutmetrics:ListMetricSets,lookoutmetrics:ListTagsForResource,lookoutvision:DescribeProject,lookoutvision:ListProjects, managedblockchain:GetMember,托管区块链:GetNetwork,托管区块链:GetNode,托管区块链:ListInvitations,托管区块链:ListMembers,托管区块链:ListNodes,mediapackage-vod:DescribePackagingGroup,mediapackage-vod:ListPackagingGroups,mediapackage-vod:ListTagsForResource,移动定位:GetInAppTemplate,移动定位:ListTemplates,mq:DescribeBroker,mq:ListBrokers,灵活:GetLaunchProfile,灵活:GetLaunchProfileDetails,灵活:GetStreamingImage,灵活:GetStudio,灵活:GetStudioComponent,灵活:ListLaunchProfiles,灵活:ListStreamingImages,灵活:ListStudioComponents,灵活:ListStudios,,配置文件GetDomain,,配置文件GetIntegration,,配置文件GetProfileObjectType,,配置文件ListDomains,,配置文件ListIntegrations,,配置文件ListProfileObjectTypes,,配置文件ListTagsForResource,quicksight:DescribeAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:DescribeDataSet,quicksight:DescribeDataSetPermissions,quicksight:DescribeTheme,quicksight:DescribeThemePermissions,quicksight:ListAnalyses,quicksight:ListDataSets,quicksight:ListThemes,弹性中心:DescribeApp,弹性中心:DescribeAppVersionTemplate,弹性中心:DescribeResiliencyPolicy,弹性中心:ListApps,弹性中心:ListAppVersionResourceMappings,弹性中心:ListResiliencyPolicies,route53-恢复就绪:GetCell,route53-恢复就绪:GetReadinessCheck,route53-恢复就绪:GetRecoveryGroup,route53-恢复就绪:GetResourceSet,route53-route53-recovery-readListCells,route53-route53-recovery-readListReadinessChecks,route53-route53-recovery-readListRecoveryGroups,route53-route53-recovery-readListResourceSets,route53 解析器:GetFirewallDomainList,route53 解析器:GetFirewallRuleGroup,route53 解析器:GetFirewallRuleGroupAssociation,route53 解析器:GetResolverQueryLogConfig,route53 解析器:ListFirewallDomainLists,route53 解析器:ListFirewallDomains,route53 解析器:ListFirewallRuleGroupAssociations,route53 解析器:ListFirewallRuleGroups,route53 解析器:ListFirewallRules,route53 解析器:ListResolverQueryLogConfigs,朗姆酒:GetAppMonitor,朗姆酒:GetAppMonitorData,朗姆酒:ListAppMonitors,朗姆酒:ListTagsForResource,s3-前哨基地:GetAccessPoint,s3-前哨基地:GetAccessPointPolicy,s3-前哨基地:GetBucket,s3-前哨基地:GetBucketPolicy,s3-前哨基地:GetBucketTagging,s3-前哨基地:GetLifecycleConfiguration,s3-前哨基地:ListAccessPoints,s3-前哨基地:ListEndpoints,s3-前哨基地:ListRegionalBuckets,,架构DescribeDiscoverer,,架构DescribeRegistry,,架构DescribeSchema,,架构ListDiscoverers,,架构ListRegistries,,架构ListSchemas,sdb:GetAttributes,sdb:ListDomains,请参阅:ListEmailTemplates,请参阅:ListReceiptFilters,请参阅:ListReceiptRuleSets,请参阅:ListTemplates,签名者:GetSigningProfile,签名者:ListProfilePermissions,签名者:ListSigningProfiles,合成纤维:DescribeCanaries,合成纤维:DescribeCanariesLastRun,合成纤维:DescribeRuntimeVersions,合成纤维:GetCanary,合成纤维:GetCanaryRuns,合成纤维:ListTagsForResource,时间流:DescribeDatabase,时间流:DescribeTable,时间流:ListDatabases,时间流:ListTables,时间流:ListTagsForResource,传输:DescribeServer,传输:DescribeUser,传输:DescribeWorkflow,传输:ListServers,传输:ListUsers,传输:ListWorkflows,voiceid:DescribeDomain,还有 voiceid:ListTagsForResource

该政策现在支持亚马逊的额外权限 AppFlow,Azon CloudWatch,Azon CloudWatch RUM CloudWatch Synthetics、Amazon Connect 客户档案、亚马逊 Connect DevOpsGuru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Sc EventBridge,Azon EventBridge Schems,Amazon FinSpace、Amazon FFraud Detector t GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Kinesis Data Analytics s、EC2 Image Builder、Amazon Lex、Amazon Lightsail ail、亚马逊Location Service、亚马逊寻找设备、亚马逊监控指标、亚马逊Lookout for Vision 察、Amazon Managed Blockchain、Amazon MQ、亚马逊 Nimble StudioAmazon Pinpoint,Amazon QuickSight,Amazon Route 53 应用程序恢复控制器,Amazon Route 53 Resolver、Amazon Simple Storage Storage Storage Storage Storage SerSimple Email Service (Amazon SES)、Amazon TimestreamAmazon AppConfig,Amazon AppSync,Amazon Auto Scaling,Amazon Backup,Amazon Budgets,Amazon Cost Explorer,Amazon Cloud9,Amazon Directory Service,Amazon DataSync,AWS Elemental MediaPackage,Amazon Glue,Amazon IoT,Amazon IoT Analytics,Amazon IoT Events,Amazon IoT SiteWise,Amazon IoT TwinMaker,Amazon Lake Formation,Amazon License Manager,Amazon Resilience Hub,Amazon Signer,以及Amazon Transfer Family

2021 年 9 月 7 日

AWSConfigServiceRolePolicy— 添加数据同步:ListAgents,数据同步:ListLocations,数据同步:ListTasks,Serviced:ListNamespaces,Serviced:ListServices,并看到:ListContactLists

该政策现在授予返回列表的权限Amazon DataSync代理商, DataSync 源位置和目标位置,以及 DataSync 中的任务Amazon账户;列出有关账户的摘要信息Amazon Cloud Map与命名空间中的一个或多个指定命名空间关联的命名空间和服务Amazon账户;并列出所有可用的 Amazon Simple Email Service (Amazon SES) 联系人Amazon账户。

2022 年 8 月 22 日

AWS_ConfigRole— 添加数据同步:ListAgents,数据同步:ListLocations,数据同步:ListTasks,Serviced:ListNamespaces,Serviced:ListServices,并使用:ListContactLists

该政策现在授予返回列表的权限Amazon DataSync代理, DataSync 源位置和目标位置,以及 DataSync 中的任务Amazon账户;列出有关账户的摘要信息Amazon Cloud Map与命名空间中的一个或多个指定命名空间关联的命名空间和服务Amazon账户;并列出所有可用的 Amazon Simple Email Service (Amazon SES) 联系人Amazon账户。

2022 年 8 月 22 日

ConfigConformsServiceRolePolicy— 添加云观察:PutMetricData

此政策现已授予向Amazon 发布指标数据点的权限。 CloudWatch.

2022 年 7 月 25 日

AWSConfigServiceRolePolicy— 添加 amplifyuibuilder:ExportThemes,amplifyuibuilder:GetTheme,appconfig:GetApplication,appconfig:GetApplication,appconfig:GetConfigurationProfile,appconfig:GetConfigurationProfile,appconfig:GetDeployment,appconfig:GetDeploymentStrategy,appconfig:GetEnvironment,appconfig:GetHostedConfigurationVersion,appconfig:ListTagsForResource,appsync:GetGraphqlApi,appsync:ListGraphqlApis,账单导体:ListPricingRulesAssociatedToPricingPlan,账单导体:ListAccountAssociations,账单导体:ListBillingGroups,账单导体:ListCustomLineItems,账单导体:ListPricingPlans,账单导体:ListPricingRules,账单导体:ListTagsForResource,数据同步:DescribeAgent,数据同步:DescribeLocationEfs,数据同步:DescribeLocationFsxLustre,数据同步:DescribeLocationHdfs,数据同步:DescribeLocationNfs,数据同步:DescribeLocationObjectStorage,数据同步:DescribeLocationS3,数据同步:DescribeLocationSmb,数据同步:DescribeTask,数据同步:ListTagsForResource,ecr:DescribePullThroughCacheRules,ecr:DescribeRegistry,ecr:GetRegistryPolicy,弹性疼痛:DescribeCacheParameters,弹性负载平衡:DescribeListenerCertificates,弹性负载平衡:DescribeTargetGroupAttributes,弹性负载平衡:DescribeTargetGroups,弹性负载平衡:DescribeTargetHealth,事件:DescribeApiDestination,事件:DescribeArchive,fms:GetNotificationChannel,fms:GetPolicy,fms:ListPolicies,fms:ListTagsForResource,传真:DescribeVolumeseDescribeGeofenceCollectioneDescribeMapeDescribePlaceIndexeDescribeRouteCalculatoreDescribeTrackereListTrackerConsumers,胶水:BatchGetJobs,胶水:BatchGetWorkflows,胶水:GetCrawler,胶水:GetCrawlers,胶水:GetJob,胶水:GetJobs,胶水:GetWorkflow,imagebuilder:GetComponent,imagebuilder: ListComponentBuildVersions,imagebuilder: ListComponents,imagebuilder:GetDistributionConfiguration,imagebuilder:GetInfrastructureConfiguration,imagebuilder:ListDistributionConfigurations,imagebuilder:ListInfrastructureConfigurations,kafka:DescribeClusterV2,kafka:ListClustersV2,运动分析:DescribeApplication,运动分析:ListTagsForResource,quicksight:DescribeDataSource,quicksight:DescribeDataSourcePermissions,quicksight:ListTagsForResource,识别:DescribeStreamProcessor,识别:ListTagsForResource,robomaker:DescribeRobotApplication,robomaker:DescribeSimulationApplication请参阅...GetStorageLensConfiguration请参阅...GetStorageLensConfigurationTagging,服务发现:GetInstance,服务发现:GetNamespace,服务发现:GetService,服务发现:ListTagsForResource,请参阅:DescribeReceiptRule,请参阅:DescribeReceiptRuleSet,请参阅:GetContactList,请参阅:GetEmailTemplate,请参阅:GetTemplate,所以:GetInlinePolicyForPermissionSet

此策略现在支持 Amazon Elastic Container Container Service (Amaz ElastiCache,Azon EventBridge、亚马逊 FSx、Amazon Kinesis Data Analytics、亚马逊Location Service、AManaged Streaming for Apache Kafka、亚马逊 QuickSight,Amazon Rekognition,Amazon RoboMaker,Amazon Simple Storage Service (Amazon S3) orage SerSimple Email Service (Amazon SES),Amazon Amplify,Amazon AppConfig,Amazon AppSync,Amazon Billing Conductor,Amazon DataSync,Amazon Firewall Manager,Amazon Glue,Amazon IAM Identity Center (successor to Amazon Single Sign-On)(IAM 身份中心)、EC2 Image Builder Elastic Load Balancing。

2022 年 7 月 15 日

AWS_ConfigRole— 添加 amplifyuibuilder:ExportThemes,amplifyuibuilder:GetTheme,appconfig:GetApplication,appconfig:GetApplication,appconfig:GetConfigurationProfile,appconfig:GetConfigurationProfile,appconfig:GetDeployment,appconfig:GetDeploymentStrategy,appconfig:GetEnvironment,appconfig:GetHostedConfigurationVersion,appconfig:ListTagsForResource,appsync:GetGraphqlApi,appsync:ListGraphqlApis,账单导体:ListPricingRulesAssociatedToPricingPlan,账单导体:ListAccountAssociations,账单导体:ListBillingGroups,账单导体:ListCustomLineItems,账单导体:ListPricingPlans,账单导体:ListPricingRules,账单导体:ListTagsForResource,数据同步:DescribeAgent,数据同步:DescribeLocationEfs,数据同步:DescribeLocationFsxLustre,数据同步:DescribeLocationHdfs,数据同步:DescribeLocationNfs,数据同步:DescribeLocationObjectStorage,数据同步:DescribeLocationS3,数据同步:DescribeLocationSmb,数据同步:DescribeTask,数据同步:ListTagsForResource,ecr:DescribePullThroughCacheRules,ecr:DescribeRegistry,ecr:GetRegistryPolicy,弹性疼痛:DescribeCacheParameters,弹性负载平衡:DescribeListenerCertificates,弹性负载平衡:DescribeTargetGroupAttributes,弹性负载平衡:DescribeTargetGroups,弹性负载平衡:DescribeTargetHealth,事件:DescribeApiDestination,事件:DescribeArchive,fms:GetNotificationChannel,fms:GetPolicy,fms:ListPolicies,fms:ListTagsForResource,传真:DescribeVolumeseDescribeGeofenceCollectioneDescribeMapeDescribePlaceIndexeDescribeRouteCalculatoreDescribeTrackereListTrackerConsumers,胶水:BatchGetJobs,胶水:BatchGetWorkflows,胶水:GetCrawler,胶水:GetCrawlers,胶水:GetJob,胶水:GetJobs,胶水:GetWorkflow,imagebuilder:GetComponent,imagebuilder: ListComponentBuildVersions,imagebuilder: ListComponents,imagebuilder:GetDistributionConfiguration,imagebuilder:GetInfrastructureConfiguration,imagebuilder:ListDistributionConfigurations,imagebuilder:ListInfrastructureConfigurations,kafka:DescribeClusterV2,kafka:ListClustersV2,运动分析:DescribeApplication,运动分析:ListTagsForResource,quicksight:DescribeDataSource,quicksight:DescribeDataSourcePermissions,quicksight:ListTagsForResource,识别:DescribeStreamProcessor,识别:ListTagsForResource,robomaker:DescribeRobotApplication,robomaker:DescribeSimulationApplication请参阅...GetStorageLensConfiguration请参阅...GetStorageLensConfigurationTagging,Serviced:GetInstance,Serviced:GetNamespace,Serviced:GetService,Serviced:ListTagsForResource,请参阅:DescribeReceiptRule,请参阅:DescribeReceiptRuleSet,请参阅:GetContactList,请参阅:GetEmailTemplate,请参阅:GetTemplate,所以:GetInlinePolicyForPermissionSet

此策略现在支持 Amazon Elastic Container Container Service (Amaz ElastiCache,Azon EventBridge、亚马逊 FSx、Amazon Kinesis Data Analytics、亚马逊Location Service、AManaged Streaming for Apache Kafka、亚马逊 QuickSight,Amazon Rekognition,Amazon RoboMaker,Amazon Simple Storage Service (Amazon S3) orage SerSimple Email Service (Amazon SES),Amazon Amplify,Amazon AppConfig,Amazon AppSync,Amazon Billing Conductor,Amazon DataSync,Amazon Firewall Manager,Amazon Glue,Amazon IAM Identity Center (successor to Amazon Single Sign-On)(IAM 身份中心)、EC2 Image Builder Elastic Load Balancing。

2022 年 7 月 15 日

AWSConfigServiceRolePolicy— 添加雅典娜:GetDataCatalog,athena:ListDataCatalogs,athena:ListTagsForResource,侦探:ListGraphs,侦探:ListTagsForResource,胶水:BatchGetDevEndpoints,胶水:GetDevEndpoint,胶水:GetDevEndpoints,胶水:GetSecurityConfiguration,胶水:GetSecurityConfigurations,胶水:GetTags GlueGetWorkGroup,胶水:ListCrawlers,胶水:ListDevEndpoints,胶水:ListJobs,胶水:ListMembers,胶水:ListWorkflows,胶水:ListWorkGroups,guardduty:GetFilter,GuardDuty: getipset,guardduty:GetThreatIntelSet,guardduty:GetMembers,guardduty:ListFilters,GuardDuty: Listipsets,guardduty:ListTagsForResource,guardduty:ListThreatIntelSets,macie:GetMacieSession,内存:GetResourceShareAssociations,内存:GetResourceShares,请参阅:GetConfigurationSet,请参阅:GetConfigurationSetEventDestinations,请参阅:ListConfigurationSets,所以:DescribeInstanceAccessControlAttributeConfiguration,所以:DescribePermissionSet,所以:ListManagedPoliciesInPermissionSet,所以:ListPermissionSets,所以:ListTagsForResource

此政策现在授予获取指定的 Amazon Athena 数据目录的权限,将Athena 数据目录列在Amazon账户,并列出与 Athena 工作组或数据目录资源相关的标签;获取 Amazon Detective 行为图表列表和Detective 行为图的列表标签;获取给定列表的资源元数据列表Amazon Glue开发终端节点名称,获取有关指定节点的信息Amazon Glue开发端点,获取所有Amazon Glue中的开发终端节点Amazon账户,检索指定的Amazon Glue安全配置,全部获取Amazon Glue安全配置,获取与之关联的标签列表Amazon Glue资源,获取有关的信息Amazon Glue具有指定名称的工作组,检索所有工作组的名称Amazon Glue中的搜寻器资源Amazon账户,获取所有人的名字Amazon Glue DevEndpoint中的资源Amazon账户,列出所有账户的名字Amazon Glue中的任务资源Amazon账户,获取有关的详细信息Amazon Glue成员账户,列出名称Amazon Glue在账户中创建的工作流程和可用列表Amazon Glue账户的工作组;检索有关Amazon 的详细信息 GuardDuty 筛选,检索 GuardDuty IPset,检索一个 GuardDuty ThreatIntelSet,,检索 GuardDuty 会员账户,获取列表 GuardDuty过滤器,获取 IPsets 的 GuardDuty 服务,检索的标签GuardDuty 服务,然后获得 ThreatIntelSets 的 GuardDuty service;获取 Amazon Macie 的当前状态和配置设置;检索资源和主体关联Amazon Resource Access Manager(Amazon RAM) 资源共享并检索有关的详细信息Amazon RAM资源共享;要获取有关 Amazon Simple Email Service (Amazon SES) 现有配置集的信息,请获取与 Amazon SES 配置集关联的事件目的地列表,并列出与 Amazon SES 账户关联的所有配置集;以及获取身份列表中心目录属性,获取目录的详细信息Amazon IAM Identity Center (successor to Amazon Single Sign-On)权限集,获取附加到指定 IAM 身份中心权限集的 IAM 托管策略,获取 IAM 身份中心实例的权限集,并获取 IAM 身份中心资源的标签。

2022 年 5 月 31 日

AWS_ConfigRole— 添加雅典娜:GetDataCatalog,athena:ListDataCatalogs,athena:ListTagsForResource,侦探:ListGraphs,侦探:ListTagsForResource,胶水:BatchGetDevEndpoints,胶水:GetDevEndpoint,胶水:GetDevEndpoints,胶水:GetSecurityConfiguration,胶水:GetSecurityConfigurations,胶水:GetTags GlueGetWorkGroup,胶水:ListCrawlers,胶水:ListDevEndpoints,胶水:ListJobs,胶水:ListMembers,胶水:ListWorkflows,胶水:ListWorkGroups,guardduty:GetFilter,GuardDuty: getipset,guardduty:GetThreatIntelSet,guardduty:GetMembers,guardduty:ListFilters,GuardDuty: Listipsets,guardduty:ListTagsForResource,guardduty:ListThreatIntelSets,macie:GetMacieSession,内存:GetResourceShareAssociations,内存:GetResourceShares,请参阅:GetConfigurationSet,请参阅:GetConfigurationSetEventDestinations,请参阅:ListConfigurationSets,所以:DescribeInstanceAccessControlAttributeConfiguration,所以:DescribePermissionSet,所以:ListManagedPoliciesInPermissionSet,所以:ListPermissionSets,所以:ListTagsForResource

此政策现在授予获取指定的 Amazon Athena 数据目录的权限,将Athena 数据目录列在Amazon账户,并列出与 Athena 工作组或数据目录资源相关的标签;获取 Amazon Detective 行为图表列表和Detective 行为图的列表标签;获取给定列表的资源元数据列表Amazon Glue开发终端节点名称,获取有关指定节点的信息Amazon Glue开发端点,获取所有Amazon Glue中的开发终端节点Amazon账户,检索指定的Amazon Glue安全配置,全部获取Amazon Glue安全配置,获取与之关联的标签列表Amazon Glue资源,获取有关的信息Amazon Glue具有指定名称的工作组,检索所有工作组的名称Amazon Glue中的搜寻器资源Amazon账户,获取所有人的名字Amazon Glue DevEndpoint中的资源Amazon账户,列出所有账户的名字Amazon Glue中的任务资源Amazon账户,获取有关的详细信息Amazon Glue成员账户,列出名称Amazon Glue在账户中创建的工作流程和可用列表Amazon Glue账户的工作组;检索有关Amazon 的详细信息 GuardDuty 筛选器,检索一个 GuardDuty IPset,检索一个 GuardDuty ThreatIntelSet,,检索 GuardDuty 会员账户,获取列表 GuardDuty过滤器,获取 IPsets 的 GuardDuty 服务,检索的标签GuardDuty 服务,然后获得 ThreatIntelSets 的 GuardDuty service;获取 Amazon Macie 的当前状态和配置设置;检索资源和主体关联Amazon Resource Access Manager(Amazon RAM) 资源共享并检索有关的详细信息Amazon RAM资源共享;要获取有关 Amazon Simple Email Service (Amazon SES) 现有配置集的信息,请获取与 Amazon SES 配置集关联的事件目的地列表,并列出与 Amazon SES 账户关联的所有配置集;以及获取身份列表中心目录属性,获取目录的详细信息Amazon IAM Identity Center (successor to Amazon Single Sign-On)权限集,获取附加到指定 IAM 身份中心权限集的 IAM 托管策略,获取 IAM 身份中心实例的权限集,并获取 IAM 身份中心资源的标签。

2022 年 5 月 31 日

AWSConfigServiceRolePolicy— 添加云信息:GetResource,cloudform:ListResources,cloudtrailGetEventDataStore,cloudtrailListEventDataStores,dax:DescribeParameterGroups,dax:DescribeParameters,dax:DescribeSubnetGroups,DMS:DescribeReplicationTasks,和组织:ListPolicies

此政策现已授予权限以获取有关全部全部全部有关指定或只指定的Amazon CloudTrail事件数据存储 (EDS),获取有关全部或指定的信息Amazon CloudFormation资源,获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表,获取有关的信息Amazon Database Migration Service(Amazon DMS) 在当前正被访问的复制任务信息的复制复制任务信息的Amazon Organizations指定类型的的。

2022 年 4 月 7 日

AWS_ConfigRole— 添加云信息:GetResource,cloudform:ListResources,cloudtrailGetEventDataStore,cloudtrailListEventDataStores,dax:DescribeParameterGroups,dax:DescribeParameters,dax:DescribeSubnetGroups,DMS:DescribeReplicationTasks,和组织:ListPolicies

此政策现已授予权限以获取有关全部全部全部有关指定或只指定的Amazon CloudTrail事件数据存储 (EDS),获取有关全部或指定的信息Amazon CloudFormation资源,获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表,获取有关的信息Amazon Database Migration Service(Amazon DMS) 在当前正被访问的复制任务信息的复制复制任务信息的Amazon Organizations指定类型的的。

2022 年 4 月 7 日

AWSConfigServiceRolePolicy— 添加备份网关:ListTagsForResource,备份网关:ListVirtualMachines,批量:DescribeComputeEnvironments,批量:DescribeJobQueues,批量:ListTagsForResource,dax:ListTags,dms:DescribeCertificates,dynamodb:DescribeGlobalTable,dynamodb:DescribeGlobalTableSettings,ec2:DescribeClientVpnAuthorizationRules,ec2:DescribeClientVpnEndpoints,ec2:DescribeDhcpOptions,ec2:DescribeFleets,ec2:DescribeNetworkAcls,ec2:DescribePlacementGroups,ec2:DescribeSpotFleetRequests,ec2:DescribeVolumeAttribute,ec2:DescribeVolumes2:DescribeFargateProfile2:ListFargateProfiles2:ListTagsForResource,传真:ListTagsForResource,guardduty:ListOrganizationAdminAccounts,ks:ListAliases,opsworks:DescribeLayers,opsworks:DescribeStacks,opsworks:ListTags,rds: describedBClusterParameterGroups,rds: describedBClusterParameters,状态:DescribeActivity,状态:ListActivities,wafv2:GetRuleGroup,wafv2:ListRuleGroups,wafv2:ListTagsForResource,worksss空间:DescribeConnectionAliases,worksss空间:DescribeTags,和工作区:DescribeWorkspaces

此策略现在支持以下各项的额外权限Amazon Backup,Amazon Batch,DynamoDB AceleratAmazon Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Compute Compute Compute Cloud (Amazon EC2)、 GuardDuty,Amazon Key Management Service,Amazon OpsWorks,Amazon Relational Database Service DatAmazon WAFV2 和亚马逊 WorkSpaces.

2022 年 3 月 14 日

AWS_ConfigRole— 添加备份网关:ListTagsForResource,备份网关:ListVirtualMachines,批量:DescribeComputeEnvironments,批量:DescribeJobQueues,批量:ListTagsForResource,dax:ListTags,dms:DescribeCertificates,dynamodb:DescribeGlobalTable,dynamodb:DescribeGlobalTableSettings,ec2:DescribeClientVpnAuthorizationRules,ec2:DescribeClientVpnEndpoints,ec2:DescribeDhcpOptions,ec2:DescribeFleets,ec2:DescribeNetworkAcls,ec2:DescribePlacementGroups,ec2:DescribeSpotFleetRequests,ec2:DescribeVolumeAttribute,ec2:DescribeVolumes2:DescribeFargateProfile2:ListFargateProfiles2:ListTagsForResource,传真:ListTagsForResource,guardduty:ListOrganizationAdminAccounts,ks:ListAliases,opsworks:DescribeLayers,opsworks:DescribeStacks,opsworks:ListTags,rds: describedBClusterParameterGroups,rds: describedBClusterParameters,状态:DescribeActivity,状态:ListActivities,wafv2:GetRuleGroup,wafv2:ListRuleGroups,wafv2:ListTagsForResource,worksss空间:DescribeConnectionAliases,worksss空间:DescribeTags,和工作区:DescribeWorkspaces

此策略现在支持以下各项的额外权限Amazon Backup,Amazon Batch,DynamoDB ccccAmazon Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Compute Compute Compute Cloud (Amazon EC2)、 GuardDuty,Amazon Key Management Service,Amazon OpsWorks,Amazon Relational Database Service DatAmazon WAFV2 和亚马逊 WorkSpaces.

2022 年 3 月 14 日

AWSConfigServiceRolePolicy— 添加 elasticbeanstalk:DescribeEnvironments,elasticbeanstalk:DescribeConfigurationSettings,,账户GetAlternateContact,组织:DescribePolicy,组织:ListParents,组织:ListPoliciesForTarget请参阅此GetCompatibleElasticsearchVersions,rds:DescribeOptionGroups,rds:DescribeOptionGroups请参阅此GetCompatibleVersions,codeploy:GetDeploymentConfig,ecr-public:GetRepositoryPolicy,access (访问分析器):GetArchiveRule,还有 ecs:ListTaskDefinitionFamilies

此策略现在授予权限以获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述,获取地图 OpenSearch 或 Elasticsearch 版本,描述数据库的可用的 Amazon RDS 选项组,并获取有关 CodeDeploy 部署配置。此政策现在还授予检索附加到的指定备用联系人的权限Amazon账户,检索有关账户的信息Amazon Organizations策略,检索 Amazon ECR 存储库策略,检索有关存档的信息Amazon Config规则,检索 Amazon ECS 任务定义系列列表,列出指定子组织单位或账户的根或父组织单位 (OU),并列出附加到指定目标根、组织单位或账户的策略。

2022 年 2 月 10 日

AWS_ConfigRole— 添加 elasticbeanstalk:DescribeEnvironments,elasticbeanstalk:DescribeConfigurationSettings,,账户GetAlternateContact,组织:DescribePolicy,组织:ListParents,组织:ListPoliciesForTarget请参阅此GetCompatibleElasticsearchVersions,rds:DescribeOptionGroups,rds:DescribeOptionGroups请参阅此GetCompatibleVersions,codeploy:GetDeploymentConfig,ecr-public:GetRepositoryPolicy,access (访问分析器):GetArchiveRule,还有 ecs:ListTaskDefinitionFamilies

此策略现在授予权限以获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述,获取地图 OpenSearch 或 Elasticsearch 版本,描述数据库的可用的 Amazon RDS 选项组,并获取有关 CodeDeploy 部署配置。此政策现在还授予检索附加到的指定备用联系人的权限Amazon账户,检索有关账户的信息Amazon Organizations策略,检索 Amazon ECR 存储库策略,检索有关存档的信息Amazon Config规则,检索 Amazon ECS 任务定义系列列表,列出指定子组织单位或账户的根或父组织单位 (OU),并列出附加到指定目标根、组织单位或账户的策略。

2022 年 2 月 10 日

AWSConfigServiceRolePolicy— 添加日志:CreateLogStream,日志:CreateLogGroup,和日志:PutLogEvent

该政策现在授予创建亚马逊的权限 CloudWatch 日志组和流,并将日志写入已创建的日志流。

2021 年 12 月 15 日

AWS_ConfigRole— 添加日志:CreateLogStream,日志:CreateLogGroup,和日志:PutLogEvent

该政策现在授予创建亚马逊的权限 CloudWatch 日志组和流,并将日志写入已创建的日志流。

2021 年 12 月 15 日

AWSConfigServiceRolePolicy— 添加:DescribeDomain请参阅此DescribeDomains,rds: describedbParameters 和,elasticache:DescribeSnapshots

该政策现在授予获取有关Amazon 详细信息的权限 OpenSearch 服务 (OpenSearch 服务)域/域,以及获取特定Amazon Relational Database Service (Amazon RDS) 数据库参数组的详细参数列表。本政策还授予获取有关亚马逊的详细信息的权限 ElastiCache 快照。

2021 年 9 月 8 日

AWS_ConfigRole— 添加:DescribeDomain请参阅此DescribeDomains,rds: describedbParameters 和,elasticache:DescribeSnapshots

该政策现在授予获取有关Amazon 详细信息的权限 OpenSearch 服务 (OpenSearch 服务)域/域,以及获取特定Amazon Relational Database Service (Amazon RDS) 数据库参数组的详细参数列表。本政策还授予获取有关亚马逊的详细信息的权限 ElastiCache 快照。

2021 年 9 月 8 日

AWSConfigServiceRolePolicy— 添加日志:ListTagsLogGroup,状态:ListTagsForResource,状态:ListStateMachines,状态:DescribeStateMachine,以及对的额外权限Amazon资源类型

此策略现在授予列出日志组标签、列出状态机标签和列出所有状态机的权限。此策略现在授予权限以获取有关状态机详细信息。该政策现在还支持Amazon EC2 Systems Manager (SSM)、亚马逊弹性容器注册表、亚马逊 FSx、亚马逊 Kinesis Data Firehose、Amazon Kinesis Data Firehose、Amazon Kafka(亚马逊 MSK)、Amazon Relational Database Service(亚马逊 RDS)、亚马逊 Route 53、亚马逊的额外权限 SageMaker,Amazon Simple NotationAmazon Database Migration Service,Amazon Global Accelerator,以及Amazon Storage Gateway.

2021 年 7 月 28 日

AWS_ConfigRole— 添加日志:ListTagsLogGroup,状态:ListTagsForResource,状态:ListStateMachines,状态:DescribeStateMachine,以及对的额外权限Amazon资源类型

此策略现在授予列出日志组标签、列出状态机标签和列出所有状态机的权限。此策略现在授予权限以获取有关状态机详细信息。该政策现在还支持Amazon EC2 Systems Manager (SSM)、亚马逊弹性容器注册表、亚马逊 FSx、亚马逊 Kinesis Data Firehose、Amazon Kinesis Data Firehose、Amazon Kafka(亚马逊 MSK)、Amazon Relational Database Service(亚马逊 RDS)、亚马逊 Route 53、亚马逊的额外权限 SageMaker,Amazon Simple NotationAmazon Database Migration Service,Amazon Global Accelerator,以及Amazon Storage Gateway.

2021 年 7 月 28 日

AWSConfigServiceRolePolicy— 添加 ssm:DescribeDocumentPermission 以及对的额外权限Amazon资源类型

该策略现在授予查看的权限Amazon Systems Manager有关 IAM 访问分析器的文档和信息。此政策现在支持其他AmazonAmazon Kinesis、亚马逊的资源类型 ElastiCache,Amazon EMR,Amazon Network Firewall、AmaAmazon Relational Database Service on Route 53 这些权限更改允许Amazon Config调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 Lambda @Edge 函数lambda-inside-vpc Amazon Config托管规则。

2021 年 6 月 8 日

AWS_ConfigRole— 添加 ssm:DescribeDocumentPermission 以及对的额外权限Amazon资源类型

该策略现在授予查看的权限Amazon Systems Manager有关 IAM 访问分析器的文档和信息。此政策现在支持其他AmazonAmazon Kinesis、亚马逊的资源类型 ElastiCache,Amazon EMR,Amazon Network Firewall、AmaAmazon Relational Database Service on Route 53 这些权限更改允许Amazon Config调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 Lambda @Edge 函数lambda-inside-vpc Amazon Config托管规则。

2021 年 6 月 8 日

AWSConfigServiceRolePolicy— 添加 ApiGateway: Get 对 API Gateway 和 s3 进行只读 GET 调用的权限:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus调用 Amazon S3 只读 API 的权限

此策略现在授予的权限允许Amazon Config对 API Gateway 进行只读 GET 调用以支持Amazon ConfigAPI Gateway 的规则 该策略还添加了允许Amazon Config调用 Amazon Simple Storage Storage Storage Service (Amazon S3) 只读 API,AWS::S3::AccessPoint资源类型。

2021 年 5 月 10 日

AWS_ConfigRole— 添加 ApiGateway: Get 对 API Gateway 和 s3 进行只读 GET 调用的权限:GetAccessPointPolicy权限和 s3:GetAccessPointPolicyStatus 调用 Amazon S3 只读 API 的权限

此策略现在授予的权限允许Amazon Config对 API Gateway 进行只读 GET 调用以支持Amazon Config用于API Gateway 该策略还添加了允许Amazon Config调用 Amazon Simple Storage Storage Storage Service (Amazon S3) 只读 API,AWS::S3::AccessPoint资源类型。

2021 年 5 月 10 日

AWSConfigServiceRolePolicy— 添加 ssm:ListDocuments 的权限和额外权限Amazon资源类型

该政策现在授予查看有关信息的权限Amazon Systems Manager指定的文档。该政策现在还支持其他Amazon的资源类型Amazon Backup、Amazon Elastic File System e e e ElastiCache、Amazon Simple Storage Storage Storage Storage Service (Amazon S3)、Amazon Kinesis SageMaker,Amazon Database Migration Service,以及Amazon Route 53。这些权限更改允许Amazon Config调用支持这些资源类型所需的只读 API。

2021 年 4 月 1 日

AWS_ConfigRole— 添加 ssm:ListDocuments 的权限和额外权限Amazon资源类型

该政策现在授予查看有关信息的权限Amazon Systems Manager指定的文档。该政策现在还支持其他Amazon的资源类型Amazon Backup、Amazon Elastic File System e e e ElastiCache、Amazon Simple Storage Storage Storage Storage Service (Amazon S3)、Amazon Kinesis SageMaker,Amazon Database Migration Service,以及Amazon Route 53。这些权限更改允许Amazon Config调用支持这些资源类型所需的只读 API。

2021 年 4 月 1 日

AWSConfigRole已淘汰

AWSConfigRole已弃用。换货政策是AWS_ConfigRole.

2021 年 4 月 1 日

Amazon Config 已开启跟踪更改

Amazon Config 为其 Amazon 托管式策略开启了跟踪更改。

2021 年 4 月 1 日