Amazon 的托管策略 Amazon Config

AWS_ConfigRole – 添加 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource"

该政策现在支持亚马逊弹性文件系统（亚马逊 EFS）、亚马逊 Redshift 和的额外权限。 适用于 SAP 的 Amazon Systems Manager

AWSConfigServiceRolePolicy – 添加 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource"

该政策现在支持亚马逊弹性文件系统（亚马逊 EFS）、亚马逊 Redshift 和的额外权限。 适用于 SAP 的 Amazon Systems Manager

该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito CloudWatch、亚马逊、亚马逊 FSx、 Amazon Identity and Access Management （IAM）、、 ElastiCache、、Amazon Redshi Amazon Glue ft Serverless Amazon Lambda、 Amazon RAM亚马逊和亚马逊简单通知服务 (Amazon SNS) 的额外权限。 SageMaker

该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito CloudWatch、亚马逊、亚马逊 FSx、 Amazon Identity and Access Management （IAM）、、 ElastiCache、、Amazon Redshi Amazon Glue ft Serverless Amazon Lambda、 Amazon RAM亚马逊和亚马逊简单通知服务 (Amazon SNS) 的额外权限。 SageMaker

AWSConfigUserAccess— Amazon Config 开始跟踪此 Amazon 托管策略的更改

此政策提供使用权限 Amazon Config，包括按资源标签搜索和读取所有标签。这不提供配置权限 Amazon Config，而配置权限需要管理权限。

该政策现在支持适用于 Prometheus 的亚马逊托管服务 Amazon AppConfig、Amazon DMS()、() IAM Amazon Database Migration Service 、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK Amazon Identity and Access Management）、亚马逊 Amazon Organizations日志和亚马逊简单存储服务 (Amazon S3) Simple Storage Service 的额外权限。 CloudWatch

该政策现在支持适用于 Prometheus 的亚马逊托管服务 Amazon AppConfig、Amazon DMS()、() IAM Amazon Database Migration Service 、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK Amazon Identity and Access Management）、亚马逊 Amazon Organizations日志和亚马逊简单存储服务 (Amazon S3) Simple Storage Service 的额外权限。 CloudWatch

该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊 EMR、、、适用于 Redis 的 Amazon MemoryDB Amazon Ground Station、、 Amazon Mainframe Modernization亚马逊、亚马逊 Amazon Organizations关系数据库服务（亚马逊 RDS）、亚马逊 Redshift、 QuickSight亚马逊 Redshift、Amazon Route 53 和。 Amazon Service Catalog Amazon Transfer Family

此策略现在为 AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID 和 AWSConfigSLRApiGatewayStatementID 添加了安全标识符 (SID)。

该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊 EMR、、、适用于 Redis 的 Amazon MemoryDB Amazon Ground Station、、 Amazon Mainframe Modernization亚马逊、亚马逊 Amazon Organizations关系数据库服务（亚马逊 RDS）、亚马逊 Redshift、 QuickSight亚马逊 Redshift、Amazon Route 53 和。 Amazon Service Catalog Amazon Transfer Family

此策略现在为 AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID 和 AWSConfigSLRApiGatewayStatementID 添加了安全标识符 (SID)。

该政策现在支持、、Amazon Connect Amazon Private CA Amazon App Mesh、亚马逊弹性容器服务 (Amazon ECS)、Amazon Evicently、Ama CloudWatch zon Managed Grafana、亚马逊、Amazon Insp Amazon IoT TwinMaker ector、 GuardDuty、、、Amazon Kafka Managed Streaming（ Amazon IoT亚马逊 MSK）、、、和亚马逊的额外权限。 Amazon Lambda Amazon Network Manager Amazon Organizations SageMaker

该政策现在支持、、Amazon Connect Amazon Private CA Amazon App Mesh、亚马逊弹性容器服务 (Amazon ECS)、Amazon Evicently、Ama CloudWatch zon Managed Grafana、亚马逊、Amazon Insp Amazon IoT TwinMaker ector、 GuardDuty、、、Amazon Kafka Managed Streaming（ Amazon IoT亚马逊 MSK）、、、和亚马逊的额外权限。 Amazon Lambda Amazon Network Manager Amazon Organizations SageMaker

此策略现在会移除 Amazon Systems Manager （Systems Manager）的权限。

该政策现在支持、、亚马逊、、、Amazon Connect Amazon App Mesh Amazon CloudFormation、 CloudFront Amazon CodeArtifact、亚马逊 Amazon CodeBuild、 Amazon Identity and Access Management (IAM) Amazon Glue、Amazon Inspector GuardDuty、、、、Amazon Inspector Amazon IoT、 Amazon IoT TwinMaker、、 Amazon IoT Wireless、Amazon Macie、、、、、Amazon Route 53、亚马逊简单存储服务 (Amazon S3) AWS Elemental MediaConnect Amazon Network Manager Amazon Organizations Amazon 资源探索器、亚马逊简单存储服务 (Amazon S3) 和亚马逊简单通知服务 (Amazon SNS) 的额外权限) Simple Service Amazon。

该政策现在支持亚马逊 AppStream 2.0 Amazon App Mesh、、、亚马逊、、、 Amazon CloudFormation、Amazon Connect CloudFront Amazon CodeArtifact Amazon CodeBuild、、亚马逊 Amazon Glue、 Amazon Identity and Access Management (IAM) GuardDuty、Amazon Inspector、 Amazon IoT、、 Amazon IoT TwinMaker、 Amazon IoT Wireless、Amazon Macie、、、、、、、Amazon Route 53 AWS Elemental MediaConnect Amazon Network Manager Amazon Organizations Amazon 资源探索器、亚马逊简单存储服务 (Amazon S3)、亚马逊简单通知服务的额外权限（亚马逊 SNS）Service 和亚马逊 EC2 Systems Manager (SSM)。

该政策现在支持 Amazon Connect、Amazon Connect Amazon Amplify、Prometheus 的亚马逊托管服务 Amazon App Mesh、亚马逊 Athena、、、、、、、、、亚马逊、、、、、（IAM）、亚马逊弹性计算云 (Amazon EC2)、 Amazon Batch Amazon Evicently Amazon CloudFormation、 Amazon CloudTrail Amazon Forecast Amazon CodeArtifact、 CodeGuru、、（IAM） Amazon Directory Service、Amazon Evisently、Amazon Forecast、、（IAM）、Amazon E Amazon Organizations visently、Amazon Forecast、、（ Amazon Ground Station IAM） CloudWatch 、Amazon Managed Streaming for Apazon Managed Kafka Kafka（亚马逊 MSK Amazon Identity and Access Management ）、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、亚马逊虚拟私有云（亚马逊 Amazon IoT Greengrass CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor VPC)、Amazon Personalize QuickSight Amazon Migration Hub Refactor Spaces、亚马逊、、亚马逊简单存储服务 (Amazon S3)、亚马逊 SageMaker、。 Amazon Transfer Family

该政策现在支持 Amazon Connect、Amazon Connect Amazon Amplify、Prometheus 的亚马逊托管服务 Amazon App Mesh、亚马逊 Athena、、、、、、、、、亚马逊、、、、、（IAM）、亚马逊弹性计算云 (Amazon EC2)、 Amazon Batch Amazon Evicently Amazon CloudFormation、 Amazon CloudTrail Amazon Forecast Amazon CodeArtifact、 CodeGuru、、（IAM） Amazon Directory Service、Amazon Evisently、Amazon Forecast、、（IAM）、Amazon E Amazon Organizations visently、Amazon Forecast、、（ Amazon Ground Station IAM） CloudWatch 、Amazon Managed Streaming for Apazon Managed Kafka Kafka（亚马逊 MSK Amazon Identity and Access Management ）、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、亚马逊虚拟私有云（亚马逊 Amazon IoT Greengrass CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor VPC)、Amazon Personalize QuickSight Amazon Migration Hub Refactor Spaces、亚马逊、、亚马逊简单存储服务 (Amazon S3)、亚马逊 SageMaker、。 Amazon Transfer Family

该政策现在支持亚马逊托管工作流程的额外权限，包括、、、亚马逊 Amazon Amplify、、亚马逊弹性计算云 Amazon App Mesh Amazon App Runner、亚马逊 Kendra CloudFront Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊、、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊 Amazon Migration Hub Amazon 、Di Amazon rectory Service 和。 Amazon Transfer Family CloudWatch Amazon WAF

该政策现在支持亚马逊托管工作流程的额外权限，包括、、、亚马逊 Amazon Amplify、、亚马逊弹性计算云 Amazon App Mesh Amazon App Runner、亚马逊 Kendra CloudFront Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊、、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊 Amazon Migration Hub Amazon 、Di Amazon rectory Service 和。 Amazon Transfer Family CloudWatch Amazon WAF

该政策现在支持亚马逊、亚马逊 AppStream 2.0、亚马逊、亚马逊 AppFlow、、、、亚马逊、、 Amazon App Runner、Amazon CloudWatch Evicently CloudFront、Amazon F CloudWatch orecast Amazon CodeCommit Amazon Device Farm、 Amazon Identity and Access Management (IAM)、适用于 Redis 的 Amazon MemoryDB Amazon IoT、Amazon Pinpoint、、、、亚马逊关系 Amazon Network Manager数据库 Amazon Panorama服务 (Amazon RDS)、Amazon Redshift 和亚马逊的额外权限。 Amazon CodeArtifact Amazon Ground Station SageMaker

该政策现在支持亚马逊、亚马逊 AppStream 2.0、亚马逊、亚马逊 AppFlow、亚马逊、、、 Amazon App Runner、亚马逊弹性计算云 (Amazon EC2) CloudFront CloudWatch Amazon CodeArtifact Amazon CodeCommit、Amazon Evicently Amazon Device Farm、Amazon Forecast、、(IAM)、、A CloudWatch mazon MemoryDB for Redis Amazon IoT、Amazon Pinpoint、、、亚马逊关系 Amazon Panorama数据库服务 (Amazon RDS) 的额外权限、 Amazon Network Manager亚马逊 Redshift 和亚马逊。 Amazon CloudFormation Amazon Ground Station Amazon Identity and Access Management SageMaker

AWSConfigRulesExecutionRole— Amazon Config 开始跟踪此 Amazon 托管策略的更改

此策略允许 Amazon Lambda 函数访问定期发送到 Amazon S3 的 Amazon Config Amazon Config API 和配置快照。评估 Amazon 自定义 Lambda 规则的配置更改的函数需要此访问权限。

AWSConfigRoleForOrganizations— Amazon Config 开始跟踪此 Amazon 托管策略的更改

此策略允许调 Amazon Config 用只读 Amazon Organizations API。

AWSConfigRemediationServiceRolePolicy— Amazon Config 开始跟踪此 Amazon 托管策略的更改

此政策 Amazon Config 允许代表您修复NON_COMPLIANT资源。

AWSConfigServiceRolePolicy – 添加 auditmanager:GetAccountStatus

此策略现在授予返回 Amazon Audit Manager中的账户注册状态的权限。

AWS_ConfigRole – 添加 auditmanager:GetAccountStatus

此策略现在授予返回 Amazon Audit Manager中的账户注册状态的权限。

AWSConfigMultiAccountSetupPolicy— Amazon Config 开始跟踪此 Amazon 托管策略的更改

此策略 Amazon Config 允许使用调用 Amazon 服务并在整个组织中部署 Amazon Config 资源 Amazon Organizations。

AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams Amazon HealthLake、亚马逊 Route 53 应用程序恢复控制器 Amazon Device Farm、亚马逊弹性计算云 (Amazon EC2)、亚马逊 Pinpoint、 Amazon Identity and Access Management (IAM)、亚马逊和亚马逊日志的额外权限。 GuardDuty CloudWatch

AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams Amazon HealthLake、亚马逊 Route 53 应用程序恢复控制器 Amazon Device Farm、亚马逊弹性计算云 (Amazon EC2)、亚马逊 Pinpoint、 Amazon Identity and Access Management (IAM)、亚马逊和亚马逊日志的额外权限。 GuardDuty CloudWatch

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作为安全最佳实践，此策略现在取消了对 config:DescribeConfigRules 的广泛资源级别权限。

AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、Amazon Route 53 应用程序恢复控制器 Amazon Audit Manager Amazon Device Farm、 Amazon Directory Service、亚马逊弹性计算云 Amazon Database Migration Service (Amazon DMS Amazon EC2)、、、Amaz Amazon IoT on Lightsail Amazon Glue、、、Amazon Route 53 应用程序恢复控制器 AWS Elemental MediaPackage Amazon Network Manager Amazon Resource Access Manager、 QuickSight亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、Amazon Route 53 应用程序恢复控制器 Amazon Audit Manager Amazon Device Farm、 Amazon Directory Service、亚马逊弹性计算云 Amazon Database Migration Service (Amazon DMS Amazon EC2)、、、Amaz Amazon IoT on Lightsail Amazon Glue、、、Amazon Route 53 应用程序恢复控制器 AWS Elemental MediaPackage Amazon Network Manager Amazon Resource Access Manager、 QuickSight亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间、亚马逊、Amazon Connect Amazon Amplify、 Amazon AppConfig亚马逊弹性计算云 (A CloudWatch mazon EC2) Amazon Glue DataBrew、亚马逊 Elastic Kubernetes Service（亚马逊 EKS）、亚马逊、、亚马逊 Fraud Detector、Amazon F Amazon Fault Injection Service raud Detector、亚马逊 fsX、 EventBridge亚马逊、亚马逊定位 GameLift服务、、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、、、、、亚马逊、亚马逊关系数据库服务（亚马逊 RDS）、 Amazon IoT Amazon OpsWorks Amazon Panorama Amazon Resource Access Manager QuickSight亚马逊 Amazon RoboMaker Rekognition Amazon Resource Groups、、、Amazon Route 53、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3)、以及。 Amazon Security Token Service

AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间、亚马逊、Amazon Connect Amazon Amplify、 Amazon AppConfig亚马逊弹性计算云 (A CloudWatch mazon EC2) Amazon Glue DataBrew、亚马逊 Elastic Kubernetes Service（亚马逊 EKS）、亚马逊、、亚马逊 Fraud Detector、Amazon F Amazon Fault Injection Service raud Detector、亚马逊 fsX、 EventBridge亚马逊、亚马逊定位 GameLift服务、、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、、、、、亚马逊、亚马逊关系数据库服务（亚马逊 RDS）、 Amazon IoT Amazon OpsWorks Amazon Panorama Amazon Resource Access Manager QuickSight亚马逊 Amazon RoboMaker Rekognition Amazon Resource Groups、、、Amazon Route 53、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3)、以及。 Amazon Security Token Service

AWSConfigServiceRolePolicy – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。

AWS_ConfigRole – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。

AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊 R CloudWatch UM、Amazon Synth CloudWatch etics CloudWatch、Amazon Connect 客户档案、Amazon Connect 语音 ID、亚马逊 DevOps Guru、亚马逊弹性计算云 (Amazon EC2)、亚马逊 EC2 Auto Scaling、亚马逊 EMR、亚马逊、亚马逊、亚马逊架构、Amazon Fraud Detector、亚马逊 Fraud Detector、亚马逊 EMR、亚马逊 Fraud Detector EventBridge、亚马逊 EMR、亚马逊 EventBridge Fraud Detector、亚马逊 GameLift、 Amazon FinSpace亚马逊互动视频服务（亚马逊 IVS）Interactive Service、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble P StudioAmazon inpoint、 QuickSight亚马逊、亚马逊 Route 53 应用程序恢复 Amazon Route 53 Resolver控制器、亚马逊简单存储服务 (亚马逊 S3) SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、Amazon Timestream、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT Amazon IoT Analytics Amazon IoT Events Amazon IoT SiteWise Amazon IoT TwinMaker、 Amazon Lake Formation、 Amazon License Manager Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family。

AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊 R CloudWatch UM、Amazon Synth CloudWatch etics CloudWatch、Amazon Connect 客户档案、Amazon Connect 语音 ID、亚马逊 DevOps Guru、亚马逊弹性计算云 (Amazon EC2)、亚马逊 EC2 Auto Scaling、亚马逊 EMR、亚马逊、亚马逊、亚马逊架构、Amazon Fraud Detector、亚马逊 Fraud Detector、亚马逊 EMR、亚马逊 Fraud Detector EventBridge、亚马逊 EMR、亚马逊 EventBridge Fraud Detector、亚马逊 GameLift、 Amazon FinSpace亚马逊互动视频服务（亚马逊 IVS）Interactive Service、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble P StudioAmazon inpoint、 QuickSight亚马逊、亚马逊 Route 53 应用程序恢复 Amazon Route 53 Resolver控制器、亚马逊简单存储服务 (亚马逊 S3) SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、Amazon Timestream、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT Amazon IoT Analytics Amazon IoT Events Amazon IoT SiteWise Amazon IoT TwinMaker、 Amazon Lake Formation Amazon License Manager、 Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family

AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon AppStream 2.0、 Amazon IoT Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams Amazon HealthLake、亚马逊 Route 53 应用程序恢复控制器 Amazon Device Farm、亚马逊弹性计算云 (Amazon EC2)、亚马逊 Pinpoint、 Amazon Identity and Access Management (IAM)、亚马逊和亚马逊日志的额外权限。 GuardDuty CloudWatch

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作为安全最佳实践，此策略现在取消了对 config:DescribeConfigRules 的广泛资源级别权限。

AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、Amazon Route 53 应用程序恢复控制器 Amazon Audit Manager Amazon Device Farm、 Amazon Directory Service、亚马逊弹性计算云 Amazon Database Migration Service (Amazon DMS Amazon EC2)、、、Amaz Amazon IoT on Lightsail Amazon Glue、、、Amazon Route 53 应用程序恢复控制器 AWS Elemental MediaPackage Amazon Network Manager Amazon Resource Access Manager、 QuickSight亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、Amazon Route 53 应用程序恢复控制器 Amazon Audit Manager Amazon Device Farm、 Amazon Directory Service、亚马逊弹性计算云 Amazon Database Migration Service (Amazon DMS Amazon EC2)、、、Amaz Amazon IoT on Lightsail Amazon Glue、、、Amazon Route 53 应用程序恢复控制器 AWS Elemental MediaPackage Amazon Network Manager Amazon Resource Access Manager、 QuickSight亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定 Amazon CloudFormation 堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间、亚马逊、Amazon Connect Amazon Amplify、 Amazon AppConfig亚马逊弹性计算云 (A CloudWatch mazon EC2) Amazon Glue DataBrew、亚马逊 Elastic Kubernetes Service（亚马逊 EKS）、亚马逊、、亚马逊 Fraud Detector、Amazon F Amazon Fault Injection Service raud Detector、亚马逊 fsX、 EventBridge亚马逊、亚马逊定位 GameLift服务、、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、、、、、亚马逊、亚马逊关系数据库服务（亚马逊 RDS）、 Amazon IoT Amazon OpsWorks Amazon Panorama Amazon Resource Access Manager QuickSight亚马逊 Amazon RoboMaker Rekognition Amazon Resource Groups、、、Amazon Route 53、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3)、以及。 Amazon Security Token Service

AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间、亚马逊、Amazon Connect Amazon Amplify、 Amazon AppConfig亚马逊弹性计算云 (A CloudWatch mazon EC2) Amazon Glue DataBrew、亚马逊 Elastic Kubernetes Service（亚马逊 EKS）、亚马逊、、亚马逊 Fraud Detector、Amazon F Amazon Fault Injection Service raud Detector、亚马逊 fsX、 EventBridge亚马逊、亚马逊定位 GameLift服务、、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、、、、、亚马逊、亚马逊关系数据库服务（亚马逊 RDS）、 Amazon IoT Amazon OpsWorks Amazon Panorama Amazon Resource Access Manager QuickSight亚马逊 Amazon RoboMaker Rekognition Amazon Resource Groups、、、Amazon Route 53、亚马逊简单存储服务 Amazon Cloud Map(Amazon S3)、以及。 Amazon Security Token Service

AWSConfigServiceRolePolicy – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。

AWS_ConfigRole – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定 Amazon Glue 表的表定义的权限。

AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊 R CloudWatch UM、Amazon Synth CloudWatch etics CloudWatch、Amazon Connect 客户档案、Amazon Connect 语音 ID、亚马逊 DevOps Guru、亚马逊弹性计算云 (Amazon EC2)、亚马逊 EC2 Auto Scaling、亚马逊 EMR、亚马逊、亚马逊、亚马逊架构、Amazon Fraud Detector、亚马逊 Fraud Detector、亚马逊 EMR、亚马逊 Fraud Detector EventBridge、亚马逊 EMR、亚马逊 EventBridge Fraud Detector、亚马逊 GameLift、 Amazon FinSpace亚马逊互动视频服务（亚马逊 IVS）Interactive Service、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble P StudioAmazon inpoint、 QuickSight亚马逊、亚马逊 Route 53 应用程序恢复 Amazon Route 53 Resolver控制器、亚马逊简单存储服务 (亚马逊 S3) SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、Amazon Timestream、、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT Amazon IoT Analytics Amazon IoT Events Amazon IoT SiteWise Amazon IoT TwinMaker Amazon Lake Formation、 Amazon License Manager Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family。

AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马逊 R CloudWatch UM、Amazon Synth CloudWatch etics CloudWatch、Amazon Connect 客户档案、Amazon Connect 语音 ID、亚马逊 DevOps Guru、亚马逊弹性计算云 (Amazon EC2)、亚马逊 EC2 Auto Scaling、亚马逊 EMR、亚马逊、亚马逊、亚马逊架构、Amazon Fraud Detector、亚马逊 Fraud Detector、亚马逊 EMR、亚马逊 Fraud Detector EventBridge、亚马逊 EMR、亚马逊 EventBridge Fraud Detector、亚马逊 GameLift、 Amazon FinSpace亚马逊互动视频服务（亚马逊 IVS）Interactive Service、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、亚马逊 Lightsail、亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble P StudioAmazon inpoint、 QuickSight亚马逊、亚马逊 Route 53 应用程序恢复 Amazon Route 53 Resolver控制器、亚马逊简单存储服务 (亚马逊 S3) SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、Amazon Timestream、、、、、、、、、、、、、、、、、、、 Amazon AppConfig Amazon AppSync Amazon Auto Scaling Amazon Backup Amazon Budgets Amazon Cost Explorer Amazon Cloud9 Amazon Directory Service Amazon DataSync AWS Elemental MediaPackage Amazon Glue Amazon IoT Amazon IoT Analytics Amazon IoT Events Amazon IoT SiteWise Amazon IoT TwinMaker Amazon Lake Formation、 Amazon License Manager Amazon Resilience Hub、 Amazon Signer、和 Amazon Transfer Family

AWSConfigServiceRolePolicy – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此策略现在允许返回中 Amazon DataSync 代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表 Amazon Web Services 账户；列出与中一个或多个指定命名空间关联的 Amazon Cloud Map 命名空间和服务的摘要信息 Amazon Web Services 账户；以及列出中所有可用的 Amazon Simple Email Service (Amazon SES) 联系人列表。 Amazon Web Services 账户

AWS_ConfigRole – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此策略现在允许返回中 Amazon DataSync 代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表 Amazon Web Services 账户；列出与中一个或多个指定命名空间关联的 Amazon Cloud Map 命名空间和服务的摘要信息 Amazon Web Services 账户；以及列出中所有可用的 Amazon Simple Email Service (Amazon SES) 联系人列表。 Amazon Web Services 账户

ConfigConformsServiceRolePolicy – 添加 cloudwatch:PutMetricData

该政策现在授予向 Amazon 发布指标数据点的权限 CloudWatch。

AWSConfigServiceRolePolicy – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

该政策现在支持亚马逊弹性容器服务 (Amazon ECS)、亚马逊、亚马逊、亚马逊、亚马逊 FsX、适用于 A ElastiCache pache Flink 的亚马逊托管服务、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、亚马逊、亚马逊 Rekognition、 QuickSight亚马逊简单存储服务 (Amazon S3) 的额外权限) Amazon RoboMaker、亚马逊简单电子邮件服务 (Amazon SES)、、、、、、、、、、、（IAM 身份中心）、EC2 Image Builder 和 E Amazon Amplify lastic Load Balancing。 EventBridge Amazon AppConfig Amazon AppSync Amazon Billing Conductor Amazon DataSync Amazon Firewall Manager Amazon Glue Amazon IAM Identity Center

AWS_ConfigRole – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

该政策现在支持亚马逊弹性容器服务 (Amazon ECS)、亚马逊、亚马逊、亚马逊、亚马逊 FsX、适用于 A ElastiCache pache Flink 的亚马逊托管服务、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、亚马逊、亚马逊 Rekognition、 QuickSight亚马逊简单存储服务 (Amazon S3) 的额外权限) Amazon RoboMaker、亚马逊简单电子邮件服务 (Amazon SES)、、、、、、、、、、、（IAM 身份中心）、EC2 Image Builder 和 E Amazon Amplify lastic Load Balancing。 EventBridge Amazon AppConfig Amazon AppSync Amazon Billing Conductor Amazon DataSync Amazon Firewall Manager Amazon Glue Amazon IAM Identity Center

AWSConfigServiceRolePolicy – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策现在授予以下权限：获取指定的 Amazon Athena 数据目录 Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签；获取 Amazon Detective 行为图列表并列出侦探行为图的标签；获取给定开发终端节点名称列表的资源元数据列表，获取有关指定开发的信息端点，获取所有开发端点，检索 Amazon Glue 指定的安全 Amazon Glue Amazon Glue Amazon Web Services 账户 Amazon Glue 配置，获取所有 Amazon Glue 安全配置，获取与 Amazon Glue 资源关联的标签列表，获取有关具有指定名称 Amazon Glue 的工作组的信息，检索 Amazon 账户中所有 Amazon Glue Crawler 资源的名称，获取中所有 Amazon Glue DevEndpoint资源的名称 Amazon Web Services 账户，列出中所有 Amazon Glue 作业资源的名称，获取 Amazon Glue 成员账户的详细信息，列出账户中创建 Amazon Glue 的工作流名称，以及列出账户的可用 Amazon Glue 工作组； Amazon Web Services 账户检索有关亚马逊 GuardDuty 筛选器的详细信息、检索 GuardDuty IPSet、检索 GuardDutyThreatIntelSet、检索 GuardDuty 成员账户、获取 GuardDuty筛选器列表、获取 GuardDuty 服务的 IP 集、检索服务的标签并获取GuardDuty 服务的信息；获取 Amazon Macie 账户的当前状态和配置设置；检索Amazon RAM() 资源共享的资源和委托人关联 Amazon Resource Access Manager 并检索 Amazon RAM 有关资源共享的详细信息； ThreatIntelSets GuardDuty 获取有关亚马逊简单电子邮件服务 (Amazon SES) 现有配置集的信息，获取与 Amazon SES 配置集关联的事件目标列表，并列出与 Amazon SES 账户关联的所有配置集；要获取身份中心目录属性列表，请获取权限集的详细信息，获取附加到指定 IAM 身份中心权限集的 IAM 托管策略，获取，为 IAM 身份中心实例设置的权限，以及为 IAM 身份中心获取标签 Amazon IAM Identity Center 资源。

AWS_ConfigRole – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策现在授予以下权限：获取指定的 Amazon Athena 数据目录 Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签；获取 Amazon Detective 行为图列表并列出侦探行为图的标签；获取给定开发终端节点名称列表的资源元数据列表，获取有关指定开发的信息端点，获取所有开发端点，检索 Amazon Glue 指定的安全 Amazon Glue Amazon Glue Amazon Web Services 账户 Amazon Glue 配置，获取所有 Amazon Glue 安全配置，获取与 Amazon Glue 资源关联的标签列表，获取有关具有指定名称 Amazon Glue 的工作组的信息，检索 Amazon 账户中所有 Amazon Glue Crawler 资源的名称，获取中所有 Amazon Glue DevEndpoint资源的名称 Amazon Web Services 账户，列出中所有 Amazon Glue 作业资源的名称，获取 Amazon Glue 成员账户的详细信息，列出账户中创建 Amazon Glue 的工作流名称，以及列出账户的可用 Amazon Glue 工作组； Amazon Web Services 账户检索有关亚马逊 GuardDuty 筛选器的详细信息、检索 GuardDuty IPSet、检索 GuardDutyThreatIntelSet、检索 GuardDuty 成员账户、获取 GuardDuty筛选器列表、获取 GuardDuty 服务的 IP 集、检索服务的标签并获取GuardDuty 服务的信息；获取 Amazon Macie 账户的当前状态和配置设置；检索Amazon RAM() 资源共享的资源和委托人关联 Amazon Resource Access Manager 并检索 Amazon RAM 有关资源共享的详细信息； ThreatIntelSets GuardDuty 获取有关亚马逊简单电子邮件服务 (Amazon SES) 现有配置集的信息，获取与 Amazon SES 配置集关联的事件目标列表，并列出与 Amazon SES 账户关联的所有配置集；要获取身份中心目录属性列表，请获取权限集的详细信息，获取附加到指定 IAM 身份中心权限集的 IAM 托管策略，获取，为 IAM 身份中心实例设置的权限，以及为 IAM 身份中心获取标签 Amazon IAM Identity Center 资源。

AWSConfigServiceRolePolicy – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此策略现在授予以下权限：获取有关所有或指定 Amazon CloudTrail 事件数据存储 (EDS) 的信息、获取有关全部或指定 Amazon CloudFormation 资源的信息、获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表、获取 Amazon Database Migration Service 有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息，以及获取指定类型的所有策略的列表。 Amazon Organizations

AWS_ConfigRole – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此策略现在授予以下权限：获取有关所有或指定 Amazon CloudTrail 事件数据存储 (EDS) 的信息、获取有关全部或指定 Amazon CloudFormation 资源的信息、获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表、获取 Amazon Database Migration Service 有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息，以及获取指定类型的所有策略的列表。 Amazon Organizations

AWSConfigServiceRolePolicy – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

该策略现在支持、、DynamoDB 加速器 Amazon Backup Amazon Batch、亚马逊 DynamoDB、 Amazon Database Migration Service亚马逊弹性计算云 (Amazon EC2)、亚马逊 Elastic Kubernetes Service、亚马逊 FSx、亚马逊、、、、、亚马逊关系数据库服务、V2 和亚马逊的额外权限。 GuardDuty Amazon Key Management Service Amazon OpsWorks Amazon WAF WorkSpaces

AWS_ConfigRole – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

该策略现在支持、、DynamoDB 加速器 Amazon Backup Amazon Batch、亚马逊 DynamoDB、 Amazon Database Migration Service亚马逊弹性计算云 (Amazon EC2)、亚马逊 Elastic Kubernetes Service、亚马逊 FSx、亚马逊、、、、、亚马逊关系数据库服务、V2 和亚马逊的额外权限。 GuardDuty Amazon Key Management Service Amazon OpsWorks Amazon WAF WorkSpaces

AWSConfigServiceRolePolicy – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

现在，该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本的地图、描述数据库 OpenSearch 的可用的 Amazon RDS 选项组以及获取有关部署配置的信息。 CodeDeploy 现在，该策略还授予以下权限：检索附加到的指定备用联系人 Amazon Web Services 账户、检索有关 Amazon Organizations 策略的信息、检索 Amazon ECR 存储库策略、检索有关存档 Amazon Config 规则的信息、检索 Amazon ECS 任务定义系列列表、列出指定子 OU 或账户的根或上级组织单位 (OU)，以及列出附加到指定目标根目录、组织单位或账户的策略。

AWS_ConfigRole – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

现在，该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本的地图、描述数据库 OpenSearch 的可用的 Amazon RDS 选项组以及获取有关部署配置的信息。 CodeDeploy 现在，该策略还授予以下权限：检索附加到的指定备用联系人 Amazon Web Services 账户、检索有关 Amazon Organizations 策略的信息、检索 Amazon ECR 存储库策略、检索有关存档 Amazon Config 规则的信息、检索 Amazon ECS 任务定义系列列表、列出指定子 OU 或账户的根或上级组织单位 (OU)，以及列出附加到指定目标根目录、组织单位或账户的策略。

AWSConfigServiceRolePolicy – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。

AWS_ConfigRole – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。

AWSConfigServiceRolePolicy – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

该策略现在授予获取有关亚马逊 OpenSearch 服务（OpenSearch 服务）域/域的详细信息以及获取特定亚马逊关系数据库服务 (Amazon RDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。

AWS_ConfigRole – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

该策略现在授予获取有关亚马逊 OpenSearch 服务（OpenSearch 服务）域/域的详细信息以及获取特定亚马逊关系数据库服务 (Amazon RDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。

AWSConfigServiceRolePolicy— 添加logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine Amazon 资源类型以及其他权限

此策略现在授予列出日志组的标签，列出状态机的标签，以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊 EC2 Systems Manager (SSM)、亚马逊弹性容器注册表、亚马逊 FSx、Amazon Data Firehose、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK）、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Route 53、亚马逊、 SageMaker亚马逊简单通知服务、、和。 Amazon Database Migration Service Amazon Global Accelerator Amazon Storage Gateway

AWS_ConfigRole— 添加 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 以及 Amazon 资源类型的其他权限

此策略现在授予列出日志组的标签，列出状态机的标签，以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊 EC2 Systems Manager (SSM)、亚马逊弹性容器注册表、亚马逊 FSx、Amazon Data Firehose、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK）、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Route 53、亚马逊、 SageMaker亚马逊简单通知服务、、和。 Amazon Database Migration Service Amazon Global Accelerator Amazon Storage Gateway

AWSConfigServiceRolePolicy— 为 Amazon 资源类型添加ssm:DescribeDocumentPermission权限和其他权限

此策略现在授予查看有关 IAM Access Analyzer 的 Amazon Systems Manager 文档和信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊 EMR、 ElastiCache亚马逊 Route 53 和 Amazon Network Firewall亚马逊关系数据库服务 (Amazon RDS) 的其他 Amazon 资源类型。这些权限更改 Amazon Config 允许调用支持这些资源类型所需的只读 API。此策略现在还支持筛选lambda-inside-vpc Amazon Config 托管规则的 Lambda @Edge 函数。

AWS_ConfigRole— 为 Amazon 资源类型添加ssm:DescribeDocumentPermission权限和其他权限

此策略现在授予查看有关 IAM Access Analyzer 的 Amazon Systems Manager 文档和信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊 EMR、 ElastiCache亚马逊 Route 53 和 Amazon Network Firewall亚马逊关系数据库服务 (Amazon RDS) 的其他 Amazon 资源类型。这些权限更改 Amazon Config 允许调用支持这些资源类型所需的只读 API。此策略现在还支持筛选lambda-inside-vpc Amazon Config 托管规则的 Lambda @Edge 函数。

AWSConfigServiceRolePolicy – 添加 apigateway:GET 权限，以对 API Gateway 进行只读 GET 调用，添加 s3:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus 权限，以调用 Amazon S3 只读 API

现在，此策略授予 Amazon Config 允许对 API Gateway 进行只读 GET 调用的权限，以支持 API 网关的 Amazon Config 规则。该策略还增加了 Amazon Config 允许调用亚马逊简单存储服务 (Amazon S3) 只读 API 的权限，这是支持AWS::S3::AccessPoint新资源类型所必需的。

AWS_ConfigRole — 添加apigateway:GET对 API Gateway 进行只读 GET 调用的s3:GetAccessPointPolicy权限以及调用 Amazon S3 只读 API 的s3:GetAccessPointPolicyStatus权限和权限

现在，此策略授予的权限 Amazon Config 允许对 API Gateway 进行只读 GET 调用， Amazon Config 以支持 API 网关。该策略还增加了 Amazon Config 允许调用亚马逊简单存储服务 (Amazon S3) 只读 API 的权限，这是支持AWS::S3::AccessPoint新资源类型所必需的。

AWSConfigServiceRolePolicy— 为 Amazon 资源类型添加ssm:ListDocuments权限和其他权限

此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统 Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (Amazon EC2)、Amazon Kinesis、亚马逊和亚马逊 Route 53 的其他 Amazon 资源类型。 SageMaker Amazon Database Migration Service这些权限更改 Amazon Config 允许调用支持这些资源类型所需的只读 API。

AWS_ConfigRole— 为 Amazon 资源类型添加ssm:ListDocuments权限和其他权限

此策略现在授予查看有关 Amazon Systems Manager 指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统 Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (Amazon EC2)、Amazon Kinesis、亚马逊和亚马逊 Route 53 的其他 Amazon 资源类型。 SageMaker Amazon Database Migration Service这些权限更改 Amazon Config 允许调用支持这些资源类型所需的只读 API。

AWSConfigRole 已弃用

AWSConfigRole 已弃用。替换策略是 AWS_ConfigRole。

Amazon Config 已开始跟踪更改

Amazon Config 开始跟踪其 Amazon 托管策略的更改。