Amazon的托管策略Amazon Config

AWS_ConfigRole— 添加 “lightsail:GetActiveNames” “lightsail:GetOperations” “s3:” GetBucketAbac

该政策现在支持亚马逊 Lightsail 和亚马逊简单存储服务 (Amazon S3) Service 的额外权限。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy— 添加 “lightsail:GetActiveNames” “lightsail:GetOperations” “s3:” GetBucketAbac

该政策现在支持亚马逊 Lightsail 和亚马逊简单存储服务 (Amazon S3) Service 的额外权限。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy— 更新了托管策略，具有在 100 多种Amazon服务（包括计算、存储、联网、安全、分析和机器学习服务）中记录Amazon资源配置的全面权限。

现在，该策略提供了有关服务权限的增强文档，并支持对所有Amazon Config支持配置记录的Amazon服务进行全面监控。

2025 年 11 月 11 日

AWS_ConfigRole— 更新了托管策略，具有跨多种服务记录Amazon资源配置的全面权限Amazon Identity and Access Management，包括亚马逊弹性计算云、亚马逊简单存储服务Amazon Lambda、Amazon Relational Database Service 等。

此策略现在支持额外权限，以便在所有支持的Amazon服务中进行全面的Amazon资源配置记录和监控。

2025 年 11 月 10 日

AWS_ConfigRole— 添加 “放大：” “放大：GetDomainAssociation” “放大：” “appsync：ListDomainAssociations” “appsync：ListTagsForResource” “bedrock：GetSourceApiAssociation” “bedrock：ListSourceApiAssociations” “bedrock：GetFlow” “bedrock：ListAgentCollaborators” “cloudFormation：ListFlows” “codeartifact：ListPrompts” “codeartifact：GetResourcePolicy” “codeartifact：DescribePublisherDescribePackageGroup” “codepipeline：ListAllowedRepositoriesForGroup” “codepipeline：ListPackageGroups” “codepipeline：ListActionTypes” “connect：ListTagsForResource” “截止日期：ListWebhooks” “ec2：” “ec2：DescribeTrafficDistributionGroup” “ec2：” ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutesSearchTransitGatewayMulticastGroups” “实体分辨率：” “实体分辨率：GetMatchingWorkflow” “iotsitewise：” “iotsitewise：ListMatchingWorkflows” “iotsitewise：” “iotsitewise：ListAssetModelCompositeModels” “iotsitewise：ListAssetModelProperties” “ivs：” “lambda：” “lambda：ListAssetProperties” “lambda：” “pipes：” “pipes：ListAssociatedAssets” “quicksight：ListPublicKeys” “quicksight：GetProvisionedConcurrencyConfig” “redshift-serverless：GetRuntimeManagementConfig” “redshift：” “redshift：ListFunctionEventInvokeConfigs” “redshift：ListFunctionUrlConfigs”:” “rolesanywhere：DescribePipe” “rolesanywhere：ListPipes” “sagemaker：DescribeRefreshSchedule” “sagemaker：” “sagemaker：ListRefreshSchedules” “sagemaker：” ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfileListApps” “sagemaker：ListModelPackages” “sagemaker：” “securitymanager：ListUserProfiles” “securitylake：GetResourcePolicy” “servicecatalog：ListSubscribers” “servicecatalog：ListTagsForResource” “ssemcatalog：DescribeServiceAction” “ssm：” ssm：“ssm：ListApplications” “ssm：” “ssm：ListAssociatedResources” “ssm：” “ssm：ListProtectionGroups” “ssm：ListTagsForResource”:” “ssm：” “ssm：GetReplicationSet” “wafv2：” “bedrock-agentcore：ListReplicationSetsDescribeAssociation” “bedrock-agentcore：DescribePatchBaselines” “bedrock-agentcore：GetDefaultPatchBaseline” “bedrock GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter-agentcore：” “bedrock-agentcore：ListBrowsers” “bedrock-agentcore：” “bedrock-agentcore：GetBrowser” “bedrock-agentcore：” “bedrock-agentcore：” “bedrock-agentcore：ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

该政策现在支持、、Amazon Bedrock Amazon Amplify、Amazon AppSync、、、、、Amazon Connect Amazon CloudTrailAmazon CloudFormationAmazon CodeArtifact、Amazon CodePipeline、、、亚马逊、、Amazon Deadline Cloud、、亚马逊 EC2、Amazon Entity Resolution 数据匹配服务Amazon IoT SiteWise、Amazon Quick Suite、Amazon Lambda A EventBridge mazon Redshift、Serverless、、、亚马逊Amazon Identity and Access Management Roles Anywhere、、、 SageMaker亚马逊安全湖Amazon Service Catalog、、、Amazon Secrets Manager、Amazon Systems Manager 和。Amazon Shield EC2 Amazon WAFV2

2025 年 10 月 1 日

AWSConfigServiceRolePolicy— 添加 “放大：” “放大：GetDomainAssociation” “放大：” “appsync：ListDomainAssociations” “appsync：ListTagsForResource” “bedrock：GetSourceApiAssociation” “bedrock：ListSourceApiAssociations” “bedrock：GetFlow” “bedrock：ListAgentCollaborators” “cloudFormation：ListFlows” “codeartifact：ListPrompts” “codeartifact：GetResourcePolicy” “codeartifact：DescribePublisherDescribePackageGroup” “codepipeline：ListAllowedRepositoriesForGroup” “codepipeline：ListPackageGroups” “codepipeline：ListActionTypes” “connect：ListTagsForResource” “截止日期：ListWebhooks” “ec2：” “ec2：DescribeTrafficDistributionGroup” “ec2：” ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutesSearchTransitGatewayMulticastGroups” “实体分辨率：” “实体分辨率：GetMatchingWorkflow” “iotsitewise：” “iotsitewise：ListMatchingWorkflows” “iotsitewise：” “iotsitewise：ListAssetModelCompositeModels” “iotsitewise：ListAssetModelProperties” “ivs：” “lambda：” “lambda：ListAssetProperties” “lambda：” “pipes：” “pipes：ListAssociatedAssets” “quicksight：ListPublicKeys” “quicksight：GetProvisionedConcurrencyConfig” “redshift-serverless：GetRuntimeManagementConfig” “redshift：” “redshift：ListFunctionEventInvokeConfigs” “redshift：ListFunctionUrlConfigs”:” “rolesanywhere：DescribePipe” “rolesanywhere：ListPipes” “sagemaker：DescribeRefreshSchedule” “sagemaker：” “sagemaker：ListRefreshSchedules” “sagemaker：” ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfileListApps” “sagemaker：ListModelPackages” “sagemaker：” “securitymanager：ListUserProfiles” “securitylake：GetResourcePolicy” “servicecatalog：ListSubscribers” “servicecatalog：ListTagsForResource” “ssemcatalog：DescribeServiceAction” “ssm：” ssm：“ssm：ListApplications” “ssm：” “ssm：ListAssociatedResources” “ssm：” “ssm：ListProtectionGroups” “ssm：ListTagsForResource”:” “ssm：” “ssm：GetReplicationSet” “wafv2：” “bedrock-agentcore：ListReplicationSetsDescribeAssociation” “bedrock-agentcore：DescribePatchBaselines” “bedrock-agentcore：GetDefaultPatchBaseline” “bedrock GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter-agentcore：” “bedrock-agentcore：ListBrowsers” “bedrock-agentcore：” “bedrock-agentcore：GetBrowser” “bedrock-agentcore：” “bedrock-agentcore：” “bedrock-agentcore：ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

该政策现在支持、、Amazon Bedrock Amazon Amplify、Amazon AppSync、、、、、Amazon Connect Amazon CloudTrailAmazon CloudFormationAmazon CodeArtifact、Amazon CodePipeline、、、亚马逊、、Amazon Deadline Cloud、、亚马逊 EC2、Amazon Entity Resolution 数据匹配服务Amazon IoT SiteWise、Amazon Quick Suite、Amazon Lambda A EventBridge mazon Redshift、Serverless、、、亚马逊Amazon Identity and Access Management Roles Anywhere、、、 SageMaker亚马逊安全湖Amazon Service Catalog、、、Amazon Secrets Manager、Amazon Systems Manager 和。Amazon Shield EC2 Amazon WAFV2

2025 年 10 月 1 日

AWS_ConfigRole— 添加”arc-zonal-shift: GetAutoshiftObserverNotificationStatus “、“基石：”、“cloudtrail：”、GetModelInvocationLoggingConfiguration “codeartifact：”、GetEventConfiguration “codeartifaction：”、“截止日期：”、DescribeDomain “截止日期：”、“截止日期：”、GetDomainPermissionsPolicy “dms：”、“dms：”、GetFleet “glue：”、GetQueueFleetAssociation “kafkaconnect：”、ListFleets “kafkaconnect：”、ListQueueFleetAssociations “kafkaconnect：”、ListTagsForResource “kafkaconnect：DescribeDataMigrations”、“kafkaconnect：”、“kafkaconnect：”、ListMigrationProjects “kafkaconnect：”、GetDataCatalogEncryptionSettings “kafect：”、“kafkaconnect：DescribeCustomPlugin”、“kafkaconnect：DescribeWorkerConfiguration”、“lakeformation：”、“medialive：”、“medialive：ListCustomPlugins”、“medialive：”、“m ListTagsForResource ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeMultiplexProgramListMultiplexPrograms“，” mediapackagev2：”、“mediapackagev2：GetChannelGroup”、“rds：”、“rolesanywhere：ListChannelGroups”、“rolesanywhere：DescribeEngineDefaultParameters”、“anywhere：”、“rolesanywhere：GetProfile”、“s3：”、“securitylake：GetTrustAnchor”、“securitylake：ListProfiles”、“securitylake：”、“anywhere：ListTagsForResource”、“securitylake：”、ListTrustAnchors “securitylake：GetAccessGrant”、“securitylake：ListAccessGrants”、“securitylake：“、“servicecatalog：DescribeSecret”、“servicecatalog：ListDataLakeExceptions”、“servicecatalog：ListDataLakes”、“servicecatalog：”、“ses：ListLogSources”、“ses：”、“ses：”、“ses：GetAttributeGroup“，” ListAttributeGroups ListServiceActions ListServiceActionsForProvisioningArtifact GetTrafficPolicy ListTagsForResourceses：ListTrafficPolicies“、“xray：”、“xray：GetGroup”、“xray：GetGroups”、“xray：”、“xray：GetSamplingRules”、“xray：”、ListResourcePolicies “xray：” ListTagsForResource

该政策现在支持亚马逊贝德罗克Amazon ARC - Zonal Shift、、、、、、、、Amazon CloudTrail、Amazon CodeArtifact、、Amazon Deadline Cloud、Amazon Database Migration Service、Amazon GlueAmazon Identity and Access Management、Amazon Managed Streaming Amazon Lake Formation、、、 CloudWatch Amazon AWS Elemental MediaLive Logs AWS Elemental MediaPackage、、、、亚马逊关系数据库服务、亚马逊简单存储服务Amazon Secrets Manager、、亚马逊安全湖Amazon Service Catalog、、亚马逊简单电子邮件服务和。Amazon X-Ray

2025 年 7 月 28 日

AWSConfigServiceRolePolicy— 添加

“arc-zonal-shift:”、GetAutoshiftObserverNotificationStatus “基石：”、“cloudtrail：GetModelInvocationLoggingConfiguration”、“codeartifact：GetEventConfiguration”、“codeartifact：DescribeDomain”、“截止日期：”、“截止日期：GetDomainPermissionsPolicy”、“截止日期：”、“dms：GetFleet”、“dms：”、“glue：GetQueueFleetAssociation”、“iam：ListFleets”、“kafkaconnect：ListQueueFleetAssociations”、“kafkaconnect：ListTagsForResource”、“kafkaconnect：DescribeDataMigrations”、“kafkaconnect：ListMigrationProjects”、“kafkaconnect：GetDataCatalogEncryptionSettings”，“kafkaconnect：ListPolicies”，“kafconnect：”、“kafkaconnect：DescribeCustomPlugin”、“kafkaconnect：DescribeWorkerConfiguration”、“lakeformation：”、“logs：”、“logs：ListCustomPlugins”、“logs：”、“logs：ListTagsForResource”、“medialive：ListWorkerConfigurationsDescribeLakeFormationIdentityCenterConfigurationDescribeIndexPoliciesListTagsForResourceDescribeMultiplexProgram“，” medialive：ListMultiplexPrograms”、“mediapackagev2：”、“mediapackagev2：GetChannelGroup”、“rds：”、“rolesanywhere：”、“rolesanywhere：ListChannelGroups”、“rolesanywhere：DescribeEngineDefaultParameters”、“rolesanywhere：”、“rolesanywhere：”、GetProfile “rolesanywhere：GetTrustAnchor”、“rolesanywhere：”、“rolesanywhere：”、ListProfiles “rolesanywhere：ListTagsForResource”、“rolesanywhere：”、ListTrustAnchors “rolesanywhere：”、““、GetAccessGrant “securitylake：ListAccessGrants”、“servicecatalog：”、“servicecatalog：DescribeSecret”、“servicecatalog：ListDataLakeExceptions”、“servicecatalog：”、ListDataLakes “servicecatalog：”、“ses：ListLogSourcesGetAttributeGroupListAttributeGroupsListServiceActionsListServiceActionsForProvisioningArtifactGetTrafficPolicy“、“ses：”、“ses：ListTagsForResource”、“xray：”、“xray：ListTrafficPolicies”、“xray：”、“xray：GetGroup”、“xray：”、“xray：”、GetGroups “arn: aws: apigateway:: /accountGetSamplingRules”、“arn: aws:: /usageplans/”、ListResourcePolicies “arn: aws:: ListTagsForResource /usageplans”、“arn: aws: apigateway:: /usageplans/”。

该政策现在支持对亚马逊 Bedrock Amazon ARC - Zonal Shift、、、、、、Amazon CloudTrail、、Amazon CodeArtifact、Amazon Deadline Cloud、Amazon Database Migration ServiceAmazon GlueAmazon Identity and Access Management、Amazon Managed Streaming Amazon Lake Formation、、、 CloudWatch Amazon L AWS Elemental MediaLive ogs AWS Elemental MediaPackage、、、、、亚马逊关系数据库服务、亚马逊简单存储服务Amazon Secrets Manager、、亚马逊安全湖Amazon Service Catalog、亚马逊简单电子邮件Amazon X-Ray服务和亚马逊 API Gateway 的额外权限。

2025 年 7 月 28 日

AWSConfigServiceRolePolicy— 添加 “backup-gateway：”、GetHypervisor “backup-gateway：”、“、”：ListHypervisors“、”、“bedrockbcm-data-exports：”、GetExport “bedrockbcm-data-exports：”、ListExports “bedrockbcm-data-exports：”、ListTagsForResource “bedrock：”、GetAgent “bedrock：”、“bedrock：”、GetAgentActionGroup “bedrock：”、“bedrock：”、GetAgentKnowledgeBase “bedrock：”、GetDataSource “bedrock：”、“bedrock：”、GetFlowAlias “bedrock：”、GetFlowVersion “bedrock：”、“bedrock：ListAgentActionGroups”、“bedrock：”、“bedrock：ListAgentKnowledgeBases”，“cloudformation：ListDataSources”，“cloudformation：ListFlowAliases”，“cloudformation：ListFlowVersions”，“cloudformati BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstancescloudformation：”、ListStackSets “cloudfront：”、GetPublicKey “cloudfront：GetRealtimeLogConfig”、“cloudfront：ListPublicKeys”、“实体分辨率：”、ListRealtimeLogConfigs “实体分辨率：”、“实体分辨率：”、“实体分辨率：GetIdMappingWorkflow”、“iotdeviceAdvisor：GetSchemaMapping”、“iotdeviceAdvisor：”、ListIdMappingWorkflows “iotdeviceAdvisor：”、ListSchemaMappings “lambda：ListTagsForResource”、“lambda：”，“” mediapackagev2：GetSuiteDefinition“，” mediapackagev2：ListSuiteDefinitions“，” networkmanager：GetEventSourceMapping“，” networkmanager：ListEventSourceMappings“，”：“，” GetChannel ListChannels GetTransitGatewayPeering ListPeerings pca-connector-ad GetDirectoryRegistrationpca-connector-ad: ListDirectoryRegistrations “,”: “、“rdspca-connector-ad: ListTagsForResource Describe G DBShard roups”、“rds:”、“redshift：DescribeIntegrations”、“s3tables：”、“s3tables：”、DescribeIntegrations “s3tables：”、“s3tables：”、GetTableBucket “ssm-quicksetup：”、GetTableBucketEncryption “ssm-quicksetup：”、GetTableBucketMaintenanceConfiguration “ssm-quicksetup：” ListTableBuckets GetConfigurationManager ListConfigurationManagers

该策略现在支持对、、Amazon Bedrock Amazon Backup gatewayAmazon 账单与成本管理、、、Amazon、Amazon CloudFormation、、、 CloudFront、、、Amazon Entity Resolution 数据匹配服务、Amazon IoT Core Device Advisor、Amazon LambdaAmazon Network ManagerAmazon 私有证书颁发机构、Amazon Redshift、Amazon S3 Tables 等的额外权限。Amazon Systems Manager 快速设置功能

AWS_ConfigRole— 添加 “backup-gateway：”、GetHypervisor “backup-gateway：”、“、”：ListHypervisors“、”、“bedrockbcm-data-exports：”、GetExport “bedrockbcm-data-exports：”、ListExports “bedrockbcm-data-exports：”、ListTagsForResource “bedrock：”、GetAgent “bedrock：”、“bedrock：”、GetAgentActionGroup “bedrock：”、“bedrock：”、GetAgentKnowledgeBase “bedrock：”、GetDataSource “bedrock：”、“bedrock：”、GetFlowAlias “bedrock：”、GetFlowVersion “bedrock：”、“bedrock：ListAgentActionGroups”、“bedrock：”、“bedrock：ListAgentKnowledgeBases”，“cloudformation：ListDataSources”，“cloudformation：ListFlowAliases”，“cloudformation：ListFlowVersions”，“cloudformati BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstancescloudformation：”、ListStackSets “cloudfront：”、GetPublicKey “cloudfront：”、GetRealtimeLogConfig “cloudfront：”、ListPublicKeys “实体分辨率：ListRealtimeLogConfigs”、“实体分辨率：”、“实体分辨率：GetIdMappingWorkflow”、“实体分辨率：”、GetSchemaMapping “iotdeviceAdvisor：”、ListIdMappingWorkflows “iotdeviceAdvisor：ListSchemaMappings”、“iotdeviceAdvisor：ListTagsForResource”、“lambda：”、“lambda：GetSuiteDefinition”，“” networkmanager：ListSuiteDefinitions“，”，“networkmanager：”，GetEventSourceMapping”：“，”：“，”：ListEventSourceMappings“，” rds：GetTransitGatewayPeeringListPeeringspca-connector-adGetDirectoryRegistrationpca-connector-adListDirectoryRegistrationspca-connector-adListTagsForResource描述DBShard群组”、“rds：”、“redshift：”、DescribeIntegrations “s3tables：”、“s3tables：”、DescribeIntegrations “s3tables：”、“s3tables：”、GetTableBucket “s3tables：”、GetTableBucketEncryption “ssm-quicksetup：”、“ssm-quicksetup：”、GetTableBucketMaintenanceConfiguration “ssm-quickset ListTableBuckets up：”，GetConfigurationManagerListConfigurationManagers

该策略现在支持对、、Amazon Bedrock Amazon Backup gatewayAmazon 账单与成本管理、、、Amazon、Amazon CloudFormation、、、 CloudFront、、、Amazon Entity Resolution 数据匹配服务、Amazon IoT Core Device Advisor、Amazon LambdaAmazon Network ManagerAmazon 私有证书颁发机构、Amazon Redshift、Amazon S3 Tables 等的额外权限。Amazon Systems Manager 快速设置功能

AWS_ConfigRole – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

此策略现在支持为 Amazon Bedrock 授予更多权限。

AWSConfigServiceRolePolicy – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

此策略现在支持为 Amazon Bedrock 授予更多权限。

AWS_ConfigRole – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

该政策现在支持对亚马逊 Bedrock Amazon B2B Data Interchange、、、、、Amazon Database Migration Service（Amazon DMS）、Amazon L CloudWatch ogs Amazon Clean RoomsAmazon CodeConnectionsAmazon Direct Connect、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、亚马逊简单存储服务 (Amazon S3)、Amazon A SageMaker I Amazon Security Hub CSPM、Amazon Systems Manager Incident Manager以及联系人等的额外权限。Amazon Systems Manager Incident ManagerAmazon Systems Manager

AWSConfigServiceRolePolicy – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

该政策现在支持对亚马逊 Bedrock Amazon B2B Data Interchange、、、、、Amazon Database Migration Service（Amazon DMS）、Amazon L CloudWatch ogs Amazon Clean RoomsAmazon CodeConnectionsAmazon Direct Connect、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、亚马逊简单存储服务 (Amazon S3)、Amazon A SageMaker I Amazon Security Hub CSPM、Amazon Systems Manager Incident Manager以及联系人等的额外权限。Amazon Systems Manager Incident ManagerAmazon Systems Manager此策略现在还支持通过包含资源模式“arn:aws:apigateway:::/domainnames/”来访问所有 Amazon API Gateway 域名的权限。

AWS_ConfigRole – 添加 "ec2:GetAllowedImagesSettings"

该策略现在支持亚马逊弹性计算云 (Amazon EC2) 的额外权限。

AWSConfigServiceRolePolicy – 添加 "ec2:GetAllowedImagesSettings"

该策略现在支持亚马逊弹性计算云 (Amazon EC2) 的额外权限。

AWS_ConfigRole – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

该政策现在支持亚马逊Comprehend Amazon Clean Rooms、亚马逊弹性计算云 EC2（亚马逊）、亚马逊简单存储服务（Amazon S3 Amazon HealthOmics）和亚马逊简单电子邮件服务（Amazon SES）的额外权限。

AWSConfigServiceRolePolicy – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

该政策现在支持亚马逊Comprehend Amazon Clean Rooms、亚马逊弹性计算云 EC2（亚马逊）、亚马逊简单存储服务（Amazon S3 Amazon HealthOmics）和亚马逊简单电子邮件服务（Amazon SES）的额外权限。

AWSConfigServiceRolePolicy – 添加 "organizations:ListAWSServiceAccessForOrganization"

此策略现在支持为Amazon Organizations授予更多权限。

AWS_ConfigRole – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

该政策现在支持、、Amazon Connect Amazon AppConfigAmazon CloudTrail、Amazon、Amazon DevOps Guru DataZone、、Identity Store Amazon Glue、、、、Amazon IoTAmazon IoT FleetWiseAmazon IoT Wireless、亚马逊互动视频服务 (Amazon IVS)、亚马逊 CloudWatch 日志、亚马逊可观察性访问管理器、、亚马逊关系Amazon Payment Cryptography数据库服务 (Amazon RDS)、 CloudWatch Amazon Rekognition、亚马逊简单存储服务 (Amazon S3) 的额外权限 Service S3S、Amazon Scheduler 和 Amazon VPC Lattice。 EventBridge Amazon Systems Manager

AWSConfigServiceRolePolicy – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

该政策现在支持、、Amazon Connect Amazon AppConfigAmazon CloudTrail、Amazon、Amazon DevOps Guru DataZone、、Identity Store Amazon Glue、、、、Amazon IoTAmazon IoT FleetWiseAmazon IoT Wireless、亚马逊互动视频服务 (Amazon IVS)、亚马逊 CloudWatch 日志、亚马逊可观察性访问管理器、、亚马逊关系Amazon Payment Cryptography数据库服务 (Amazon RDS)、 CloudWatch Amazon Rekognition、亚马逊简单存储服务 (Amazon S3) 的额外权限 Service S3S、Amazon Scheduler 和 Amazon VPC Lattice。 EventBridge Amazon Systems Manager

AWS_ConfigRole – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

该政策现在支持亚马逊 OpenSearch 服务 Severless、、、、、、Im EC2 age Builder AppStream、Amazon BackupAmazon CloudTrailAmazon Glue、Amazon Interactive Video Service (Amazon IVS)、、、AWS Elemental MediaConnectAWS Elemental MediaTailor、Amazon HealthOmics和 Amazon Scheduler 的额外权限。Amazon IoT EventBridge

AWSConfigServiceRolePolicy – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

该政策现在支持亚马逊 OpenSearch 服务 Severless、、、、、、Im EC2 age Builder AppStream、Amazon BackupAmazon CloudTrailAmazon Glue、Amazon Interactive Video Service (Amazon IVS)、、、AWS Elemental MediaConnectAWS Elemental MediaTailor、Amazon HealthOmics和 Amazon Scheduler 的额外权限。Amazon IoT EventBridge

AWS_ConfigRole – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

该政策现在支持亚马逊弹性文件系统（亚马逊 EFS）、亚马逊 Redshift 和的额外权限。适用于 SAP 的 Amazon Systems Manager

AWSConfigServiceRolePolicy – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

该政策现在支持亚马逊弹性文件系统（亚马逊 EFS）、亚马逊 Redshift 和的额外权限。适用于 SAP 的 Amazon Systems Manager

该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito、亚马逊、亚马逊、（IAM）、、、、Amazon Redshift Serverless CloudWatch、Amazon AI 和 ElastiCache亚马逊简单通知服务 (Amazon SNS) Simple Notificati Amazon Glue on Amazon Identity and Access Management Serverless Amazon Lambda、Amazon RAM Amazon AI 和亚马逊简单通知服务 (Amazon SNS) Simple Notificati SageMaker on Serverless 的额外权限。 FSx

该政策现在支持亚马逊托管服务 Prometheus、亚马逊、亚马逊 Cognito、亚马逊、亚马逊、（IAM）、、、、Amazon Redshift Serverless CloudWatch、Amazon AI 和 ElastiCache亚马逊简单通知服务 (Amazon SNS) Simple Notificati Amazon Glue on Amazon Identity and Access Management Serverless Amazon Lambda、Amazon RAM Amazon AI 和亚马逊简单通知服务 (Amazon SNS) Simple Notificati SageMaker on Serverless 的额外权限。 FSx

AWSConfigUserAccess—Amazon Config开始跟踪此Amazon托管策略的更改

此政策提供使用权限Amazon Config，包括按资源标签搜索和读取所有标签。这不提供配置权限Amazon Config，而配置权限需要管理权限。

该政策现在支持适用于 Prometheus 的亚马逊托管服务Amazon AppConfig、Amazon DMS()、() IAM Amazon Database Migration Service、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK Amazon Identity and Access Management）、亚马逊Amazon Organizations日志和亚马逊简单存储服务 (Amazon S3) Simple Storage Service 的额外权限。 CloudWatch

该政策现在支持适用于 Prometheus 的亚马逊托管服务Amazon AppConfig、Amazon DMS()、() IAM Amazon Database Migration Service、适用于 Apache Kafka 的亚马逊托管流媒体（亚马逊 MSK Amazon Identity and Access Management）、亚马逊Amazon Organizations日志和亚马逊简单存储服务 (Amazon S3) Simple Storage Service 的额外权限。 CloudWatch

该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊 EMR、、、Amazon MemoryDB、Amazon Ground Station、Amazon Mainframe Modernization Amazon Quick Suite Amazon Organizations、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Redshift、亚马逊 Rodshift、Amazon Route 53 和。Amazon Service CatalogAmazon Transfer Family

此策略现在为 AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID 和 AWSConfigSLRApiGatewayStatementID 添加了安全标识符（SID）。

该政策现在支持亚马逊 Cognito、Amazon Connect、亚马逊 EMR、、、Amazon MemoryDB、Amazon Ground Station、Amazon Mainframe Modernization Amazon Quick Suite Amazon Organizations、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Redshift、亚马逊 Rodshift、Amazon Route 53 和。Amazon Service CatalogAmazon Transfer Family

此策略现在为 AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID 和 AWSConfigSLRApiGatewayStatementID 添加了安全标识符（SID）。

该政策现在支持、、Amazon Connect Amazon 私有 CAAmazon App Mesh、亚马逊弹性容器服务 (Amazon ECS)、Amazon Evicently、Ama CloudWatch zon Managed Grafana、亚马逊、Amazon Insp Amazon IoT TwinMaker ector、 GuardDuty、、、Amazon Kafka Managed Streaming（Amazon IoT亚马逊 MSK）、、、和亚马逊人工智能的额外权限。Amazon LambdaAmazon Network ManagerAmazon Organizations SageMaker

该政策现在支持、、Amazon Connect Amazon 私有 CAAmazon App Mesh、亚马逊弹性容器服务 (Amazon ECS)、Amazon Evicently、Ama CloudWatch zon Managed Grafana、亚马逊、Amazon Insp Amazon IoT TwinMaker ector、 GuardDuty、、、Amazon Kafka Managed Streaming（Amazon IoT亚马逊 MSK）、、、和亚马逊人工智能的额外权限。Amazon LambdaAmazon Network ManagerAmazon Organizations SageMaker

此策略现在会移除Amazon Systems Manager（Systems Manager）的权限。

该政策现在支持、、亚马逊、、、Amazon Connect Amazon App MeshAmazon CloudFormation、、亚马逊 CloudFront Amazon CodeArtifactAmazon CodeBuild、Amazon Identity and Access Management(IAM)Amazon Glue、Amazon Inspector GuardDuty、、、、Amazon Inspector Amazon IoT、Amazon IoT TwinMaker、、Amazon IoT Wireless、、Amazon Macie、、、、、Amazon Route 53、亚马逊简单存储服务 (Amazon S3)AWS Elemental MediaConnectAmazon Network ManagerAmazon OrganizationsAmazon 资源探索器、亚马逊简单存储服务 (Amazon S3) 和亚马逊简单通知服务 (Amazon SNS) 的额外权限) Simple Service Amazon。

该政策现在支持亚马逊 WorkSpaces 应用程序Amazon App Mesh、、亚马逊、、、、、Amazon Connect CloudFront Amazon CodeArtifact、Amazon CodeBuild、亚马逊、Amazon GlueAmazon Identity and Access Management(IAM) GuardDuty、Amazon Inspector、、Amazon IoT、Amazon IoT TwinMaker、Amazon IoT Wireless、Amazon Macie、、、、、、Amazon Route 53 AWS Elemental MediaConnectAmazon Network ManagerAmazon Organizations、Amazon 资源探索器亚马逊简单存储服务 (Amazon S3)、亚马逊简单通知服务的额外权限（亚马逊 SNS）Service 和亚马逊 Systems Manager (SSM)。Amazon CloudFormation EC2

该政策现在支持 Amazon Connect Amazon Amplify、、Prometheus 的亚马逊托管服务Amazon App Mesh、亚马逊 Athena、、、、、、、、、亚马逊、、、亚马逊 DynamoDB Amazon CloudFormation、亚马逊弹性计算云（亚马逊 CodeGuru）Amazon CloudTrailAmazon CodeArtifact、Amazon Batch Amazon Evicently、Amazon Forecast、、（Amazon Identity and Access Management IAM） CloudWatch 、A EC2 mazon M Amazon IoT Greengrass anaged Streaming 的额外权限 Kafka（Amazon Ground Station亚马逊 MSK）、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、亚马逊虚拟私有云（Amazon Directory ServiceAmazon Organizations CloudWatch AWS Elemental MediaConnectAWS Elemental MediaTailor亚马逊 VPC)、Amazon Personalize、Amazon Quick Suite Amazon Migration Hub Refactor Spaces、亚马逊简单存储服务 (Amazon S3)、Amazon AI、A SageMaker mazon AI 等。Amazon Transfer Family

该政策现在支持 Amazon Connect Amazon Amplify、、Prometheus 的亚马逊托管服务Amazon App Mesh、亚马逊 Athena、、、、、、、、、亚马逊、、、亚马逊 DynamoDB Amazon CloudFormation、亚马逊弹性计算云（亚马逊 CodeGuru）Amazon CloudTrailAmazon CodeArtifact、Amazon Batch Amazon Evicently、Amazon Forecast、、（Amazon Identity and Access Management IAM） CloudWatch 、A EC2 mazon M Amazon IoT Greengrass anaged Streaming 的额外权限 Kafka（Amazon Ground Station亚马逊 MSK）、亚马逊 Lightsail、Amazon Logs、、、Amazon Pinpoint、亚马逊虚拟私有云（Amazon Directory ServiceAmazon Organizations CloudWatch AWS Elemental MediaConnectAWS Elemental MediaTailor亚马逊 VPC)、Amazon Personalize、Amazon Quick Suite Amazon Migration Hub Refactor Spaces、亚马逊简单存储服务 (Amazon S3)、Amazon AI、A SageMaker mazon AI 等。Amazon Transfer Family

该政策现在支持亚马逊托管工作流程的额外权限，包括、、、亚马逊Amazon Amplify、、亚马逊弹性计算云Amazon App MeshAmazon App Runner CloudFront、亚马逊 Kendra Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊 A Amazon Transfer Family I、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊Amazon Migration HubAmazon、Di Amazon rectory Service 和。 CloudWatch Amazon WAF

该政策现在支持亚马逊托管工作流程的额外权限，包括、、、亚马逊Amazon Amplify、、亚马逊弹性计算云Amazon App MeshAmazon App Runner CloudFront、亚马逊 Kendra Amazon CodeArtifact、亚马逊 Macie、亚马逊 Route 53、亚马逊 A Amazon Transfer Family I、Amazon Pinpoint、、 SageMaker Resilience Hub、亚马逊Amazon Migration HubAmazon、Di Amazon rectory Service 和。 CloudWatch Amazon WAF

该政策现在支持亚马逊、亚马逊 WorkSpaces 应用程序、亚马逊、亚马逊 AppFlow、、、、亚马逊、、Amazon App Runner、Amazon CloudWatch Evicently CloudFront、Amazon F CloudWatch orecast Amazon CodeArtifactAmazon CodeCommitAmazon Device Farm、Amazon Identity and Access Management(IAM)、、Amazon MemoryDB Amazon IoT、Amazon Pinpoint、、、、亚马逊关系数据库Amazon Panorama服务 (Amazon RDS)Amazon Network Manager、Amazon Redshift 和亚马逊 AI 的额外权限。Amazon Ground Station SageMaker

该政策现在支持亚马逊、亚马逊 WorkSpaces 应用程序、亚马逊、亚马逊 AppFlow、、、、Amazon App Runner、亚马逊弹性计算云（亚马逊）Amazon CloudFormation CloudFront、亚马逊 CloudWatch Evicently CloudWatch Amazon CodeArtifactAmazon CodeCommitAmazon Device Farm、Amazon Forecast、Amazon Identity and Access Management（IAM EC2）、、Amazon MemoryDB Amazon Ground Station、Amazon Pinpoint Amazon IoT、、、、、亚马逊关系数据库Amazon Panorama服务（亚马逊 RDS）Amazon Network Manager、亚马逊 Redshift 和亚马逊的额外权限人工智能。 SageMaker

AWSConfigRulesExecutionRole—Amazon Config开始跟踪此Amazon托管策略的更改

此策略允许Amazon Lambda函数访问定期发送到 Amazon S3 的Amazon ConfigAmazon Config API 和配置快照。评估Amazon自定义 Lambda 规则的配置更改的函数需要此访问权限。

AWSConfigRoleForOrganizations—Amazon Config开始跟踪此Amazon托管策略的更改

此策略Amazon Config允许只读调用Amazon Organizations APIs。

AWSConfigRemediationServiceRolePolicy—Amazon Config开始跟踪此Amazon托管策略的更改

此政策Amazon Config允许代表您修复NON_COMPLIANT资源。

AWSConfigServiceRolePolicy – 添加 auditmanager:GetAccountStatus

此策略现在授予返回Amazon Audit Manager中的账户注册状态的权限。

AWS_ConfigRole – 添加 auditmanager:GetAccountStatus

此策略现在授予返回Amazon Audit Manager中的账户注册状态的权限。

AWSConfigMultiAccountSetupPolicy—Amazon Config开始跟踪此Amazon托管策略的更改

此策略Amazon Config允许使用调用Amazon服务并在整个组织中部署Amazon Config资源Amazon Organizations。

AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon Applications Amazon IoT、Amazon WorkSpaces Reviewer Amazon HealthLake、Ama CodeGuru zon Kinesis Video Streams、亚马逊应用程序恢复控制器 (ARC)、亚马逊弹性计算云 (亚马逊)Amazon Device Farm、亚马逊 Pinpoin Amazon Identity and Access Management t、(IAM EC2)、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 GuardDuty CloudWatch

AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon Applications Amazon IoT、Amazon WorkSpaces Reviewer Amazon HealthLake、Ama CodeGuru zon Kinesis Video Streams、亚马逊应用程序恢复控制器 (ARC)、亚马逊弹性计算云 (亚马逊)Amazon Device Farm、亚马逊 Pinpoin Amazon Identity and Access Management t、(IAM EC2)、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 GuardDuty CloudWatch

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作为安全最佳实践，此策略现在取消了对 config:DescribeConfigRules 的广泛资源级别权限。

AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、亚马逊弹性计算云Amazon Database Migration Service（亚马逊Amazon DMS）Amazon Audit ManagerAmazon Device Farm、、Amazon Directory Service、Amazon Lightsail、、Amazon Glue、 EC2 Ama Amazon IoT zon Quick Suite、AWS Elemental MediaPackage、Amazon Network Manager亚马逊应用程序恢复控制器 (ARC)Amazon Resource Access Manager、亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、亚马逊弹性计算云Amazon Database Migration Service（亚马逊Amazon DMS）Amazon Audit ManagerAmazon Device Farm、、Amazon Directory Service、Amazon Lightsail、、Amazon Glue、 EC2 Ama Amazon IoT zon Quick Suite、AWS Elemental MediaPackage、Amazon Network Manager亚马逊应用程序恢复控制器 (ARC)Amazon Resource Access Manager、亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定Amazon CloudFormation堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定Amazon CloudFormation堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间Amazon Amplify、Amazon AppConfig亚马逊、Amazon Connect CloudWatch、亚马逊弹性计算云（亚马逊）Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务（ EC2亚马逊 EKS）、亚马逊、、亚马逊欺诈探测器、亚马逊、亚马逊服务器、亚马逊定位服务、、Amazon Lex EventBridge、Amazon Fault Injection Service Amazon Lightsail FSx、A GameLift mazon Pinpoint Amazon IoT、、、、Amazon Quick Suite、亚马逊关系数据库Amazon OpsWorksAmazon PanoramaAmazon Resource Access Manager服务（亚马逊 RDS）、亚马逊Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务Amazon Cloud Map(Amazon S3) Simple Service 和。Amazon Security Token Service

AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间Amazon Amplify、Amazon AppConfig亚马逊、Amazon Connect CloudWatch、亚马逊弹性计算云（亚马逊）Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务（ EC2亚马逊 EKS）、亚马逊、、亚马逊欺诈探测器、亚马逊、亚马逊服务器、亚马逊定位服务、、Amazon Lex EventBridge、Amazon Fault Injection Service Amazon Lightsail FSx、A GameLift mazon Pinpoint Amazon IoT、、、、Amazon Quick Suite、亚马逊关系数据库Amazon OpsWorksAmazon PanoramaAmazon Resource Access Manager服务（亚马逊 RDS）、亚马逊Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务Amazon Cloud Map(Amazon S3) Simple Service 和。Amazon Security Token Service

AWSConfigServiceRolePolicy – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定Amazon Glue表的表定义的权限。

AWS_ConfigRole – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定Amazon Glue表的表定义的权限。

AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马 CloudWatch逊 R CloudWatch UM、Amazon S CloudWatch ynthetics、Amazon Connect 客户档案、Amazon Connect 语音识别码、亚马逊 DevOps Guru、亚马逊弹性计算云（亚马逊）、Amazon Aut EC2 o Scaling EC2、亚马逊 EMR、亚马逊 EMR、亚马逊 Fraud Detector、亚马逊 GameLift 服务器、亚马逊互动视频服务（ EventBridge亚马逊 IVS）的额外权限) Interactive Servic EventBridge e、适用于 Apache Flink 的亚马逊托管服务、Image Builder、Amazon Lex、Amazon Lightsail、Amazon FinSpace EC2 亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinp StudioAmazon oint、亚马逊快速套件、亚马逊应用程序恢复控制器 (ARC Amazon Route 53 Resolver)、亚马逊简单存储服务 (Amazon S3)、亚马逊 SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、、、、、、、、、、、Amazon AppConfigAmazon AppSyncAmazon Auto ScalingAmazon BackupAmazon BudgetsAmazon Cost ExplorerAmazon Cloud9Amazon Directory ServiceAmazon DataSyncAWS Elemental MediaPackageAmazon GlueAmazon IoTAmazon IoT AnalyticsAmazon IoT EventsAmazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer、和Amazon Transfer Family。

AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马 CloudWatch逊 R CloudWatch UM、Amazon S CloudWatch ynthetics、Amazon Connect 客户档案、Amazon Connect 语音识别码、亚马逊 DevOps Guru、亚马逊弹性计算云（亚马逊）、Amazon Aut EC2 o Scaling EC2、亚马逊 EMR、亚马逊 EMR、亚马逊 Fraud Detector、亚马逊 GameLift 服务器、亚马逊互动视频服务（ EventBridge亚马逊 IVS）的额外权限) Interactive Servic EventBridge e、适用于 Apache Flink 的亚马逊托管服务、Image Builder、Amazon Lex、Amazon Lightsail、Amazon FinSpace EC2 亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinp StudioAmazon oint、亚马逊快速套件、亚马逊应用程序恢复控制器 (ARC Amazon Route 53 Resolver)、亚马逊简单存储服务 (Amazon S3)、亚马逊 SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、、、、、、、、、、、Amazon AppConfigAmazon AppSyncAmazon Auto ScalingAmazon BackupAmazon BudgetsAmazon Cost ExplorerAmazon Cloud9Amazon Directory ServiceAmazon DataSyncAWS Elemental MediaPackageAmazon GlueAmazon IoTAmazon IoT AnalyticsAmazon IoT EventsAmazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer、和Amazon Transfer Family

AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

该政策现在支持Apache Airflow、Amazon Applications Amazon IoT、Amazon WorkSpaces Reviewer Amazon HealthLake、Ama CodeGuru zon Kinesis Video Streams、亚马逊应用程序恢复控制器 (ARC)、亚马逊弹性计算云 (亚马逊)Amazon Device Farm、亚马逊 Pinpoin Amazon Identity and Access Management t、(IAM EC2)、亚马逊和亚马逊日志的亚马逊托管工作流程的额外权限。 GuardDuty CloudWatch

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作为安全最佳实践，此策略现在取消了对 config:DescribeConfigRules 的广泛资源级别权限。

AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,Amazon Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、亚马逊弹性计算云Amazon Database Migration Service（亚马逊Amazon DMS）Amazon Audit ManagerAmazon Device Farm、、Amazon Directory Service、Amazon Lightsail、、Amazon Glue、 EC2 Ama Amazon IoT zon Quick Suite、AWS Elemental MediaPackage、Amazon Network Manager亚马逊应用程序恢复控制器 (ARC)Amazon Resource Access Manager、亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

该政策现在支持亚马逊托管服务 Prometheus、、、、、、、、、、亚马逊弹性计算云Amazon Database Migration Service（亚马逊Amazon DMS）Amazon Audit ManagerAmazon Device Farm、、Amazon Directory Service、Amazon Lightsail、、Amazon Glue、 EC2 Ama Amazon IoT zon Quick Suite、AWS Elemental MediaPackage、Amazon Network Manager亚马逊应用程序恢复控制器 (ARC)Amazon Resource Access Manager、亚马逊简单存储服务 (Amazon S3) 和亚马逊 Timestream 的额外权限。

AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定Amazon CloudFormation堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks

现在，此策略允许返回指定Amazon CloudFormation堆栈中所有资源的描述并返回状态与指定StackStatusFilter堆栈的摘要信息。

AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间Amazon Amplify、Amazon AppConfig亚马逊、Amazon Connect CloudWatch、亚马逊弹性计算云（亚马逊）Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务（ EC2亚马逊 EKS）、亚马逊、、亚马逊欺诈探测器、亚马逊、亚马逊服务器、亚马逊定位服务、、Amazon Lex EventBridge、Amazon Fault Injection Service Amazon Lightsail FSx、A GameLift mazon Pinpoint Amazon IoT、、、、Amazon Quick Suite、亚马逊关系数据库Amazon OpsWorksAmazon PanoramaAmazon Resource Access Manager服务（亚马逊 RDS）、亚马逊Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务Amazon Cloud Map(Amazon S3) Simple Service 和。Amazon Security Token Service

AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

该政策现在支持以下方面的额外权限：Apache Airflow Amazon Certificate Manager、、、亚马逊密钥空间Amazon Amplify、Amazon AppConfig亚马逊、Amazon Connect CloudWatch、亚马逊弹性计算云（亚马逊）Amazon Glue DataBrew、亚马逊弹性 Kubernetes 服务（ EC2亚马逊 EKS）、亚马逊、、亚马逊欺诈探测器、亚马逊、亚马逊服务器、亚马逊定位服务、、Amazon Lex EventBridge、Amazon Fault Injection Service Amazon Lightsail FSx、A GameLift mazon Pinpoint Amazon IoT、、、、Amazon Quick Suite、亚马逊关系数据库Amazon OpsWorksAmazon PanoramaAmazon Resource Access Manager服务（亚马逊 RDS）、亚马逊Amazon RoboMaker Rekognition、、、Amazon Route 53 Amazon Resource Groups、亚马逊简单存储服务Amazon Cloud Map(Amazon S3) Simple Service 和。Amazon Security Token Service

AWSConfigServiceRolePolicy – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定Amazon Glue表的表定义的权限。

AWS_ConfigRole – 添加 Glue::GetTable

现在，此策略授予在数据目录中检索指定Amazon Glue表的表定义的权限。

AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马 CloudWatch逊 R CloudWatch UM、Amazon S CloudWatch ynthetics、Amazon Connect 客户档案、Amazon Connect 语音识别码、亚马逊 DevOps Guru、亚马逊弹性计算云（亚马逊）、Amazon Aut EC2 o Scaling EC2、亚马逊 EMR、亚马逊 EMR、亚马逊 Fraud Detector、亚马逊 GameLift 服务器、亚马逊互动视频服务（ EventBridge亚马逊 IVS）的额外权限) Interactive Servic EventBridge e、适用于 Apache Flink 的亚马逊托管服务、Image Builder、Amazon Lex、Amazon Lightsail、Amazon FinSpace EC2 亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinp StudioAmazon oint、亚马逊快速套件、亚马逊应用程序恢复控制器 (ARC Amazon Route 53 Resolver)、亚马逊简单存储服务 (Amazon S3)、亚马逊 SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、、、、、、、、、、、Amazon AppConfigAmazon AppSyncAmazon Auto ScalingAmazon BackupAmazon BudgetsAmazon Cost ExplorerAmazon Cloud9Amazon Directory ServiceAmazon DataSyncAWS Elemental MediaPackageAmazon GlueAmazon IoTAmazon IoT AnalyticsAmazon IoT EventsAmazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer、和Amazon Transfer Family。

AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

该政策现在支持亚马逊 AppFlow、亚马逊、亚马 CloudWatch逊 R CloudWatch UM、Amazon S CloudWatch ynthetics、Amazon Connect 客户档案、Amazon Connect 语音识别码、亚马逊 DevOps Guru、亚马逊弹性计算云（亚马逊）、Amazon Aut EC2 o Scaling EC2、亚马逊 EMR、亚马逊 EMR、亚马逊 Fraud Detector、亚马逊 GameLift 服务器、亚马逊互动视频服务（ EventBridge亚马逊 IVS）的额外权限) Interactive Servic EventBridge e、适用于 Apache Flink 的亚马逊托管服务、Image Builder、Amazon Lex、Amazon Lightsail、Amazon FinSpace EC2 亚马逊定位服务、亚马逊 Lookout for Equipment、亚马逊 Lookout for Metrics、亚马逊 Lookout for Vision、亚马逊托管区块链、亚马逊 MQ、亚马逊 Nimble Pinp StudioAmazon oint、亚马逊快速套件、亚马逊应用程序恢复控制器 (ARC Amazon Route 53 Resolver)、亚马逊简单存储服务 (Amazon S3)、亚马逊 SimpleDB、亚马逊简单电子邮件服务 (Amazon SES)、亚马逊 Timestream、、、、、、、、、、、、、、、、、、、、、、、、、、、、Amazon AppConfigAmazon AppSyncAmazon Auto ScalingAmazon BackupAmazon BudgetsAmazon Cost ExplorerAmazon Cloud9Amazon Directory ServiceAmazon DataSyncAWS Elemental MediaPackageAmazon GlueAmazon IoTAmazon IoT AnalyticsAmazon IoT EventsAmazon IoT SiteWise、Amazon IoT TwinMaker、Amazon Lake Formation、Amazon License Manager、Amazon Resilience Hub、Amazon Signer、和Amazon Transfer Family

AWSConfigServiceRolePolicy – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此策略现在允许返回中Amazon DataSync代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表Amazon Web Services 账户；列出与中一个或多个指定命名空间关联的Amazon Cloud Map命名空间和服务的摘要信息Amazon Web Services 账户；以及列出中所有可用的 Amazon Simple Email Service (Amazon SES) 联系人列表。Amazon Web Services 账户

AWS_ConfigRole – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此策略现在允许返回中Amazon DataSync代理人、 DataSync 来源和目标位置以及 DataSync 任务的列表Amazon Web Services 账户；列出与中一个或多个指定命名空间关联的Amazon Cloud Map命名空间和服务的摘要信息Amazon Web Services 账户；以及列出中所有可用的 Amazon Simple Email Service (Amazon SES) 联系人列表。Amazon Web Services 账户

ConfigConformsServiceRolePolicy – 添加 cloudwatch:PutMetricData

该政策现在授予向 Amazon 发布指标数据点的权限 CloudWatch。

AWSConfigServiceRolePolicy – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

该政策现在支持亚马逊弹性容器服务 (Amazon ECS)、亚马逊、亚马逊、亚马逊、亚马逊、适用于 A ElastiCache pache Flink 的亚马逊托管服务 FSx、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、亚马逊 Quick Suite、亚马逊 Rekognition、亚马逊简单存储服务 (Amazon S3) 的额外权限 Service、Amazon RoboMaker亚马逊简单电子邮件服务 (Amazon SES)、、、、、、、、、、（IAM 身份中心）Amazon AmplifyAmazon DataSync、Amazon Firewall Manager Image Bu Amazon AppConfig il Amazon AppSync der 和 Elastic Load EventBridge Amazon Billing ConductorAmazon GlueAmazon IAM Identity Center EC2 平衡。

AWS_ConfigRole – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

该政策现在支持亚马逊弹性容器服务 (Amazon ECS)、亚马逊、亚马逊、亚马逊、亚马逊、适用于 A ElastiCache pache Flink 的亚马逊托管服务 FSx、亚马逊定位服务、适用于 Apache Kafka 的亚马逊托管流媒体、亚马逊 Quick Suite、亚马逊 Rekognition、亚马逊简单存储服务 (Amazon S3) 的额外权限 Service、Amazon RoboMaker亚马逊简单电子邮件服务 (Amazon SES)、、、、、、、、、、（IAM 身份中心）Amazon AmplifyAmazon DataSync、Amazon Firewall Manager Image Bu Amazon AppConfig il Amazon AppSync der 和 Elastic Load EventBridge Amazon Billing ConductorAmazon GlueAmazon IAM Identity Center EC2 平衡。

AWSConfigServiceRolePolicy – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策现在授予以下权限：获取指定的 Amazon Athena 数据目录Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签；获取 Amazon Detective 行为图列表并列出侦探行为图的标签；获取给定开发终端节点名称列表的资源元数据列表，获取有关指定开发的信息端点，获取所有开发端点，检索Amazon Glue指定的安全Amazon GlueAmazon GlueAmazon Web Services 账户Amazon Glue配置，获取所有Amazon Glue安全配置，获取与Amazon Glue资源关联的标签列表，获取有关具有指定名称Amazon Glue的工作组的信息，检索Amazon账户中所有Amazon Glue爬虫资源的名称，获取中所有Amazon GlueDevEndpoint资源的名称，列出中所有Amazon Glue作业资源的名称Amazon Web Services 账户，获取Amazon Glue成员账户的详细信息，列出账户中创建Amazon Glue的工作流名称，以及列出账户中可用Amazon Glue的工作组；Amazon Web Services 账户检索有关 Amazon GuardDuty 筛选器的详细信息 GuardDuty IPSet、检索 GuardDutyThreatIntelSet、检索、检索 GuardDuty 成员账户、获取 GuardDuty筛选条件列表、获取 GuardDuty 服务、检索GuardDuty 服务标签并获取服务的信息；获取 Amazon Macie 账户的当前状态和配置设置；检索Amazon Resource Access Manager(Amazon RAM) 资源共享的资源和委托人关联以及检索有关资源的详细信息 IPSets ThreatIntelSets GuardDuty Amazon RAM共享；要获取有关亚马逊简单电子邮件服务 (Amazon SES) 现有配置集的信息，请获取与 Amazon SES 配置集关联的事件目标列表，并列出与 Amazon SES 账户关联的所有配置集；要获取身份中心目录属性列表，请获取权限集的详细信息，获取附加到指定 IAM 身份中心的 IAM 托管策略设置，获取为 IAM 身份中心实例设置的权限，并获取 IAM 身份的标签Amazon IAM Identity Center中心资源。

AWS_ConfigRole – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策现在授予以下权限：获取指定的 Amazon Athena 数据目录Amazon Web Services 账户、在中列出 Athena 数据目录以及列出与 Athena 工作组或数据目录资源关联的标签；获取 Amazon Detective 行为图列表并列出侦探行为图的标签；获取给定开发终端节点名称列表的资源元数据列表，获取有关指定开发的信息端点，获取所有开发端点，检索Amazon Glue指定的安全Amazon GlueAmazon GlueAmazon Web Services 账户Amazon Glue配置，获取所有Amazon Glue安全配置，获取与Amazon Glue资源关联的标签列表，获取有关具有指定名称Amazon Glue的工作组的信息，检索Amazon账户中所有Amazon Glue爬虫资源的名称，获取中所有Amazon GlueDevEndpoint资源的名称，列出中所有Amazon Glue作业资源的名称Amazon Web Services 账户，获取Amazon Glue成员账户的详细信息，列出账户中创建Amazon Glue的工作流名称，以及列出账户中可用Amazon Glue的工作组；Amazon Web Services 账户检索有关 Amazon GuardDuty 筛选器的详细信息 GuardDuty IPSet、检索 GuardDutyThreatIntelSet、检索、检索 GuardDuty 成员账户、获取 GuardDuty筛选条件列表、获取 GuardDuty 服务、检索GuardDuty 服务标签并获取服务的信息；获取 Amazon Macie 账户的当前状态和配置设置；检索Amazon Resource Access Manager(Amazon RAM) 资源共享的资源和委托人关联以及检索有关资源的详细信息 IPSets ThreatIntelSets GuardDuty Amazon RAM共享；要获取有关亚马逊简单电子邮件服务 (Amazon SES) 现有配置集的信息，请获取与 Amazon SES 配置集关联的事件目标列表，并列出与 Amazon SES 账户关联的所有配置集；要获取身份中心目录属性列表，请获取权限集的详细信息，获取附加到指定 IAM 身份中心的 IAM 托管策略设置，获取为 IAM 身份中心实例设置的权限，并获取 IAM 身份的标签Amazon IAM Identity Center中心资源。

AWSConfigServiceRolePolicy – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此策略现在授予以下权限：获取有关所有或指定Amazon CloudTrail事件数据存储 (EDS) 的信息、获取有关全部或指定Amazon CloudFormation资源的信息、获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表、获取Amazon Database Migration Service有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息，以及获取指定类型的所有策略的列表。Amazon Organizations

AWS_ConfigRole – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此策略现在授予以下权限：获取有关所有或指定Amazon CloudTrail事件数据存储 (EDS) 的信息、获取有关全部或指定Amazon CloudFormation资源的信息、获取 DynamoDB 加速器 (DAX) 参数组或子网组的列表、获取Amazon Database Migration Service有关当前正在访问的区域中您的账户的Amazon DMS() 复制任务的信息，以及获取指定类型的所有策略的列表。Amazon Organizations

AWSConfigServiceRolePolicy – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

该策略现在支持、、DynamoDB 加速器Amazon BackupAmazon Batch、亚马逊 DynamoDB、Amazon Database Migration Service亚马逊弹性计算云（ EC2亚马逊）、亚马逊 Elastic Kubernetes Service、亚马逊、、、、亚马逊关系数据库服务、V2 和 FSx亚马逊的额外权限。 GuardDuty Amazon Key Management ServiceAmazon OpsWorksAmazon WAF WorkSpaces

AWS_ConfigRole – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

该策略现在支持、、DynamoDB 加速器Amazon BackupAmazon Batch、亚马逊 DynamoDB、Amazon Database Migration Service亚马逊弹性计算云（ EC2亚马逊）、亚马逊 Elastic Kubernetes Service、亚马逊、、、、亚马逊关系数据库服务、V2 和 FSx亚马逊的额外权限。 GuardDuty Amazon Key Management ServiceAmazon OpsWorksAmazon WAF WorkSpaces

AWSConfigServiceRolePolicy – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

现在，该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本 OpenSearch 的地图、描述数据库可用的 Amazon RDS 选项组以及获取有关部署配置的信息。 CodeDeploy 该策略现在还授予以下权限：检索附加到的指定备用联系人Amazon Web Services 账户、检索有关Amazon Organizations策略的信息、检索 Amazon ECR 存储库策略、检索有关存档Amazon Config规则的信息、检索 Amazon ECS 任务定义系列列表、列出指定子 OU 或账户的根或上级组织单位 (OUs)，以及列出附加到指定目标根目录、组织单位或账户的策略。

AWS_ConfigRole – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

现在，该策略允许获取有关 Elastic Beanstalk 环境的详细信息以及指定 Elastic Beanstalk 配置集的设置描述、获取或 Elasticsearch 版本 OpenSearch 的地图、描述数据库可用的 Amazon RDS 选项组以及获取有关部署配置的信息。 CodeDeploy 该策略现在还授予以下权限：检索附加到的指定备用联系人Amazon Web Services 账户、检索有关Amazon Organizations策略的信息、检索 Amazon ECR 存储库策略、检索有关存档Amazon Config规则的信息、检索 Amazon ECS 任务定义系列列表、列出指定子 OU 或账户的根或上级组织单位 (OUs)，以及列出附加到指定目标根目录、组织单位或账户的策略。

AWSConfigServiceRolePolicy – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

该策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。

AWS_ConfigRole – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

该策略现在授予创建 Amazon CloudWatch 日志组和流以及向已创建的日志流写入日志的权限。

AWSConfigServiceRolePolicy – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

该策略现在授予获取有关亚马逊 OpenSearch 服务（OpenSearch 服务）的详细信息 domain/domains 以及获取特定亚马逊关系数据库服务 (Amazon RDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。

AWS_ConfigRole – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

该策略现在授予获取有关亚马逊 OpenSearch 服务（OpenSearch 服务）的详细信息 domain/domains 以及获取特定亚马逊关系数据库服务 (Amazon RDS) 数据库参数组的详细参数列表的权限。该政策还授予获取有关Ama ElastiCache zon快照的详细信息的权限。

AWSConfigServiceRolePolicy— 添加logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachineAmazon资源类型以及其他权限

此策略现在授予列出日志组的标签，列出状态机的标签，以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊 EC2 系统管理器 (SSM)、亚马逊弹性容器注册表、亚马逊、亚马逊数据 Firehose FSx、亚马逊管理流媒体 Kafka（亚马逊 MSK）、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Route 53、亚马逊 AI SageMaker 、亚马逊简单通知服务、和。Amazon Database Migration ServiceAmazon Global AcceleratorAmazon Storage Gateway

AWS_ConfigRole— 添加 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 以及Amazon资源类型的其他权限

此策略现在授予列出日志组的标签，列出状态机的标签，以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。该政策现在还支持亚马逊 EC2 系统管理器 (SSM)、亚马逊弹性容器注册表、亚马逊、亚马逊数据 Firehose FSx、亚马逊管理流媒体 Kafka（亚马逊 MSK）、亚马逊关系数据库服务（亚马逊 RDS）、亚马逊 Route 53、亚马逊 AI SageMaker 、亚马逊简单通知服务、和。Amazon Database Migration ServiceAmazon Global AcceleratorAmazon Storage Gateway

AWSConfigServiceRolePolicy— 为Amazon资源类型添加ssm:DescribeDocumentPermission权限和其他权限

此策略现在授予查看有关 IAM Access Analyzer 的Amazon Systems Manager文档和信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊 EMR、 ElastiCache亚马逊 Route 53 和Amazon Network Firewall亚马逊关系数据库服务 (Amazon RDS) 的其他Amazon资源类型。这些权限更改Amazon Config允许调用支持这些资源类型APIs 所需的只读权限。此策略现在还支持筛选lambda-inside-vpcAmazon Config托管规则的 Lambda @Edge 函数。

AWS_ConfigRole— 为Amazon资源类型添加ssm:DescribeDocumentPermission权限和其他权限

此策略现在授予查看有关 IAM Access Analyzer 的Amazon Systems Manager文档和信息的权限。该政策现在支持亚马逊 Kinesis、亚马逊、亚马逊 EMR、 ElastiCache亚马逊 Route 53 和Amazon Network Firewall亚马逊关系数据库服务 (Amazon RDS) 的其他Amazon资源类型。这些权限更改Amazon Config允许调用支持这些资源类型APIs 所需的只读权限。此策略现在还支持筛选lambda-inside-vpcAmazon Config托管规则的 Lambda @Edge 函数。

AWSConfigServiceRolePolicy— 添加apigateway:GET对 API Gateway 进行只读 GET 调用的s3:GetAccessPointPolicys3:GetAccessPointPolicyStatus权限以及只读调用 Amazon S3 的权限和权限 APIs

现在，此策略授予Amazon Config允许对 API Gateway 进行只读 GET 调用的权限，以支持 API 网关的Amazon Config规则。该策略还增加了允许Amazon Config以 APIs只读方式调用 Amazon Simple Storage Service (Amazon S3) 的权限，这些权限是支持AWS::S3::AccessPoint新资源类型所必需的。

AWS_ConfiGrole — 添加apigateway:GET对 API Gateway 进行只读 GET 调用的s3:GetAccessPointPolicy权限以及只读调用 Amazon S3 的s3:GetAccessPointPolicyStatus权限和权限 APIs

现在，此策略授予的权限Amazon Config允许对 API Gateway 进行只读 GET 调用，Amazon Config以支持 API 网关。该策略还增加了允许Amazon Config以 APIs只读方式调用 Amazon Simple Storage Service (Amazon S3) 的权限，这些权限是支持AWS::S3::AccessPoint新资源类型所必需的。

AWSConfigServiceRolePolicy— 为Amazon资源类型添加ssm:ListDocuments权限和其他权限

此策略现在授予查看有关Amazon Systems Manager指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (亚马逊)、Amazon Kinesis、Amazon AI 和 EC2亚马逊 SageMaker Route 53 的其他Amazon资源类型。Amazon Database Migration Service这些权限更改Amazon Config允许调用支持这些资源类型 APIs 所需的只读权限。

AWS_ConfigRole— 为Amazon资源类型添加ssm:ListDocuments权限和其他权限

此策略现在授予查看有关Amazon Systems Manager指定文档信息的权限 该政策现在还支持亚马逊弹性文件系统Amazon Backup、亚马逊、亚马逊简单存储服务 (Amazon S3) ElastiCache、亚马逊弹性计算云 (亚马逊)、Amazon Kinesis、Amazon AI 和 EC2亚马逊 SageMaker Route 53 的其他Amazon资源类型。Amazon Database Migration Service这些权限更改Amazon Config允许调用支持这些资源类型 APIs 所需的只读权限。

AWSConfigRole 已弃用

AWSConfigRole 已弃用。替换策略是。AWS_ConfigRole

Amazon Config已开始跟踪更改

Amazon Config开始跟踪其Amazon托管策略的更改。