AWSConfigServiceRolePolicy AWS_ConfigRole AWSConfigUserAccess ConfigConformsServiceRolePolicy AWSConfigRulesExecutionRole AWSConfigMultiAccountSetupPolicy AWSConfigRoleForOrganizations AWSConfigRemediationServiceRolePolicy Pembaruan kebijakan

AWS kebijakan terkelola untuk AWS Config

Kebijakan AWS terkelola adalah kebijakan mandiri yang dibuat dan dikelola oleh AWS. AWS Kebijakan terkelola dirancang untuk memberikan izin bagi banyak kasus penggunaan umum sehingga Anda dapat mulai menetapkan izin kepada pengguna, grup, dan peran.

Perlu diingat bahwa kebijakan AWS terkelola mungkin tidak memberikan izin hak istimewa paling sedikit untuk kasus penggunaan spesifik Anda karena tersedia untuk digunakan semua pelanggan. AWS Kami menyarankan Anda untuk mengurangi izin lebih lanjut dengan menentukan kebijakan yang dikelola pelanggan yang khusus untuk kasus penggunaan Anda.

Anda tidak dapat mengubah izin yang ditentukan dalam kebijakan AWS terkelola. Jika AWS memperbarui izin yang ditentukan dalam kebijakan AWS terkelola, pemutakhiran akan memengaruhi semua identitas utama (pengguna, grup, dan peran) yang dilampirkan kebijakan tersebut. AWS kemungkinan besar akan memperbarui kebijakan AWS terkelola saat baru Layanan AWS diluncurkan atau operasi API baru tersedia untuk layanan yang ada.

Untuk informasi selengkapnya, lihat Kebijakan terkelola AWS dalam Panduan Pengguna IAM.

AWS kebijakan terkelola: AWSConfigServiceRolePolicy

AWS Config menggunakan peran terkait layanan yang diberi nama AWSServiceRoleForConfiguntuk memanggil AWS layanan lain atas nama Anda. Ketika Anda menggunakan Konsol Manajemen AWS to set up AWS Config, SLR ini secara otomatis dibuat oleh AWS Config jika Anda memilih opsi untuk menggunakan AWS Config SLR alih-alih peran layanan Anda sendiri AWS Identity and Access Management (IAM).

AWSServiceRoleForConfigSLR berisi kebijakan AWSConfigServiceRolePolicy terkelola. Kebijakan terkelola ini berisi izin hanya-baca dan hanya-tulis untuk AWS Config sumber daya dan izin hanya-baca untuk sumber daya di layanan lain yang mendukung. AWS Config Kebijakan ini menyediakan akses komprehensif untuk memantau dan merekam perubahan konfigurasi di seluruh AWS infrastruktur Anda, termasuk izin untuk lebih dari 100 AWS layanan seperti komputasi, penyimpanan, jaringan, keamanan, analitik, dan layanan pembelajaran mesin.

Kebijakan ini mencakup izin untuk kategori layanan berikut:

access-analyzer— Memungkinkan kepala sekolah untuk menganalisis pola akses dan mengambil temuan keamanan.
account— Memungkinkan kepala sekolah untuk mengambil informasi kontak akun.
acmdan acm-pca — Memungkinkan kepala sekolah untuk mengelola SSL/TLS sertifikat dan otoritas sertifikat swasta.
airflow— Memungkinkan kepala sekolah untuk memantau lingkungan Apache Airflow yang dikelola.
amplifydan amplifyuibuilder — Memungkinkan prinsipal untuk memantau aplikasi web dan komponen UI.
aoss— Memungkinkan prinsipal untuk memantau koleksi OpenSearch Tanpa Server dan konfigurasi keamanan.
app-integrations— Memungkinkan kepala sekolah untuk memantau konfigurasi integrasi aplikasi.
appconfig— Memungkinkan prinsipal untuk memantau penerapan konfigurasi aplikasi.
appflow— Memungkinkan prinsipal untuk memantau konfigurasi aliran data antar aplikasi.
application-autoscalingdan application-signals — Memungkinkan prinsipal untuk memantau kebijakan auto-scaling dan metrik kinerja aplikasi.
appmesh- Memungkinkan kepala sekolah untuk memantau konfigurasi mesh layanan.
apprunner— Memungkinkan kepala sekolah untuk memantau aplikasi dan layanan web dalam peti kemas.
appstream— Memungkinkan kepala sekolah untuk memantau konfigurasi streaming aplikasi.
appsync— Memungkinkan prinsipal untuk memantau konfigurasi GraphQL API.
aps— Memungkinkan kepala sekolah untuk memantau konfigurasi pemantauan Prometheus.
apptest— Memungkinkan kepala sekolah untuk memantau konfigurasi pengujian aplikasi.
arc-zonal-shift— Memungkinkan kepala sekolah untuk memantau konfigurasi pergeseran zona untuk ketersediaan.
athena— Memungkinkan kepala sekolah untuk memantau konfigurasi mesin kueri dan katalog data.
auditmanager— Memungkinkan kepala sekolah untuk memantau audit dan penilaian kepatuhan.
autoscalingdan autoscaling-plans — Memungkinkan kepala sekolah untuk memantau grup auto-scaling dan rencana penskalaan.
b2bi— Memungkinkan kepala sekolah untuk memantau business-to-business konfigurasi integrasi.
backupdan backup-gateway — Memungkinkan kepala sekolah untuk memantau kebijakan cadangan dan konfigurasi gateway.
batch— Memungkinkan kepala sekolah untuk memantau lingkungan komputasi batch dan antrian pekerjaan.
bcm-data-exports— Memungkinkan kepala sekolah untuk memantau ekspor data penagihan dan manajemen biaya.
bedrockdan bedrock-agentcore — Memungkinkan kepala sekolah untuk memantau model pondasi dan konfigurasi agen AI.
billingconductor— Memungkinkan kepala sekolah untuk memantau konfigurasi grup penagihan.
budgets— Memungkinkan kepala sekolah untuk memantau konfigurasi dan tindakan anggaran.
cassandra— Memungkinkan prinsipal untuk menanyakan konfigurasi database Cassandra yang dikelola.
ce— Memungkinkan kepala sekolah untuk memantau konfigurasi pelaporan biaya dan penggunaan.
cleanroomsdan cleanrooms-ml — Memungkinkan kepala sekolah untuk memantau kolaborasi data dan konfigurasi pembelajaran mesin.
cloud9— Memungkinkan prinsipal untuk memantau konfigurasi lingkungan pengembangan cloud.
cloudformation— Memungkinkan prinsipal untuk memantau infrastruktur sebagai konfigurasi tumpukan kode.
cloudfront— Memungkinkan kepala sekolah untuk memantau konfigurasi jaringan pengiriman konten.
cloudtrail— Memungkinkan prinsipal untuk memantau pencatatan API dan konfigurasi jejak audit.
cloudwatch— Memungkinkan kepala sekolah untuk memantau metrik, alarm, dan konfigurasi dasbor.
codeartifact- Memungkinkan kepala sekolah untuk memantau konfigurasi repositori paket perangkat lunak.
codebuild— Memungkinkan kepala sekolah untuk memantau konfigurasi proyek build.
codecommit— Memungkinkan prinsipal untuk memantau konfigurasi repositori kode sumber.
codeconnections— Memungkinkan kepala sekolah untuk memantau koneksi sumber pihak ketiga.
codedeploy— Memungkinkan kepala sekolah untuk memantau konfigurasi penerapan aplikasi.
codeguru-profilerdan codeguru-reviewer — Memungkinkan kepala sekolah untuk memantau analisis kode dan konfigurasi profil.
codepipeline— Memungkinkan prinsipal untuk memantau integrasi berkelanjutan dan konfigurasi pipa penyebaran.
codestar-connections— Memungkinkan kepala sekolah untuk memantau koneksi alat pengembang.
cognito-identitydan cognito-idp — Memungkinkan prinsipal untuk memantau identitas dan konfigurasi kumpulan pengguna.
comprehend— Memungkinkan kepala sekolah untuk memantau konfigurasi pemrosesan bahasa alami.
config- Memungkinkan kepala sekolah untuk mengelola perekaman konfigurasi dan pemantauan kepatuhan.
connect— Memungkinkan kepala sekolah untuk memantau konfigurasi pusat kontak.

Untuk informasi selengkapnya tentang jenis sumber daya yang didukung, lihat Jenis Sumber Daya yang Didukung untuk AWS Config danMenggunakan Peran Tertaut Layanan untuk AWS Config.

Untuk melihat detail selengkapnya tentang kebijakan, termasuk versi terbaru dari dokumen kebijakan JSON, lihat AWSConfigServiceRolePolicydi Panduan Referensi Kebijakan AWS Terkelola.

Direkomendasikan: Gunakan peran terkait Layanan

Disarankan agar Anda menggunakan peran terkait layanan kecuali Anda memiliki kasus penggunaan tertentu. Peran terkait layanan menambahkan semua izin yang diperlukan untuk menjalankan seperti yang AWS Config diharapkan. Beberapa fitur seperti perekam konfigurasi terkait layanan mengharuskan Anda untuk menggunakan peran terkait layanan.

AWS kebijakan terkelola: AWS_ConfigRole

Untuk merekam konfigurasi AWS sumber daya Anda, AWS Config memerlukan izin IAM untuk mendapatkan detail konfigurasi tentang sumber daya Anda. Jika Anda ingin membuat peran IAM AWS Config, Anda dapat menggunakan kebijakan terkelola AWS_ConfigRole dan melampirkannya ke peran IAM Anda.

Kebijakan IAM ini diperbarui setiap kali AWS Config menambahkan dukungan untuk jenis AWS sumber daya. Ini berarti bahwa AWS Config akan terus memiliki izin yang diperlukan untuk merekam data konfigurasi tipe sumber daya yang didukung selama peran AWS_ConFigRole memiliki kebijakan terkelola ini dilampirkan. Kebijakan ini menyediakan akses komprehensif untuk memantau dan merekam perubahan konfigurasi di seluruh AWS infrastruktur Anda, termasuk izin untuk lebih dari 100 AWS layanan seperti komputasi, penyimpanan, jaringan, keamanan, analitik, dan layanan pembelajaran mesin. Untuk informasi selengkapnya, lihat Jenis Sumber Daya yang Didukung untuk AWS Config dan Izin untuk Peran IAM Ditugaskan AWS Config.

Untuk melihat detail selengkapnya tentang kebijakan, termasuk versi terbaru dari dokumen kebijakan JSON, lihat AWS_COnFigRole di Panduan Referensi Kebijakan AWS Terkelola.

AWS kebijakan terkelola: AWSConfigUserAccess

Kebijakan IAM ini menyediakan akses untuk digunakan AWS Config, termasuk mencari berdasarkan tag pada sumber daya dan membaca semua tag. Ini tidak memberikan izin untuk mengkonfigurasi AWS Config, yang membutuhkan hak administratif.

Lihat kebijakan: AWSConfigUserAccess.

AWS kebijakan terkelola: ConfigConformsServiceRolePolicy

Untuk menyebarkan dan mengelola paket kesesuaian, AWS Config memerlukan izin IAM dan izin tertentu dari layanan lain. AWS Ini memungkinkan Anda untuk menyebarkan dan mengelola paket kesesuaian dengan fungsionalitas penuh dan diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk paket kesesuaian. Untuk informasi selengkapnya tentang paket kesesuaian, lihat Paket kesesuaian.

Lihat kebijakan: ConfigConformsServiceRolePolicy.

AWS kebijakan terkelola: AWSConfigRulesExecutionRole

Untuk menerapkan Aturan Lambda AWS Kustom AWS Config , memerlukan izin IAM dan izin tertentu dari layanan lain. AWS Ini memungkinkan AWS Lambda fungsi untuk mengakses AWS Config API dan snapshot konfigurasi yang AWS Config dikirimkan secara berkala ke Amazon S3. Akses ini diperlukan oleh fungsi yang mengevaluasi perubahan konfigurasi untuk aturan Lambda AWS Kustom dan diperbarui setiap kali AWS Config menambahkan fungsionalitas baru. Untuk informasi selengkapnya tentang Aturan Lambda AWS Kustom, lihat Membuat Aturan AWS Config Lambda Kustom. Untuk informasi selengkapnya tentang snapshot konfigurasi, lihat Concepts | Configuration Snapshot. Untuk informasi selengkapnya tentang pengiriman snapshot konfigurasi, lihat Mengelola Saluran Pengiriman.

Lihat kebijakan: AWSConfigRulesExecutionRole.

AWS kebijakan terkelola: AWSConfigMultiAccountSetupPolicy

Untuk menyebarkan, memperbarui, dan menghapus AWS Config aturan dan paket kesesuaian secara terpusat di seluruh akun anggota dalam organisasi AWS Organizations, AWS Config memerlukan izin IAM dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk penyiapan multi-akun. Untuk informasi selengkapnya, lihat Mengelola AWS Config Aturan di Semua Akun di Organisasi Anda dan Mengelola Paket Kesesuaian di Semua Akun di Organisasi Anda.

Lihat kebijakan: AWSConfigMultiAccountSetupPolicy.

AWS kebijakan terkelola: AWSConfigRoleForOrganizations

AWS Config Untuk memungkinkan panggilan hanya-baca AWS Organizations APIs, AWS Config memerlukan izin IAM dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk penyiapan multi-akun. Untuk informasi selengkapnya, lihat Mengelola AWS Config Aturan di Semua Akun di Organisasi Anda dan Mengelola Paket Kesesuaian di Semua Akun di Organisasi Anda.

Lihat kebijakan: AWSConfigRoleForOrganizations.

AWS kebijakan terkelola: AWSConfigRemediationServiceRolePolicy

Untuk AWS Config memperbolehkan memulihkan NON_COMPLIANT sumber daya atas nama Anda, AWS Config memerlukan izin IAM dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk remediasi. Untuk informasi selengkapnya tentang remediasi, lihat Remediating Noncompliant Resources with Rules. AWS Config Untuk informasi lebih lanjut tentang kondisi yang memulai kemungkinan hasil AWS Config evaluasi, lihat Konsep | AWS Config Aturan.

Lihat kebijakan: AWSConfigRemediationServiceRolePolicy.

AWS Config pembaruan kebijakan AWS terkelola

Lihat detail tentang pembaruan kebijakan AWS terkelola AWS Config sejak layanan ini mulai melacak perubahan ini. Untuk peringatan otomatis tentang perubahan pada halaman ini, berlangganan umpan RSS di halaman Riwayat AWS Config dokumen.

Ubah	Deskripsi	Date
AWSConfigServiceRolePolicy— Kebijakan terkelola yang diperbarui dengan izin komprehensif untuk perekaman konfigurasi AWS sumber daya di lebih dari 100 AWS layanan termasuk komputasi, penyimpanan, jaringan, keamanan, analitik, dan layanan pembelajaran mesin.	Kebijakan ini sekarang menyediakan dokumentasi izin layanan yang disempurnakan dan mendukung pemantauan komprehensif di semua AWS layanan yang AWS Config mendukung perekaman konfigurasi.	Januari 27, 2026
AWS_ConfigRole— Kebijakan terkelola yang diperbarui dengan izin komprehensif untuk perekaman konfigurasi AWS sumber daya di lebih dari 100 AWS layanan termasuk komputasi, penyimpanan, jaringan, keamanan, analitik, dan layanan pembelajaran mesin.	Kebijakan ini sekarang menyediakan dokumentasi izin layanan yang disempurnakan dan mendukung pemantauan komprehensif di semua AWS layanan yang AWS Config mendukung perekaman konfigurasi.	Januari 27, 2026
AWS_ConfigRole— tambahkan “s3tables: ListTagsForResource “, “s3tables: “, “s3tables:GetTableBucketMetricsConfiguration” GetTableBucketStorageClass	Kebijakan ini sekarang mendukung izin tambahan untuk S3Tables..	Januari 09, 2026
AWSConfigServiceRolePolicy— tambahkan “s3tables: ListTagsForResource “, “s3tables: “, “s3tables:GetTableBucketMetricsConfiguration” GetTableBucketStorageClass	Kebijakan ini sekarang mendukung izin tambahan untuk S3Tables.	Januari 09, 2026
AWS_ConfigRole— tambahkan “lightsail:GetActiveNames" “lightsail:" “s3:GetOperations” GetBucketAbac	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Lightsail dan Amazon Simple Storage Service (Amazon S3).	November 20, 2025
AWSConfigServiceRolePolicy— tambahkan “lightsail:GetActiveNames" “lightsail:" “s3:GetOperations” GetBucketAbac	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Lightsail dan Amazon Simple Storage Service (Amazon S3).	November 20, 2025
AWSConfigServiceRolePolicy— Kebijakan terkelola yang diperbarui dengan izin komprehensif untuk perekaman konfigurasi AWS sumber daya di lebih dari 100 AWS layanan termasuk komputasi, penyimpanan, jaringan, keamanan, analitik, dan layanan pembelajaran mesin.	Kebijakan ini sekarang menyediakan dokumentasi izin layanan yang disempurnakan dan mendukung pemantauan komprehensif di semua AWS layanan yang AWS Config mendukung perekaman konfigurasi.	November 11, 2025
AWS_ConfigRole— Kebijakan terkelola yang diperbarui dengan izin komprehensif untuk perekaman konfigurasi AWS sumber daya di beberapa layanan termasuk AWS Identity and Access Management, Amazon Elastic Compute Cloud, Amazon Simple Storage Service AWS Lambda, Amazon Relational Database Service, dan banyak lainnya.	Kebijakan ini sekarang mendukung izin tambahan untuk perekaman dan pemantauan konfigurasi AWS sumber daya yang komprehensif di semua AWS layanan yang didukung.	November 10, 2025
AWS_ConfigRole— tambahkan “amplify:GetDomainAssociation" “amplify:" “amplify:ListDomainAssociations" “appsync:ListTagsForResource" “appsync:GetSourceApiAssociation" “batuan dasar:" “batuan dasar:ListSourceApiAssociations" “batuan dasar:GetFlow" “CloudTrail:ListAgentCollaborators" “cloudformation:ListFlows" “codeartifact:ListPrompts" “codeartifact:GetResourcePolicy" “codeartifact:" “codepipeline:DescribePublisher" “codepipeline:DescribePackageGroup" “codepipeline:" “codepipeline:ListAllowedRepositoriesForGroup” “connect:" “connect:ListPackageGroups" “deadline:ListActionTypes" “ec2:" “ec2:ListTagsForResource" “ec2: ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups"“entityresolution:GetMatchingWorkflow" “entityresolution:" “iotsitewise:ListMatchingWorkflows" “iotsitewise:ListAssetModelCompositeModels" “iotsitewise:ListAssetModelProperties" “iotsitewise:" “ivs:ListAssetProperties" “lambda:" “lambda:" “lambda:ListAssociatedAssets" “lambda:ListPublicKeys" “pipes:" “quicksight:GetProvisionedConcurrencyConfig" “redshift-serververt less:ListFunctionEventInvokeConfigs" “redshift:" “rolesanywhere:ListFunctionUrlConfigs" “rolesanywhere:DescribePipe" “sagemaker:ListPipes" “sagemaker:DescribeRefreshSchedule" “pembuat ListRefreshSchedules sagemaker: GetRuntimeManagementConfig ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps"“sagemaker:ListModelPackages" “sagemaker:" “secretsmanager:ListUserProfiles" “securitylake:GetResourcePolicy" “securitylake:" “servicecatalog:ListSubscribers" “servicecatalog:ListTagsForResource" “servicecatalog:" “perisai:DescribeServiceAction" “ssm-insidents:" “ssm-insidents:ListApplications" “ssm:ListAssociatedResources" “ssm:" “ssm:ListProtectionGroups" “ssm:ListTagsForResource" “ssm:" “ssm:GetReplicationSet" “ssm:" “ssm:ListReplicationSets" “ssm:" “wafv2:DescribeAssociation" “batuan dasar:DescribePatchBaselines" “batuan dasar:GetDefaultPatchBaseline" “batuan dasar GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter -agentcore: ListBrowsers "“batuan-agentcore:" “batuan-agentcore:GetBrowser" “batuan-agentcore:" “batuan-agentcore:" “batuan-agentcore:ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify,, Amazon Bedrock AWS AppSync,,,, Amazon Connect AWS CloudTrail CloudFormation, AWS CodeArtifact AWS CodePipeline, Amazon EC2, AWS Deadline Cloud, Amazon IVS,, Amazon Resolusi Entitas AWS AWS IoT SiteWise, Amazon Quick, Amazon Redshift AWS Lambda, EventBridge Amazon Redshift, Amazon Redshift Tanpa Server,, Amazon,, Amazon Security Lake AWS Identity and Access Management Roles Anywhere,,, SageMaker AWS Secrets Manager Amazon EC2 Systems Manager AWS Service Catalog, AWS Shield dan. AWS WAFV2	Oktober 1, 2025
AWSConfigServiceRolePolicy— tambahkan “amplify:GetDomainAssociation" “amplify:" “amplify:ListDomainAssociations" “appsync:ListTagsForResource" “appsync:GetSourceApiAssociation" “batuan dasar:" “batuan dasar:ListSourceApiAssociations" “batuan dasar:GetFlow" “CloudTrail:ListAgentCollaborators" “cloudformation:ListFlows" “codeartifact:ListPrompts" “codeartifact:GetResourcePolicy" “codeartifact:" “codepipeline:DescribePublisher" “codepipeline:DescribePackageGroup" “codepipeline:" “codepipeline:ListAllowedRepositoriesForGroup” “connect:" “connect:ListPackageGroups" “deadline:ListActionTypes" “ec2:" “ec2:ListTagsForResource" “ec2: ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups"“entityresolution:GetMatchingWorkflow" “entityresolution:" “iotsitewise:ListMatchingWorkflows" “iotsitewise:ListAssetModelCompositeModels" “iotsitewise:ListAssetModelProperties" “iotsitewise:" “ivs:ListAssetProperties" “lambda:" “lambda:" “lambda:ListAssociatedAssets" “lambda:ListPublicKeys" “pipes:" “quicksight:GetProvisionedConcurrencyConfig" “redshift-serververt less:ListFunctionEventInvokeConfigs" “redshift:" “rolesanywhere:ListFunctionUrlConfigs" “rolesanywhere:DescribePipe" “sagemaker:ListPipes" “sagemaker:DescribeRefreshSchedule" “pembuat ListRefreshSchedules sagemaker: GetRuntimeManagementConfig ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps"“sagemaker:ListModelPackages" “sagemaker:" “secretsmanager:ListUserProfiles" “securitylake:GetResourcePolicy" “securitylake:" “servicecatalog:ListSubscribers" “servicecatalog:ListTagsForResource" “servicecatalog:" “perisai:DescribeServiceAction" “ssm-insidents:" “ssm-insidents:ListApplications" “ssm:ListAssociatedResources" “ssm:" “ssm:ListProtectionGroups" “ssm:ListTagsForResource" “ssm:" “ssm:GetReplicationSet" “ssm:" “ssm:ListReplicationSets" “ssm:" “wafv2:DescribeAssociation" “batuan dasar:DescribePatchBaselines" “batuan dasar:GetDefaultPatchBaseline" “batuan dasar GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter -agentcore: ListBrowsers "“batuan-agentcore:" “batuan-agentcore:GetBrowser" “batuan-agentcore:" “batuan-agentcore:" “batuan-agentcore:ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify,, Amazon Bedrock AWS AppSync,,,, Amazon Connect AWS CloudTrail CloudFormation, AWS CodeArtifact AWS CodePipeline, Amazon EC2, AWS Deadline Cloud, Amazon IVS,, Amazon Resolusi Entitas AWS AWS IoT SiteWise, Amazon Quick, Amazon Redshift AWS Lambda, EventBridge Amazon Redshift, Amazon Redshift Tanpa Server,, Amazon,, Amazon Security Lake AWS Identity and Access Management Roles Anywhere,,, SageMaker AWS Secrets Manager Amazon EC2 Systems Manager AWS Service Catalog, AWS Shield dan. AWS WAFV2	Oktober 1, 2025
AWS_ConfigRole— Tambahkan "arc-zonal-shift: GetAutoshiftObserverNotificationStatus “, “bedrock: “, “cloudtrail: GetModelInvocationLoggingConfiguration “, “codeartifact: GetEventConfiguration “, “codeartifact: “, “deadline: DescribeDomain “, “deadline: “, “deadline: GetDomainPermissionsPolicy “, “deadline: GetFleet “, “deadline: “, “dms: GetQueueFleetAssociation “, “dms: “, ListFleets “glue: “, “kafkaconnect: ListQueueFleetAssociations “, “kafkaconnect: ListTagsForResource “, “kafkaconnect: DescribeDataMigrations “, “kafkaconnect: “, ListMigrationProjects “kafkaconnect: “, GetDataCatalogEncryptionSettings “kafkaconnect: “, “kafkaconnect: DescribeCustomPlugin “, “kafkaconnect: DescribeWorkerConfiguration “, “lakeformation: “, “medialive: ListCustomPlugins “, “medialive: ListTagsForResource ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeMultiplexProgram ListMultiplexPrograms“, “mediapackagev2: GetChannelGroup “, “mediapackagev2: “, “rds: ListChannelGroups “, “rolesanywhere: “, “rolesanywhere: DescribeEngineDefaultParameters “, “rolesanywhere: GetProfile “, “rolesanywhere: “, GetTrustAnchor “rolesanywhere: “, “s3: ListProfiles “, “s3: “, “secretsmanager: ListTagsForResource “, “securitylake: ListTrustAnchors “, “securitylake: GetAccessGrant “, “securitylake: “, ListAccessGrants “securitylake: “, “servicecatalog: DescribeSecret “, “servicecatalog: ListDataLakeExceptions “, “servicecatalog: ListDataLakes “, “servicecatalog: “, “ses: ListLogSources “,” GetAttributeGroup ListAttributeGroups ListServiceActions ListServiceActionsForProvisioningArtifact GetTrafficPolicy ListTagsForResource ses: ListTrafficPolicies “, “xray: GetGroup “, “xray: “, GetGroups “xray: “, GetSamplingRules “xray: “, “xray:ListResourcePolicies” ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk AWS ARC - Zonal Shift, Amazon Bedrock,,,,,, AWS CloudTrail AWS CodeArtifact AWS Deadline Cloud AWS Database Migration Service, Amazon Managed Streaming for Apache Kafka AWS Glue, AWS Identity and Access Management Amazon AWS Elemental MediaLive Logs,,, Amazon Relational Database Service AWS Lake Formation, CloudWatch Amazon Simple Storage Service AWS Elemental MediaPackage, Amazon Simple Storage AWS Secrets Manager Service, Amazon Security AWS Service Catalog Lake, Amazon Simple Email Service, dan. AWS X-Ray	Juli 28, 2025
AWSConfigServiceRolePolicy— Tambahkan “arc-zonal-shift: “, GetAutoshiftObserverNotificationStatus “bedrock: “, “cloudtrail: GetModelInvocationLoggingConfiguration “, “codeartifact: “, “codeartifact: “, “deadline: GetEventConfiguration “, “deadline: “, “deadline: DescribeDomain “, “deadline: “, “deadline: “, “dms: GetDomainPermissionsPolicy “, “dms: “, “glue: GetFleet “, “iam: “, “kafkaconnect: GetQueueFleetAssociation “, “kafkaconnect: “, ListFleets “kafkaconnect: “, “kafkaconnect: ListQueueFleetAssociations “, “kafkaconnect: “, “kafkaconnect: ListTagsForResource “, “kafkaconnect: DescribeDataMigrations “, “kafkaconnect: “, “kafkaconnect: ListMigrationProjects “, “kafkaconnect: “, GetDataCatalogEncryptionSettings “kafkaconnect: “, “kafkaconnect: ListPolicies “, “kafkaconnect: “, “kafkackaconnect: DescribeCustomPlugin “, “kafkaconnect: “, “kafkaconnect: DescribeWorkerConfiguration “, “kafkaconnect: “, “lakeformation: “, “logs: ListCustomPlugins “, “logs: “, “medialive: ListTagsForResource ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeIndexPolicies ListTagsForResource DescribeMultiplexProgram“, “medialive: “, ListMultiplexPrograms “mediapackagev2: “, “mediapackagev2: GetChannelGroup “, “rds: “, “rolesanywhere: ListChannelGroups “, “rolesanywhere: DescribeEngineDefaultParameters “, “rolesanywhere: “, GetProfile “rolesanywhere: “, “rolesanywhere: GetTrustAnchor “, “s3: “, ListProfiles “s3: “, “secretsmanager: ListTagsForResource “, “securitylake: “, ListTrustAnchors “securitylake: “, “securitylake: GetAccessGrant “, “servicecatalog: ListAccessGrants “, “servicecatalog: DescribeSecret “, “servicecatalog: ListDataLakeExceptions “, “servicecatalog: “, “ses: ListDataLakes ListLogSources GetAttributeGroup ListAttributeGroups ListServiceActions ListServiceActionsForProvisioningArtifact GetTrafficPolicy “, “ses: “, “ses: ListTagsForResource “, “xray: ListTrafficPolicies “, “xray: “, “xray: GetGroup “, “xray: “, GetGroups “xray: “, “arn:aws:apigateway: GetSamplingRules ::/accountListResourcePolicies”, “arn:aws:apigateway: ::/usageplans”, ListTagsForResource “arn:aws:apigateway: ::/usageplans/”.	Kebijakan ini sekarang mendukung izin tambahan untuk AWS ARC - Zonal Shift, Amazon Bedrock,,,,,, AWS CloudTrail AWS CodeArtifact AWS Deadline Cloud AWS Database Migration Service, Amazon Managed Streaming for Apache Kafka AWS Glue,, AWS Identity and Access Management Amazon AWS Elemental MediaLive Logs AWS Lake Formation,,, Amazon Relational Database Service AWS Elemental MediaPackage, CloudWatch Amazon Simple Storage Service, Amazon Security Lake, Amazon Security AWS Service Catalog Lake, Amazon Simple Email AWS Secrets Manager Service,, dan Amazon API Gateway AWS X-Ray.	Juli 28, 2025
AWSConfigServiceRolePolicy— Tambahkan “backup-gateway: GetHypervisor “, “backup-gateway: “,": ListHypervisors “,"bcm-data-exports: GetExport “,"bcm-data-exports: ListExports “, “batuan dasarbcm-data-exports: ListTagsForResource “, “batuan dasar: GetAgent “, “batuan dasar: GetAgentActionGroup “, “batuan dasar: GetAgentKnowledgeBase “, “batuan dasar: GetDataSource “, “batuan dasar: GetFlowAlias “, “batuan dasar: GetFlowVersion “, “batuan dasar: ListAgentActionGroups “, “batuan dasar: ListAgentKnowledgeBases “, “cloudformation: ListDataSources “, “cloudformation: “, ListFlowAliases “cloudformation: “, ListFlowVersions “cloudformation: “,” BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstances cloudformation: ListStackSets “, “cloudfront: “, “cloudfront: GetPublicKey “, “cloudfront: GetRealtimeLogConfig “, “cloudfront: “, “entityresolution: ListPublicKeys “, “entityresolution: ListRealtimeLogConfigs “, “entityresolution: “, “entityresolution: GetIdMappingWorkflow “, “entityresolution: GetSchemaMapping “, “iotdeviceadvisor: ListIdMappingWorkflows “, “iotdeviceadvisor: ListSchemaMappings “, “lambda: “, “lambda: ListTagsForResource “, “mediapackagev2: “, “mediapackagev2: GetSuiteDefinition “, “networkmanager: “, “networkmanager: ListSuiteDefinitions “,": “,” GetEventSourceMapping ListEventSourceMappings GetChannel ListChannels GetTransitGatewayPeering ListPeerings pca-connector-ad GetDirectoryRegistration pca-connector-ad: ListDirectoryRegistrations “,"pca-connector-ad: ListTagsForResource “, “rds:Deskripsikan DBShard Grup”, “rds: “, “pergeseran merah: DescribeIntegrations “, “s3tables: DescribeIntegrations “, “s3tables: “, “s3tables: GetTableBucket “, “s3tables: GetTableBucketEncryption “, “ssm-quicksetup: GetTableBucketMaintenanceConfiguration “, “ssm-quicksetup:” ListTableBuckets GetConfigurationManager ListConfigurationManagers	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup gateway, AWS Manajemen Penagihan dan Biaya, Amazon Bedrock,, AWS CloudFormation Amazon CloudFront,, Resolusi Entitas AWS, AWS IoT Core Device Advisor, AWS Lambda, AWS Network Manager, AWS Private Certificate Authority, Amazon Redshift, Tabel Amazon S3,. Pengaturan Cepat AWS Systems Manager	Juni 18, 2025
AWS_ConfigRole— Tambahkan “backup-gateway: GetHypervisor “, “backup-gateway: “,": ListHypervisors “,"bcm-data-exports: GetExport “,"bcm-data-exports: ListExports “, “batuan dasarbcm-data-exports: ListTagsForResource “, “batuan dasar: GetAgent “, “batuan dasar: GetAgentActionGroup “, “batuan dasar: GetAgentKnowledgeBase “, “batuan dasar: GetDataSource “, “batuan dasar: GetFlowAlias “, “batuan dasar: GetFlowVersion “, “batuan dasar: ListAgentActionGroups “, “batuan dasar: ListAgentKnowledgeBases “, “cloudformation: ListDataSources “, “cloudformation: “, ListFlowAliases “cloudformation: “, ListFlowVersions “cloudformation: “,” BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstances cloudformation: ListStackSets “, “cloudfront: “, “cloudfront: GetPublicKey “, “cloudfront: GetRealtimeLogConfig “, “cloudfront: “, ListPublicKeys “entityresolution: “, “entityresolution: ListRealtimeLogConfigs “, “entityresolution: GetIdMappingWorkflow “, “entityresolution: “, “entityresolution: GetSchemaMapping “, “iotdeviceadvisor: ListIdMappingWorkflows “, “iotdeviceadvisor: ListSchemaMappings “, “lambda: ListTagsForResource “, “lambda: “, “networkmanager: GetSuiteDefinition “, “networkmanager: “,": “,ListSuiteDefinitions": “,": “, “rds: GetEventSourceMapping ListEventSourceMappings GetTransitGatewayPeering ListPeerings pca-connector-ad GetDirectoryRegistration pca-connector-ad ListDirectoryRegistrations pca-connector-ad ListTagsForResource Jelaskan DBShard Grup”, “rds: “, DescribeIntegrations “pergeseran merah: “, “s3tables: DescribeIntegrations “, “s3tables: GetTableBucket “, “s3tables: “, GetTableBucketEncryption “s3tables: “, “ssm-quicksetup: GetTableBucketMaintenanceConfiguration “, “ssm-quicksetup:ListTableBuckets” GetConfigurationManager ListConfigurationManagers	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup gateway, AWS Manajemen Penagihan dan Biaya, Amazon Bedrock,, AWS CloudFormation Amazon CloudFront,, Resolusi Entitas AWS, AWS IoT Core Device Advisor, AWS Lambda, AWS Network Manager, AWS Private Certificate Authority, Amazon Redshift, Tabel Amazon S3,. Pengaturan Cepat AWS Systems Manager	Juni 18, 2025
AWS_ConfigRole— Tambahkan "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Bedrock.	27 Mei 2025
AWSConfigServiceRolePolicy— Tambahkan "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Bedrock.	27 Mei 2025
AWS_ConfigRole— Tambahkan "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS B2B Pertukaran Data, Amazon Bedrock,,,, AWS Database Migration Service (AWS DMS) AWS Clean Rooms AWS CodeConnections, Amazon CloudWatch Log AWS Direct Connect, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3), SageMaker Amazon AWS Security Hub CSPM AI,, dan, Kontak, dan. Manajer Insiden AWS Systems Manager Manajer Insiden AWS Systems Manager AWS Systems Manager	April 08, 2025
AWSConfigServiceRolePolicy— Tambahkan "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS B2B Pertukaran Data, Amazon Bedrock,,,, AWS Database Migration Service (AWS DMS) AWS Clean Rooms AWS CodeConnections, Amazon CloudWatch Log AWS Direct Connect, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3), SageMaker Amazon AWS Security Hub CSPM AI,, dan, Kontak, dan. Manajer Insiden AWS Systems Manager Manajer Insiden AWS Systems Manager AWS Systems Manager Kebijakan ini juga sekarang mendukung izin untuk mengakses semua nama domain Amazon API Gateway dengan menyertakan pola sumber daya "`arn:aws:apigateway:::/domainnames/`”.	April 08, 2025
AWS_ConfigRole— Tambahkan "ec2:GetAllowedImagesSettings"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Compute Cloud (Amazon EC2).	Maret 4, 2025
AWSConfigServiceRolePolicy— Tambahkan "ec2:GetAllowedImagesSettings"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Compute Cloud (Amazon EC2).	Maret 4, 2025
AWS_ConfigRole— Tambahkan "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Clean Rooms, Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon EC2),, Amazon Simple Storage Service (Amazon AWS HealthOmics S3), dan Amazon Simple Email Service (Amazon SES).	Januari 16, 2025
AWSConfigServiceRolePolicy— Tambahkan "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Clean Rooms, Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon EC2),, Amazon Simple Storage Service (Amazon AWS HealthOmics S3), dan Amazon Simple Email Service (Amazon SES).	Januari 16, 2025
AWSConfigServiceRolePolicy— Tambahkan "organizations:ListAWSServiceAccessForOrganization"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Organizations.	Desember 18, 2024
AWS_ConfigRole— Tambahkan "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig,, Amazon Connect, Amazon AWS CloudTrail, Amazon DevOps Guru,, Toko Identitas DataZone,,,, AWS Glue, Layanan Video Interaktif Amazon (Amazon IVS) AWS IoT AWS IoT FleetWise AWS IoT Wireless, Amazon CloudWatch Logs, Amazon Observability Access Manager,, Amazon AWS Payment Cryptography Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon Storage Service) 3) Simple Storage S3), Amazon Scheduler,, dan Amazon VPC Lattice. EventBridge AWS Systems Manager	November 7, 2024
AWSConfigServiceRolePolicy— Tambahkan "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig,, Amazon Connect, Amazon AWS CloudTrail, Amazon DevOps Guru,, Toko Identitas DataZone,,,, AWS Glue, Layanan Video Interaktif Amazon (Amazon IVS) AWS IoT AWS IoT FleetWise AWS IoT Wireless, Amazon CloudWatch Logs, Amazon Observability Access Manager,, Amazon AWS Payment Cryptography Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon Storage Service) 3) Simple Storage S3), Amazon Scheduler,, dan Amazon VPC Lattice. EventBridge AWS Systems Manager	November 7, 2024
AWS_ConfigRole— Tambahkan "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon OpenSearch Service Severless AppStream, Amazon,,, AWS Backup AWS CloudTrail, EC2 Image Builder AWS Glue, Amazon Interactive Video Service (Amazon IVS) AWS IoT,,, AWS Elemental MediaConnect,, AWS Elemental MediaTailor dan Amazon Scheduler. AWS HealthOmics EventBridge	September 16, 2024
AWSConfigServiceRolePolicy— Tambahkan "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon OpenSearch Service Severless AppStream, Amazon,,, AWS Backup AWS CloudTrail, EC2 Image Builder AWS Glue, Amazon Interactive Video Service (Amazon IVS) AWS IoT,,, AWS Elemental MediaConnect,, AWS Elemental MediaTailor dan Amazon Scheduler. AWS HealthOmics EventBridge	September 16, 2024
AWS_ConfigRole— Tambahkan "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic File System (Amazon EFS), Amazon Manajer Sistem AWS untuk SAP Redshift, dan.	Juni 17, 2024
AWSConfigServiceRolePolicy— Tambahkan "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic File System (Amazon EFS), Amazon Manajer Sistem AWS untuk SAP Redshift, dan.	Juni 17, 2024
AWS_ConfigRole— Tambahkan "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"	Kebijakan ini sekarang mendukung izin tambahan untuk Layanan Terkelola Amazon untuk Prometheus, Amazon, Amazon CloudWatch Cognito, Amazon, Amazon,, ( AWS Identity and Access Management IAM) ElastiCache,, AWS Glue, FSx Amazon AWS RAM Redshift Tanpa Server, AWS Lambda Amazon AI, dan Layanan Notifikasi Sederhana Amazon (Amazon SNS). SageMaker	Februari 22, 2024
AWSConfigServiceRolePolicy— Tambahkan "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"	Kebijakan ini sekarang mendukung izin tambahan untuk Layanan Terkelola Amazon untuk Prometheus, Amazon, Amazon CloudWatch Cognito, Amazon, Amazon,, ( AWS Identity and Access Management IAM) ElastiCache,, AWS Glue, FSx Amazon AWS RAM Redshift Tanpa Server, AWS Lambda Amazon AI, dan Layanan Notifikasi Sederhana Amazon (Amazon SNS). SageMaker	Februari 22, 2024
AWSConfigUserAccess— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini	Kebijakan ini menyediakan akses untuk digunakan AWS Config, termasuk mencari berdasarkan tag pada sumber daya dan membaca semua tag. Ini tidak memberikan izin untuk mengkonfigurasi AWS Config, yang membutuhkan hak administratif.	Februari 22, 2024
AWS_ConfigRole— Tambahkan "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig, Amazon Managed Service for Prometheus, () AWS Database Migration Service ,AWS DMS(AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Logs, dan Amazon Simple Storage Service ( CloudWatch Amazon S3). AWS Organizations	Desember 5, 2023
AWSConfigServiceRolePolicy— Tambahkan "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig, Amazon Managed Service for Prometheus, () AWS Database Migration Service ,AWS DMS(AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Logs, dan Amazon Simple Storage Service ( CloudWatch Amazon S3). AWS Organizations	5 Desember 2023
AWS_ConfigRole— Tambahkan "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Cognito, Amazon Connect, Amazon EMR,, Amazon MemoryDB AWS Ground Station, AWS Mainframe Modernization, Amazon Quick AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53, dan. AWS Service Catalog AWS Transfer Family	17 November 2023
AWS_ConfigRole— Tambahkan "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"	Kebijakan ini sekarang menambahkan pengenal keamanan (SID) untuk`AWSConfigServiceRolePolicyStatementID`,, `AWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementID`, dan`AWSConfigSLRApiGatewayStatementID`.	17 November 2023
AWSConfigServiceRolePolicy— Tambahkan "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Cognito, Amazon Connect, Amazon EMR,, Amazon MemoryDB AWS Ground Station, AWS Mainframe Modernization, Amazon Quick AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53, dan. AWS Service Catalog AWS Transfer Family	17 November 2023
AWSConfigServiceRolePolicy— Tambahkan "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"	Kebijakan ini sekarang menambahkan pengenal keamanan (SID) untuk`AWSConfigServiceRolePolicyStatementID`,, `AWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementID`, dan`AWSConfigSLRApiGatewayStatementID`.	17 November 2023
AWS_ConfigRole— Tambahkan "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Terbukti, Amazon Managed Grafana, Amazon, Amazon Inspector,, GuardDuty, Amazon AWS IoT Managed AWS IoT TwinMaker Streaming untuk Apache Kafka (Amazon MSK),,,,, dan Amazon AI. AWS Lambda AWS Network Manager AWS Organizations SageMaker	4 Oktober 2023
AWSConfigServiceRolePolicy— Tambahkan "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Terbukti, Amazon Managed Grafana, Amazon, Amazon Inspector,, GuardDuty, Amazon AWS IoT Managed AWS IoT TwinMaker Streaming untuk Apache Kafka (Amazon MSK),,,,, dan Amazon AI. AWS Lambda AWS Network Manager AWS Organizations SageMaker	4 Oktober 2023
AWSConfigServiceRolePolicy— Hapus "ssm:GetParameter"	Kebijakan ini sekarang menghapus izin untuk AWS Systems Manager (Systems Manager).	September 6, 2023
AWS_ConfigRole— Tambahkan "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS App Mesh,, Amazon, AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact, AWS CodeBuild, Amazon, AWS Identity and Access Management (IAM) AWS Glue GuardDuty, Amazon Inspector AWS IoT,,,, Amazon Managed Streaming untuk Apache Kafka AWS IoT TwinMaker AWS IoT Wireless, Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,, Amazon Route 53 AWS Organizations Penjelajah Sumber Daya AWS, Amazon Simple Storage Service (Amazon S3), dan Amazon Simple Layanan Pemberitahuan (Amazon SNS).	28 Juli 2023
AWSConfigServiceRolePolicy— Tambahkan "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS App Mesh, WorkSpaces Aplikasi Amazon,, Amazon,, AWS CloudFormation, Amazon Connect CloudFront, AWS CodeArtifact, Amazon AWS CodeBuild, AWS Identity and Access Management (IAM) AWS Glue GuardDuty, Amazon Inspector,,,, Amazon Managed Streaming untuk Apache Kafka AWS IoT AWS IoT TwinMaker AWS IoT Wireless, Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,, Amazon Route 53 AWS Organizations, Penjelajah Sumber Daya AWS Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon SNS), dan Amazon EC2 Systems Manager (SSM).	28 Juli 2023
AWS_ConfigRole— Tambahkan "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify, Amazon Connect,, Amazon Managed Service untuk Prometheus AWS App Mesh, Amazon AWS Batch Athena,,,,, Amazon,, Amazon DynamoDB AWS CloudFormation AWS CloudTrail, AWS CodeArtifact Amazon Elastic Compute Cloud (Amazon EC2) CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon CloudWatch EC2), Amazon Terbukti,, Amazon Forecast,,, ( AWS Identity and Access Management IAM), AWS Organizations Amazon Managed Streaming untuk Apache Kafka AWS Ground Station(Amazon MSK) AWS IoT Greengrass, Amazon Lightsail, Amazon Log,,, Amazon Pinpoint, Amazon Virtual Private Cloud (Amazon VPC CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor), Amazon Personalisasi, Amazon Quick,, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family	13 Juni 2023
AWSConfigServiceRolePolicy— Tambahkan "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify, Amazon Connect,, Amazon Managed Service untuk Prometheus AWS App Mesh, Amazon AWS Batch Athena,,,,, Amazon,, Amazon DynamoDB AWS CloudFormation AWS CloudTrail, AWS CodeArtifact Amazon Elastic Compute Cloud (Amazon EC2) CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon CloudWatch EC2), Amazon Terbukti,, Amazon Forecast,,, ( AWS Identity and Access Management IAM), AWS Organizations Amazon Managed Streaming for Apache Kafka AWS Ground Station(Amazon MSK) AWS IoT Greengrass, Amazon Lightsail, Amazon Log,,, Amazon Pinpoint, Amazon Virtual Private Cloud (Amazon VPC) CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor, Amazon Personalisasi, Amazon Quick,, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family	13 Juni 2023
AWSConfigServiceRolePolicy— Tambahkan amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk AWS Amplify,,, AWS App Runner Amazon AWS App Mesh CloudFront, AWS CodeArtifact Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,, Amazon Pinpoint, AWS Transfer Family, AWS Resilience Hub, Amazon AWS Migration Hub, Directory Service, dan. CloudWatch AWS AWS WAF	13 April 2023
AWS_ConfigRole— Tambahkan amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk AWS Amplify,,, AWS App Runner Amazon AWS App Mesh CloudFront, AWS CodeArtifact Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,, Amazon Pinpoint, AWS Transfer Family, AWS Resilience Hub, Amazon AWS Migration Hub, Directory Service, dan. CloudWatch AWS AWS WAF	13 April 2023
AWSConfigServiceRolePolicy— Tambahkan appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Amazon AppFlow,, WorkSpaces Aplikasi AWS App Runner Amazon, Amazon, CloudWatch,,, CloudFront Amazon CloudWatch Terbukti AWS CodeArtifact AWS CodeCommit, AWS Device Farm Amazon Forecast,, AWS Identity and Access Management (IAM), AWS Ground Station, Amazon MemoryDB, AWS IoT Amazon Pinpoint,,, Amazon AWS Panorama Relational Database Service ( AWS Network Manager Amazon RDS), Amazon Redshift, dan Amazon AI. SageMaker	30 Maret 2023
AWS_ConfigRole— Tambahkan appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Amazon AppFlow,, WorkSpaces Aplikasi AWS App Runner Amazon,, Amazon,,, CloudWatch AWS CodeArtifact AWS CodeCommit, AWS CloudFormation CloudFront Amazon Elastic Compute Cloud ( AWS Device Farm Amazon EC2), Amazon Terbukti, Amazon Forecast,, AWS Identity and Access Management (IAM) CloudWatch , Amazon MemoryDB AWS Ground Station, Amazon Pinpoint,,,, Layanan Database AWS Network Manager Relasional Amazon Service (Amazon RDS), Amazon Redshift, dan AWS Panorama Amazon AI. AWS IoT SageMaker	30 Maret 2023
AWSConfigRulesExecutionRole— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini	Kebijakan ini memungkinkan AWS Lambda fungsi mengakses AWS Config API dan snapshot konfigurasi yang AWS Config dikirimkan secara berkala ke Amazon S3. Akses ini diperlukan oleh fungsi yang mengevaluasi perubahan konfigurasi untuk aturan Lambda AWS Kustom.	7 Maret 2023
AWSConfigRoleForOrganizations— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini	Kebijakan ini memungkinkan AWS Config untuk memanggil read-only AWS Organizations APIs.	7 Maret 2023
AWSConfigRemediationServiceRolePolicy— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini	Kebijakan ini memungkinkan AWS Config untuk memulihkan `NON_COMPLIANT` sumber daya atas nama Anda.	7 Maret 2023
AWSConfigServiceRolePolicy— Tambahkan auditmanager:GetAccountStatus	Kebijakan ini sekarang memberikan izin untuk mengembalikan status pendaftaran akun di AWS Audit Manager.	3 Maret 2023
AWS_ConfigRole— Tambahkan auditmanager:GetAccountStatus	Kebijakan ini sekarang memberikan izin untuk mengembalikan status pendaftaran akun di AWS Audit Manager.	3 Maret 2023
AWSConfigMultiAccountSetupPolicy— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini	Kebijakan ini memungkinkan AWS Config untuk memanggil AWS layanan dan menyebarkan AWS Config sumber daya di seluruh organisasi dengan AWS Organizations.	27 Februari 2023
AWSConfigServiceRolePolicy— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, Aplikasi Amazon, Amazon Reviewer,, AWS IoT Amazon Kinesis Video AWS HealthLake Streams, CodeGuru Amazon WorkSpaces Application Recovery Controller (ARC), Amazon Elastic Compute AWS Device Farm Cloud (Amazon EC2), Amazon Pinpoint, (IAM), Amazon, Amazon, dan Log Amazon. AWS Identity and Access Management GuardDuty CloudWatch	1 Februari 2023
AWS_ConfigRole— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, Aplikasi Amazon, Amazon Reviewer,, AWS IoT Amazon Kinesis Video AWS HealthLake Streams, CodeGuru Amazon WorkSpaces Application Recovery Controller (ARC), Amazon Elastic Compute AWS Device Farm Cloud (Amazon EC2), Amazon Pinpoint, (IAM), Amazon, Amazon, dan Log Amazon. AWS Identity and Access Management GuardDuty CloudWatch	1 Februari 2023
ConfigConformsServiceRolePolicy— Perbarui config:DescribeConfigRules	Sebagai praktik terbaik keamanan, kebijakan ini sekarang menghapus izin tingkat sumber daya yang luas untuk. `config:DescribeConfigRules`	Januari 12, 2023
AWSConfigServiceRolePolicy— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,,, AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon EC2 AWS DMS), AWS Directory Service, Amazon Lightsail,, Amazon Lightsail,, Amazon AWS Resource Access Manager Quick AWS Glue, AWS IoT, Amazon Application Recovery Controller (ARC) AWS Network Manager, Amazon Simple AWS Elemental MediaPackage Storage Service (Amazon S3), dan Amazon Timestream.	Desember 15, 2022
AWS_ConfigRole— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,,, AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon EC2 AWS DMS), AWS Directory Service, Amazon Lightsail,, Amazon Lightsail,, Amazon AWS Resource Access Manager Quick AWS Glue, AWS IoT, Amazon Application Recovery Controller (ARC) AWS Network Manager, Amazon Simple AWS Elemental MediaPackage Storage Service (Amazon S3), dan Amazon Timestream.	Desember 15, 2022
AWSConfigServiceRolePolicy— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks	Kebijakan ini sekarang memberikan izin untuk menampilkan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan. StackStatusFilter	7 November 2022
AWS_ConfigRole— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks	Kebijakan ini sekarang memberikan izin untuk menampilkan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan. StackStatusFilter	7 November 2022
AWSConfigServiceRolePolicy— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, Amazon Keyspaces, Amazon AWS Amplify, Amazon Connect AWS AppConfig, Amazon Elastic Compute Cloud ( CloudWatchAmazon EC2), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector, Amazon, GameLift Server EventBridge Amazon, Layanan Lokasi AWS Fault Injection Service Amazon,, Amazon Lex, FSx Amazon Lightsail, Amazon Pinpoint AWS IoT,,,, Amazon Quick, Layanan Database Relasional Amazon (Amazon AWS Glue DataBrew OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition,,, Amazon Route 53 Grup Sumber Daya AWS, Amazon Simple Storage Service AWS Cloud Map(Amazon S3),, dan. AWS Security Token Service	Oktober 19, 2022
AWS_ConfigRole— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, Amazon Keyspaces, Amazon AWS Amplify, Amazon Connect AWS AppConfig, Amazon Elastic Compute Cloud ( CloudWatchAmazon EC2), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector, Amazon, GameLift Server EventBridge Amazon, Layanan Lokasi AWS Fault Injection Service Amazon,, Amazon Lex, FSx Amazon Lightsail, Amazon Pinpoint AWS IoT,,,, Amazon Quick, Layanan Database Relasional Amazon (Amazon AWS Glue DataBrew OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition,,, Amazon Route 53 Grup Sumber Daya AWS, Amazon Simple Storage Service AWS Cloud Map(Amazon S3),, dan. AWS Security Token Service	Oktober 19, 2022
AWSConfigServiceRolePolicy— Tambahkan Glue::GetTable	Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu.	14 September 2022
AWS_ConfigRole— Tambahkan Glue::GetTable	Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu.	14 September 2022
AWSConfigServiceRolePolicy— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon CloudWatch RUM, Amazon CloudWatch CloudWatch Synthetics, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon Compute Cloud (Amazon EC2) Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon, Amazon FinSpace Skema Amazon, Amazon, Amazon, Amazon, Amazon EventBridge Amazon Fraud Detector, GameLift Server EventBridge Amazon, Layanan Video Interaktif Amazon (Amazon IVS), Layanan Dikelola Amazon untuk Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service DevOps , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon StudioAmazon MQ, Amazon Nimble Pinpoint, Amazon Quick, Amazon Quick, Amazon Application Recovery Controller ( Amazon Route 53 Resolver ARC),, Layanan Penyimpanan Sederhana Amazon (Amazon S3) Amazon SimpleDB, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon SES), Amazon TimeStream,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family.	7 September 2022
AWS_ConfigRole— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon CloudWatch RUM, Amazon CloudWatch CloudWatch Synthetics, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon Compute Cloud (Amazon EC2) Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon, Amazon FinSpace Skema Amazon, Amazon, Amazon, Amazon, Amazon EventBridge Amazon Fraud Detector, GameLift Server EventBridge Amazon, Layanan Video Interaktif Amazon (Amazon IVS), Layanan Dikelola Amazon untuk Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service DevOps , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon StudioAmazon MQ, Amazon Nimble Pinpoint, Amazon Quick, Amazon Quick, Amazon Application Recovery Controller ( Amazon Route 53 Resolver ARC),, Layanan Penyimpanan Sederhana Amazon (Amazon S3) Amazon SimpleDB, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon SES), Amazon TimeStream,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family	7 September 2022
AWSConfigServiceRolePolicy— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, Aplikasi Amazon, Amazon Reviewer,, AWS IoT Amazon Kinesis Video AWS HealthLake Streams, CodeGuru Amazon WorkSpaces Application Recovery Controller (ARC), Amazon Elastic Compute AWS Device Farm Cloud (Amazon EC2), Amazon Pinpoint, (IAM), Amazon, Amazon, dan Log Amazon. AWS Identity and Access Management GuardDuty CloudWatch	1 Februari 2023
AWS_ConfigRole— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, Aplikasi Amazon, Amazon Reviewer,, AWS IoT Amazon Kinesis Video AWS HealthLake Streams, CodeGuru Amazon WorkSpaces Application Recovery Controller (ARC), Amazon Elastic Compute AWS Device Farm Cloud (Amazon EC2), Amazon Pinpoint, (IAM), Amazon, Amazon, dan Log Amazon. AWS Identity and Access Management GuardDuty CloudWatch	1 Februari 2023
ConfigConformsServiceRolePolicy— Perbarui config:DescribeConfigRules	Sebagai praktik terbaik keamanan, kebijakan ini sekarang menghapus izin tingkat sumber daya yang luas untuk. `config:DescribeConfigRules`	Januari 12, 2023
AWSConfigServiceRolePolicy— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,,, AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon EC2 AWS DMS), AWS Directory Service, Amazon Lightsail,, Amazon Lightsail,, Amazon AWS Resource Access Manager Quick AWS Glue, AWS IoT, Amazon Application Recovery Controller (ARC) AWS Network Manager, Amazon Simple AWS Elemental MediaPackage Storage Service (Amazon S3), dan Amazon Timestream.	Desember 15, 2022
AWS_ConfigRole— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,,, AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon EC2 AWS DMS), AWS Directory Service, Amazon Lightsail,, Amazon Lightsail,, Amazon AWS Resource Access Manager Quick AWS Glue, AWS IoT, Amazon Application Recovery Controller (ARC) AWS Network Manager, Amazon Simple AWS Elemental MediaPackage Storage Service (Amazon S3), dan Amazon Timestream.	15 Desember 2022
AWSConfigServiceRolePolicy— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks	Kebijakan ini sekarang memberikan izin untuk menampilkan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan. StackStatusFilter	7 November 2022
AWS_ConfigRole— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks	Kebijakan ini sekarang memberikan izin untuk menampilkan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan. StackStatusFilter	7 November 2022
AWSConfigServiceRolePolicy— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, Amazon Keyspaces, Amazon AWS Amplify, Amazon Connect AWS AppConfig, Amazon Elastic Compute Cloud ( CloudWatchAmazon EC2), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector, Amazon, GameLift Server EventBridge Amazon, Layanan Lokasi AWS Fault Injection Service Amazon,, Amazon Lex, FSx Amazon Lightsail, Amazon Pinpoint AWS IoT,,,, Amazon Quick, Layanan Database Relasional Amazon (Amazon AWS Glue DataBrew OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition,,, Amazon Route 53 Grup Sumber Daya AWS, Amazon Simple Storage Service AWS Cloud Map(Amazon S3),, dan. AWS Security Token Service	Oktober 19, 2022
AWS_ConfigRole— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, Amazon Keyspaces, Amazon AWS Amplify, Amazon Connect AWS AppConfig, Amazon Elastic Compute Cloud ( CloudWatchAmazon EC2), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector, Amazon, GameLift Server EventBridge Amazon, Layanan Lokasi AWS Fault Injection Service Amazon,, Amazon Lex, FSx Amazon Lightsail, Amazon Pinpoint AWS IoT,,,, Amazon Quick, Layanan Database Relasional Amazon (Amazon AWS Glue DataBrew OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition,,, Amazon Route 53 Grup Sumber Daya AWS, Amazon Simple Storage Service AWS Cloud Map(Amazon S3),, dan. AWS Security Token Service	Oktober 19, 2022
AWSConfigServiceRolePolicy— Tambahkan Glue::GetTable	Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu.	14 September 2022
AWS_ConfigRole— Tambahkan Glue::GetTable	Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu.	14 September 2022
AWSConfigServiceRolePolicy— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon CloudWatch RUM, Amazon CloudWatch CloudWatch Synthetics, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon Compute Cloud (Amazon EC2) Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon, Amazon FinSpace Skema Amazon, Amazon, Amazon, Amazon, Amazon EventBridge Amazon Fraud Detector, GameLift Server EventBridge Amazon, Layanan Video Interaktif Amazon (Amazon IVS), Layanan Dikelola Amazon untuk Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service DevOps , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon StudioAmazon MQ, Amazon Nimble Pinpoint, Amazon Quick, Amazon Quick, Amazon Application Recovery Controller ( Amazon Route 53 Resolver ARC),, Layanan Penyimpanan Sederhana Amazon (Amazon S3) Amazon SimpleDB, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon SES), Amazon TimeStream,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family.	7 September 2022
AWS_ConfigRole— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon CloudWatch RUM, Amazon CloudWatch CloudWatch Synthetics, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon Compute Cloud (Amazon EC2) Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon, Amazon FinSpace Skema Amazon, Amazon, Amazon, Amazon, Amazon EventBridge Amazon Fraud Detector, GameLift Server EventBridge Amazon, Layanan Video Interaktif Amazon (Amazon IVS), Layanan Dikelola Amazon untuk Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service DevOps , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon StudioAmazon MQ, Amazon Nimble Pinpoint, Amazon Quick, Amazon Quick, Amazon Application Recovery Controller ( Amazon Route 53 Resolver ARC),, Layanan Penyimpanan Sederhana Amazon (Amazon S3) Amazon SimpleDB, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon SES), Amazon TimeStream,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family	7 September 2022
AWSConfigServiceRolePolicy— Tambahkan datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists	Kebijakan ini sekarang memberikan izin untuk menampilkan daftar AWS DataSync agen, lokasi DataSync sumber dan tujuan, serta DataSync tugas dalam Akun AWS; daftar informasi ringkasan tentang AWS Cloud Map ruang nama dan layanan yang terkait dengan satu atau beberapa ruang nama tertentu dalam Akun AWS; dan daftar semua daftar kontak Amazon Simple Email Service (Amazon SES) yang tersedia di. Akun AWS	22 Agustus 2022
AWS_ConfigRole— Tambahkan datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists	Kebijakan ini sekarang memberikan izin untuk menampilkan daftar AWS DataSync agen, lokasi DataSync sumber dan tujuan, serta DataSync tugas dalam Akun AWS; daftar informasi ringkasan tentang AWS Cloud Map ruang nama dan layanan yang terkait dengan satu atau beberapa ruang nama tertentu dalam Akun AWS; dan daftar semua daftar kontak Amazon Simple Email Service (Amazon SES) yang tersedia di. Akun AWS	22 Agustus 2022
ConfigConformsServiceRolePolicy— Tambahkan cloudwatch:PutMetricData	Kebijakan ini sekarang memberikan izin untuk mempublikasikan titik data metrik ke Amazon CloudWatch.	25 Juli 2022
AWSConfigServiceRolePolicy— Tambahkan amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon, Amazon, Amazon, ElastiCache Amazon Managed Service untuk Apache Flink FSx, EventBridge Amazon Location Service, Amazon Managed Streaming untuk Apache Kafka Kafka, Amazon Quick, Amazon Rekognition,, Amazon Simple Storage Service (Amazon S3) Simple Storage S3) AWS RoboMaker, Amazon Simple Email Service (Amazon SES),,,,,,, (Pusat Identitas IAM AWS Amplify) AWS AppConfig, Image Builder EC2 AWS Firewall Manager AWS Glue AWS IAM Identity Center , dan Elastic Load Balancing. AWS AppSync AWS Billing Conductor AWS DataSync	15 Juli 2022
AWS_ConfigRole— Tambahkan amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet	Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon, Amazon, Amazon, ElastiCache Amazon Managed Service untuk Apache Flink FSx, EventBridge Amazon Location Service, Amazon Managed Streaming untuk Apache Kafka Kafka, Amazon Quick, Amazon Rekognition,, Amazon Simple Storage Service (Amazon S3) Simple Storage S3) AWS RoboMaker, Amazon Simple Email Service (Amazon SES),,,,,,, (Pusat Identitas IAM AWS Amplify) AWS AppConfig, Image Builder EC2 AWS Firewall Manager AWS Glue AWS IAM Identity Center , dan Elastic Load Balancing. AWS AppSync AWS Billing Conductor AWS DataSync	15 Juli 2022
AWSConfigServiceRolePolicy— Tambahkan athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource	Kebijakan ini sekarang memberikan izin untuk mendapatkan katalog data Amazon Athena yang ditentukan, mencantumkan katalog data Athena dalam, dan mencantumkan tag Akun AWS yang terkait dengan grup kerja Athena atau sumber daya katalog data; untuk mendapatkan daftar grafik perilaku Detektif Amazon dan tag daftar untuk grafik perilaku Detektif; dapatkan daftar metadata sumber daya untuk daftar nama titik akhir pengembangan yang diberikan AWS Glue , dapatkan informasi tentang titik akhir pengembangan tertentu, dapatkan semua titik akhir pengembangan di sebuah, ambil keamanan tertentu AWS Glue AWS Glue Akun AWS AWS Glue konfigurasi, dapatkan semua konfigurasi AWS Glue keamanan, dapatkan daftar tag yang terkait dengan AWS Glue sumber daya, dapatkan informasi tentang AWS Glue grup kerja dengan nama yang ditentukan, ambil nama semua sumber daya AWS Glue crawler di AWS akun, dapatkan nama semua sumber AWS Glue `DevEndpoint` daya dalam, daftar nama semua sumber daya AWS Glue pekerjaan di sebuah Akun AWS, dapatkan detail tentang akun AWS Glue anggota Akun AWS, daftar nama AWS Glue alur kerja yang dibuat di akun, dan daftar grup kerja yang tersedia AWS Glue untuk akun; untuk mengambil detail tentang GuardDuty filter Amazon, mengambil, mengambil GuardDuty IPSet, mengambil akun GuardDuty anggota GuardDutyThreatIntelSet, mendapatkan daftar GuardDuty filter, mendapatkan layanan, mengambil tag untuk Layanan, dan mendapatkan GuardDuty layanan; untuk mendapatkan pengaturan status dan konfigurasi saat ini untuk akun Amazon Macie; untuk mengambil sumber daya dan asosiasi utama untuk AWS Resource Access Manager ()AWS RAM pembagian sumber daya dan mengambil detail tentang sumber daya IPSets GuardDuty ThreatIntelSets GuardDuty AWS RAM berbagi; untuk mendapatkan informasi tentang set konfigurasi Amazon Simple Email Service (Amazon SES) yang ada, dapatkan daftar tujuan acara yang terkait dengan set konfigurasi Amazon SES, dan daftarkan semua set konfigurasi yang terkait dengan akun Amazon SES; dan untuk mendapatkan daftar atribut direktori Pusat Identitas, dapatkan detail kumpulan izin, dapatkan kebijakan terkelola IAM AWS IAM Identity Center yang dilampirkan ke IAM yang ditentukan Set izin Pusat Identitas, dapatkan izin yang ditetapkan untuk instans Pusat Identitas IAM, dan dapatkan tag untuk Identitas IAM Sumber daya pusat.	31 Mei 2022
AWS_ConfigRole— Tambahkan athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource	Kebijakan ini sekarang memberikan izin untuk mendapatkan katalog data Amazon Athena yang ditentukan, mencantumkan katalog data Athena dalam, dan mencantumkan tag Akun AWS yang terkait dengan grup kerja Athena atau sumber daya katalog data; untuk mendapatkan daftar grafik perilaku Detektif Amazon dan tag daftar untuk grafik perilaku Detektif; dapatkan daftar metadata sumber daya untuk daftar nama titik akhir pengembangan yang diberikan AWS Glue , dapatkan informasi tentang titik akhir pengembangan tertentu, dapatkan semua titik akhir pengembangan di sebuah, ambil keamanan tertentu AWS Glue AWS Glue Akun AWS AWS Glue konfigurasi, dapatkan semua konfigurasi AWS Glue keamanan, dapatkan daftar tag yang terkait dengan AWS Glue sumber daya, dapatkan informasi tentang AWS Glue grup kerja dengan nama yang ditentukan, ambil nama semua sumber daya AWS Glue crawler di AWS akun, dapatkan nama semua sumber AWS Glue `DevEndpoint` daya dalam, daftar nama semua sumber daya AWS Glue pekerjaan di sebuah Akun AWS, dapatkan detail tentang akun AWS Glue anggota Akun AWS, daftar nama AWS Glue alur kerja yang dibuat di akun, dan daftar grup kerja yang tersedia AWS Glue untuk akun; untuk mengambil detail tentang GuardDuty filter Amazon, mengambil, mengambil GuardDuty IPSet, mengambil akun GuardDuty anggota GuardDutyThreatIntelSet, mendapatkan daftar GuardDuty filter, mendapatkan layanan, mengambil tag untuk Layanan, dan mendapatkan GuardDuty layanan; untuk mendapatkan pengaturan status dan konfigurasi saat ini untuk akun Amazon Macie; untuk mengambil sumber daya dan asosiasi utama untuk AWS Resource Access Manager ()AWS RAM pembagian sumber daya dan mengambil detail tentang sumber daya IPSets GuardDuty ThreatIntelSets GuardDuty AWS RAM berbagi; untuk mendapatkan informasi tentang set konfigurasi Amazon Simple Email Service (Amazon SES) yang ada, dapatkan daftar tujuan acara yang terkait dengan set konfigurasi Amazon SES, dan daftarkan semua set konfigurasi yang terkait dengan akun Amazon SES; dan untuk mendapatkan daftar atribut direktori Pusat Identitas, dapatkan detail kumpulan izin, dapatkan kebijakan terkelola IAM AWS IAM Identity Center yang dilampirkan ke IAM yang ditentukan Set izin Pusat Identitas, dapatkan izin yang ditetapkan untuk instans Pusat Identitas IAM, dan dapatkan tag untuk Identitas IAM Sumber daya pusat.	31 Mei 2022
AWSConfigServiceRolePolicy— Tambahkan cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies	Kebijakan ini sekarang memberikan izin untuk mendapatkan informasi tentang semua atau penyimpanan data AWS CloudTrail peristiwa tertentu (EDS), mendapatkan informasi tentang semua atau AWS CloudFormation sumber daya tertentu, mendapatkan daftar grup parameter DynamoDB Accelerator (DAX) atau grup subnet, mendapatkan informasi AWS Database Migration Service tentang AWS DMS() tugas replikasi untuk akun Anda di wilayah saat ini yang sedang diakses, dan mendapatkan daftar semua kebijakan dalam tipe tertentu. AWS Organizations	7 April 2022
AWS_ConfigRole— Tambahkan cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies	Kebijakan ini sekarang memberikan izin untuk mendapatkan informasi tentang semua atau penyimpanan data AWS CloudTrail peristiwa tertentu (EDS), mendapatkan informasi tentang semua atau AWS CloudFormation sumber daya tertentu, mendapatkan daftar grup parameter DynamoDB Accelerator (DAX) atau grup subnet, mendapatkan informasi AWS Database Migration Service tentang AWS DMS() tugas replikasi untuk akun Anda di wilayah saat ini yang sedang diakses, dan mendapatkan daftar semua kebijakan dalam tipe tertentu. AWS Organizations	7 April 2022
AWSConfigServiceRolePolicy— Tambahkan backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup,, DynamoDB AWS Batch Accelerator, Amazon DynamoDB AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon, Amazon,,,, Amazon Relational Database Service, V2, dan Amazon. FSx GuardDuty AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces	Maret 14, 2022
AWS_ConfigRole— Tambahkan backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces	Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup,, DynamoDB AWS Batch Accelerator, Amazon DynamoDB AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon, Amazon,,,, Amazon Relational Database Service, V2, dan Amazon. FSx GuardDuty AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces	Maret 14, 2022
AWSConfigServiceRolePolicy— Tambahkan elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies	Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang lingkungan Elastic Beanstalk dan deskripsi pengaturan untuk set konfigurasi Elastic Beanstalk yang ditentukan, mendapatkan peta atau versi Elasticsearch, menjelaskan grup opsi Amazon OpenSearch RDS yang tersedia untuk database, dan mendapatkan informasi tentang konfigurasi penerapan. CodeDeploy Kebijakan ini juga sekarang memberikan izin untuk mengambil kontak alternatif tertentu yang dilampirkan pada Akun AWS, mengambil informasi tentang kebijakan, mengambil AWS Organizations kebijakan repositori Amazon ECR, mengambil informasi tentang aturan yang AWS Config diarsipkan, mengambil daftar keluarga definisi tugas Amazon ECS, mencantumkan OUs unit organisasi root atau induk () dari OU atau akun turunan yang ditentukan, dan daftar kebijakan yang dilampirkan ke root target, unit organisasi, atau akun yang ditentukan.	Februari 10, 2022
AWS_ConfigRole— Tambahkan elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies	Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang lingkungan Elastic Beanstalk dan deskripsi pengaturan untuk set konfigurasi Elastic Beanstalk yang ditentukan, mendapatkan peta atau versi Elasticsearch, menjelaskan grup opsi Amazon OpenSearch RDS yang tersedia untuk database, dan mendapatkan informasi tentang konfigurasi penerapan. CodeDeploy Kebijakan ini juga sekarang memberikan izin untuk mengambil kontak alternatif tertentu yang dilampirkan pada Akun AWS, mengambil informasi tentang kebijakan, mengambil AWS Organizations kebijakan repositori Amazon ECR, mengambil informasi tentang aturan yang AWS Config diarsipkan, mengambil daftar keluarga definisi tugas Amazon ECS, mencantumkan OUs unit organisasi root atau induk () dari OU atau akun turunan yang ditentukan, dan daftar kebijakan yang dilampirkan ke root target, unit organisasi, atau akun yang ditentukan.	Februari 10, 2022
AWSConfigServiceRolePolicy— Tambahkan logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent	Kebijakan ini sekarang memberikan izin untuk membuat grup dan aliran CloudWatch log Amazon dan menulis log ke aliran log yang dibuat.	Desember 15, 2021
AWS_ConfigRole— Tambahkan logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent	Kebijakan ini sekarang memberikan izin untuk membuat grup dan aliran CloudWatch log Amazon dan menulis log ke aliran log yang dibuat.	Desember 15, 2021
AWSConfigServiceRolePolicy— Tambahkan es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots	Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang OpenSearch Layanan Amazon (OpenSearch Layanan) domain/domains dan untuk mendapatkan daftar parameter terperinci untuk grup parameter DB Amazon Relational Database Service (Amazon RDS) tertentu. Kebijakan ini juga memberikan izin untuk mendapatkan detail tentang snapshot Amazon ElastiCache .	8 September 2021
AWS_ConfigRole— Tambahkan es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots	Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang OpenSearch Layanan Amazon (OpenSearch Layanan) domain/domains dan untuk mendapatkan daftar parameter terperinci untuk grup parameter DB Amazon Relational Database Service (Amazon RDS) tertentu. Kebijakan ini juga memberikan izin untuk mendapatkan detail tentang snapshot Amazon ElastiCache .	8 September 2021
AWSConfigServiceRolePolicy— Tambahkanlogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine, dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk mencantumkan tag untuk grup log, tag daftar untuk mesin status, dan mencantumkan semua mesin status. Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang mesin negara. Kebijakan ini juga sekarang mendukung izin tambahan untuk Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon, Amazon Data Firehose FSx, Amazon Managed Streaming untuk Apache Kafka Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route SageMaker 53, Amazon AI, Amazon Simple Notification Layanan,,, dan. AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway	28 Juli 2021
AWS_ConfigRole— Tambahkan logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine, dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk mencantumkan tag untuk grup log, tag daftar untuk mesin status, dan mencantumkan semua mesin status. Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang mesin negara. Kebijakan ini juga sekarang mendukung izin tambahan untuk Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon, Amazon Data Firehose FSx, Amazon Managed Streaming untuk Apache Kafka Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route SageMaker 53, Amazon AI, Amazon Simple Notification Layanan,,, dan. AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway	28 Juli 2021
AWSConfigServiceRolePolicy— Tambahkan ssm:DescribeDocumentPermission dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk melihat izin AWS Systems Manager dokumen dan informasi tentang IAM Access Analyzer. Kebijakan ini sekarang mendukung jenis AWS sumber daya tambahan untuk Amazon Kinesis, Amazon, Amazon EMR, ElastiCache Amazon Route 53, dan AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. Kebijakan ini juga sekarang mendukung pemfilteran fungsi Lambda @Edge untuk aturan terkelola lambda-inside-vpc AWS Config .	8 Juni 2021
AWS_ConfigRole— Tambahkan ssm:DescribeDocumentPermission dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk melihat izin AWS Systems Manager dokumen dan informasi tentang IAM Access Analyzer. Kebijakan ini sekarang mendukung jenis AWS sumber daya tambahan untuk Amazon Kinesis, Amazon, Amazon EMR, ElastiCache Amazon Route 53, dan AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. Kebijakan ini juga sekarang mendukung pemfilteran fungsi Lambda @Edge untuk aturan terkelola lambda-inside-vpc AWS Config .	8 Juni 2021
AWSConfigServiceRolePolicy— Tambahkan apigateway:GET izin untuk melakukan panggilan GET hanya-baca ke API Gateway dan s3:GetAccessPointPolicy izin serta s3:GetAccessPointPolicyStatus izin untuk memanggil Amazon S3 hanya-baca APIs	Kebijakan ini sekarang memberikan izin yang memungkinkan panggilan GET hanya-baca AWS Config ke API Gateway guna mendukung Aturan API Gateway. AWS Config Kebijakan ini juga menambahkan izin yang memungkinkan AWS Config untuk memanggil Amazon Simple Storage Service (Amazon S3) APIs read-only, yang diperlukan untuk mendukung jenis sumber daya baru. `AWS::S3::AccessPoint`	10 Mei 2021
AWS_COnFigRole - Tambahkan apigateway:GET izin untuk melakukan panggilan GET hanya-baca ke API Gateway dan s3:GetAccessPointPolicy izin serta izin untuk s3:GetAccessPointPolicyStatus memanggil Amazon S3 hanya-baca APIs	Kebijakan ini sekarang memberikan izin yang memungkinkan panggilan GET hanya-baca AWS Config ke API Gateway guna mendukung API AWS Config Gateway. Kebijakan ini juga menambahkan izin yang memungkinkan AWS Config untuk memanggil Amazon Simple Storage Service (Amazon S3) APIs read-only, yang diperlukan untuk mendukung jenis sumber daya baru. `AWS::S3::AccessPoint`	10 Mei 2021
AWSConfigServiceRolePolicy— Tambahkan ssm:ListDocuments izin dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk melihat informasi tentang dokumen AWS Systems Manager tertentu. Kebijakan ini juga sekarang mendukung jenis AWS sumber daya tambahan untuk AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3) Simple Storage Service S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis SageMaker , Amazon AI, dan Amazon Route 53. AWS Database Migration Service Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini.	1 April 2021
AWS_ConfigRole— Tambahkan ssm:ListDocuments izin dan izin tambahan untuk jenis AWS sumber daya	Kebijakan ini sekarang memberikan izin untuk melihat informasi tentang dokumen AWS Systems Manager tertentu. Kebijakan ini juga sekarang mendukung jenis AWS sumber daya tambahan untuk AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3) Simple Storage Service S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis SageMaker , Amazon AI, dan Amazon Route 53. AWS Database Migration Service Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini.	1 April 2021
`AWSConfigRole`sudah usang	`AWSConfigRole`sudah usang. Kebijakan penggantian adalah`AWS_ConfigRole`.	1 April 2021
AWS Config mulai melacak perubahan	AWS Config mulai melacak perubahan untuk kebijakan yang AWS dikelola.	1 April 2021

Awas Javascript dinonaktifkan atau tidak tersedia di browser Anda.

Untuk menggunakan Dokumentasi AWS, Javascript harus diaktifkan. Lihat halaman Bantuan browser Anda untuk petunjuk.

Konvensi Dokumen

Contoh kebijakan berbasis identitas

Izin untuk Peran IAM