AWSの 管理ポリシーAWS Config

AWS_ConfigRole – lightsail「:GetActiveNameslightsail」「:GetOperations」「s3:GetBucketAbac」を追加する

このポリシーは、 Amazon Lightsailおよび Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy – lightsail「:GetActiveNameslightsail」「:GetOperations」「s3:GetBucketAbac」を追加

このポリシーは、 Amazon Lightsailおよび Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy – コンピューティング、ストレージ、ネットワーク、セキュリティ、分析、機械学習AWSサービスなど、100 以上のサービスにわたるAWSリソース設定の記録のための包括的なアクセス許可を持つマネージドポリシーを更新しました。

このポリシーでは、サービスアクセス許可のドキュメントが強化され、 が設定記録のためにAWS ConfigサポートするすべてのAWSサービスで包括的なモニタリングがサポートされるようになりました。

2025 年 11 月 11 日

AWS_ConfigRole – マネージドポリシーを更新し、Amazon Elastic Compute Cloud AWS Identity and Access Management、Amazon Simple Storage Service、Amazon AWS Lambda Amazon Relational Database Service など、複数のサービスにわたるAWSリソース設定の記録のための包括的なアクセス許可を追加しました。

このポリシーは、サポートされているすべてのAWSサービスで包括的なAWSリソース設定の記録とモニタリングのための追加のアクセス許可をサポートするようになりました。

2025 年 11 月 10 日

AWS_ConfigRole – 追加: 「amplify:GetDomainAssociation」、「amplify:ListDomainAssociations」、「amplify:ListTagsForResource」、「appsync:GetSourceApiAssociation」、「appsync:ListSourceApiAssociations」、「bedrock:GetFlow」、「bedrock:ListAgentCollaborators」、「bedrock:ListFlows」、「bedrock:ListPrompts」、「cloudTrail:GetResourcePolicy」、「cloudformation:DescribePublisher」、「codeartifact:DescribePackageGroup」、「codeartifact:ListAllowedRepositoriesForGroup」、「codeartifact:ListPackageGroups」、「codepipeline:ListActionTypes」、「codepipeline:ListTagsForResource」、「codepipeline:ListWebhooks」、「connect:DescribeTrafficDistributionGroup」、「connect:ListTrafficDistributionGroups」、「deadline:ListFarms」、「ec2:GetTransitGatewayRouteTablePropagations」、「ec2:SearchLocalGatewayRoutes」、「ec2:SearchTransitGatewayMulticastGroups」、「entityresolution:GetMatchingWorkflow」、「entityresolution:ListMatchingWorkflows」、「iotsitewise:ListAssetModelCompositeModels」、「iotsitewise:ListAssetModelProperties」、「iotsitewise:ListAssetProperties」、「iotsitewise:ListAssociatedAssets」、「ivs:ListPublicKeys」、「lambda:GetProvisionedConcurrencyConfig」、「lambda:GetRuntimeManagementConfig」、「lambda:ListFunctionEventInvokeConfigs」、「lambda:ListFunctionUrlConfigs」、「pipes:DescribePipe」、「pipes:ListPipes」、「quicksight:DescribeRefreshSchedule」、「quicksight:ListRefreshSchedules」、「redshift-serverless:ListSnapshotCopyConfigurations」、「redshift:GetResourcePolicy」、「rolesanywhere:GetCrl」、「rolesanywhere:ListCrls」、「sagemaker:DescribeApp」、「sagemaker:DescribeUserProfile」、「sagemaker:ListApps」、「sagemaker:ListModelPackages」、「sagemaker:ListUserProfiles」、「secretsmanager:GetResourcePolicy」、「securitylake:ListSubscribers」、「securitylake:ListTagsForResource」、「servicecatalog:DescribeServiceAction」、「servicecatalog:ListApplications」、「servicecatalog:ListAssociatedResources」、「shield:ListProtectionGroups」、「shield:ListTagsForResource」、「ssm-incidents:GetReplicationSet」、「ssm-incidents:ListReplicationSets」、「ssm:DescribeAssociation」、「ssm:DescribePatchBaselines」、「ssm:GetDefaultPatchBaseline」、「ssm:GetPatchBaseline」、「ssm:GetResourcePolicies」、「ssm:ListAssociations」、「ssm:ListResourceDataSync」、「wafv2:ListLoggingConfigurations」、「bedrock-agentcore:ListCodeInterpreters」、「bedrock-agentcore:GetCodeInterpreter」、「bedrock-agentcore:ListBrowsers」、「bedrock-agentcore:GetBrowser」、「bedrock-agentcore:ListAgentRuntimes」、「bedrock-agentcore:GetAgentRuntime」、「bedrock-agentcore:ListAgentRuntimeEndpoints」、「bedrock-agentcore:GetAgentRuntimeEndpoint」

このポリシーはAWS Amplify、、AWS AppSync Amazon Bedrock、AWS CloudTrail、CloudFormationAWS CodeArtifact、AWS CodePipeline、Amazon Connect、、AWS Deadline Cloud Amazon EC2、AWS Entity ResolutionAWS IoT SiteWise、Amazon IVS、AWS Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、AWS Identity and Access Management Roles Anywhere Amazon SageMaker、、AWS Secrets Manager Amazon Security Lake AWS Service Catalog、、AWS Shield、Amazon EC2 Systems Manager、および に対する追加のアクセス許可をサポートするようになりましたAWS WAFV2。

2025 年 10 月 1 日

AWSConfigServiceRolePolicy – 追加: 「amplify:GetDomainAssociation」、「amplify:ListDomainAssociations」、「amplify:ListTagsForResource」、「appsync:GetSourceApiAssociation」、「appsync:ListSourceApiAssociations」、「bedrock:GetFlow」、「bedrock:ListAgentCollaborators」、「bedrock:ListFlows」、「bedrock:ListPrompts」、「cloudTrail:GetResourcePolicy」、「cloudformation:DescribePublisher」、「codeartifact:DescribePackageGroup」、「codeartifact:ListAllowedRepositoriesForGroup」、「codeartifact:ListPackageGroups」、「codepipeline:ListActionTypes」、「codepipeline:ListTagsForResource」、「codepipeline:ListWebhooks」、「connect:DescribeTrafficDistributionGroup」、「connect:ListTrafficDistributionGroups」、「deadline:ListFarms」、「ec2:GetTransitGatewayRouteTablePropagations」、「ec2:SearchLocalGatewayRoutes」、「ec2:SearchTransitGatewayMulticastGroups」、「entityresolution:GetMatchingWorkflow」、「entityresolution:ListMatchingWorkflows」、「iotsitewise:ListAssetModelCompositeModels」、「iotsitewise:ListAssetModelProperties」、「iotsitewise:ListAssetProperties」、「iotsitewise:ListAssociatedAssets」、「ivs:ListPublicKeys」、「lambda:GetProvisionedConcurrencyConfig」、「lambda:GetRuntimeManagementConfig」、「lambda:ListFunctionEventInvokeConfigs」、「lambda:ListFunctionUrlConfigs」、「pipes:DescribePipe」、「pipes:ListPipes」、「quicksight:DescribeRefreshSchedule」、「quicksight:ListRefreshSchedules」、「redshift-serverless:ListSnapshotCopyConfigurations」、「redshift:GetResourcePolicy」、「rolesanywhere:GetCrl」、「rolesanywhere:ListCrls」、「sagemaker:DescribeApp」、「sagemaker:DescribeUserProfile」、「sagemaker:ListApps」、「sagemaker:ListModelPackages」、「sagemaker:ListUserProfiles」、「secretsmanager:GetResourcePolicy」、「securitylake:ListSubscribers」、「securitylake:ListTagsForResource」、「servicecatalog:DescribeServiceAction」、「servicecatalog:ListApplications」、「servicecatalog:ListAssociatedResources」、「shield:ListProtectionGroups」、「shield:ListTagsForResource」、「ssm-incidents:GetReplicationSet」、「ssm-incidents:ListReplicationSets」、「ssm:DescribeAssociation」、「ssm:DescribePatchBaselines」、「ssm:GetDefaultPatchBaseline」、「ssm:GetPatchBaseline」、「ssm:GetResourcePolicies」、「ssm:ListAssociations」、「ssm:ListResourceDataSync」、「wafv2:ListLoggingConfigurations」、「bedrock-agentcore:ListCodeInterpreters」、「bedrock-agentcore:GetCodeInterpreter」、「bedrock-agentcore:ListBrowsers」、「bedrock-agentcore:GetBrowser」、「bedrock-agentcore:ListAgentRuntimes」、「bedrock-agentcore:GetAgentRuntime」、「bedrock-agentcore:ListAgentRuntimeEndpoints」、「bedrock-agentcore:GetAgentRuntimeEndpoint」

このポリシーはAWS Amplify、、AWS AppSync Amazon Bedrock、AWS CloudTrail、CloudFormationAWS CodeArtifact、AWS CodePipeline、Amazon Connect、、AWS Deadline Cloud Amazon EC2、AWS Entity ResolutionAWS IoT SiteWise、Amazon IVS、AWS Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、AWS Identity and Access Management Roles Anywhere Amazon SageMaker、、AWS Secrets Manager Amazon Security Lake AWS Service Catalog、、AWS Shield、Amazon EC2 Systems Manager、および に対する追加のアクセス許可をサポートするようになりましたAWS WAFV2。

2025 年 10 月 1 日

AWS_ConfigRole – 追加: 「arc-zonal-shift:GetAutoshiftObserverNotificationStatus」、「bedrock:GetModelInvocationLoggingConfiguration」、「cloudtrail:GetEventConfiguration」、「codeartifact:DescribeDomain」、「codeartifact:GetDomainPermissionsPolicy」、「deadline:GetFleet」、「deadline:GetQueueFleetAssociation」、「deadline:ListFleets」、「deadline:ListQueueFleetAssociations」、「deadline:ListTagsForResource」、「dms:DescribeDataMigrations」、「dms:ListMigrationProjects」、「glue:GetDataCatalogEncryptionSettings」、「kafkaconnect:DescribeCustomPlugin」、「kafkaconnect:DescribeWorkerConfiguration」、「kafkaconnect:ListCustomPlugins」、「kafkaconnect:ListTagsForResource」、「kafkaconnect:ListWorkerConfigurations」、「lakeformation:DescribeLakeFormationIdentityCenterConfiguration」、「medialive:DescribeMultiplexProgram」、「medialive:ListMultiplexPrograms」、「mediapackagev2:GetChannelGroup」、「mediapackagev2:ListChannelGroups」、「rds:DescribeEngineDefaultParameters」、「rolesanywhere:GetProfile」、「rolesanywhere:GetTrustAnchor」、「rolesanywhere:ListProfiles」、「rolesanywhere:ListTagsForResource」、「rolesanywhere:ListTrustAnchors」、「s3:GetAccessGrant」、「s3:ListAccessGrants」、「secretsmanager:DescribeSecret」、「securitylake:ListDataLakeExceptions」、「securitylake:ListDataLakes」、「securitylake:ListLogSources」、「servicecatalog:GetAttributeGroup」、「servicecatalog:ListAttributeGroups」、「servicecatalog:ListServiceActions」、「servicecatalog:ListServiceActionsForProvisioningArtifact」、「ses:GetTrafficPolicy」、「ses:ListTagsForResource」、「ses:ListTrafficPolicies」、「xray:GetGroup」、「xray:GetGroups」、「xray:GetSamplingRules」、「xray:ListResourcePolicies」、「xray:ListTagsForResource」

このポリシーは、AWS ARC - Zonal Shift、Amazon Bedrock、AWS CloudTrail、AWS CodeArtifactAWS Deadline Cloud、AWS Database Migration Service、AWS Glue、、AWS Identity and Access Management、Amazon Managed Streaming for Apache Kafka、AWS Lake Formation、Amazon CloudWatch Logs AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、AWS Secrets Manager Amazon Security Lake、AWS Service Catalog Amazon Simple Email Service、および に対する追加のアクセス許可をサポートするようになりましたAWS X-Ray。

2025 年 7 月 28 日

AWSConfigServiceRolePolicy – 追加

「arc-zonal-shift:GetAutoshiftObserverNotificationStatus」、「bedrock:GetModelInvocationLoggingConfiguration」、「cloudtrail:GetEventConfiguration」、「codeartifact:DescribeDomain」、「codeartifact:GetDomainPermissionsPolicy」、「deadline:GetFleet」、「deadline:GetQueueFleetAssociation」、「deadline:ListFleets」、「deadline:ListQueueFleetAssociations」、「deadline:ListTagsForResource」、「dms:DescribeDataMigrations」、「dms:ListMigrationProjects」、「glue:GetDataCatalogEncryptionSettings」、「iam:ListPolicies」、「kafkaconnect:DescribeCustomPlugin」、「kafkaconnect:DescribeWorkerConfiguration」、「kafkaconnect:ListCustomPlugins」、「kafkaconnect:ListTagsForResource」、「kafkaconnect:ListWorkerConfigurations」、「lakeformation:DescribeLakeFormationIdentityCenterConfiguration」、「logs:DescribeIndexPolicies」、「logs:ListTagsForResource」、「medialive:DescribeMultiplexProgram」、「medialive:ListMultiplexPrograms」、「mediapackagev2:GetChannelGroup」、「mediapackagev2:ListChannelGroups」、「rds:DescribeEngineDefaultParameters」、「rolesanywhere:GetProfile」、「rolesanywhere:GetTrustAnchor」、「rolesanywhere:ListProfiles」、「rolesanywhere:ListTagsForResource」、「rolesanywhere:ListTrustAnchors」、「s3:GetAccessGrant」、「s3:ListAccessGrants」、「secretsmanager:DescribeSecret」、「securitylake:ListDataLakeExceptions」、「securitylake:ListDataLakes」、「securitylake:ListLogSources」、「servicecatalog:GetAttributeGroup」、「servicecatalog:ListAttributeGroups」、「servicecatalog:ListServiceActions」、「servicecatalog:ListServiceActionsForProvisioningArtifact」、「ses:GetTrafficPolicy」、「ses:ListTagsForResource」、「ses:ListTrafficPolicies」、「xray:GetGroup」、「xray:GetGroups」、「xray:GetSamplingRules」、「xray:ListResourcePolicies」、「xray:ListTagsForResource」、「arn:aws:apigateway:::/account」、「arn:aws:apigateway:::/usageplans」、「arn:aws:apigateway:::/usageplans/」。

このポリシーはAWS ARC - Zonal Shift、、Amazon Bedrock、AWS CloudTrail、AWS CodeArtifactAWS Deadline Cloud、AWS Database Migration ServiceAWS Glue、、、AWS Identity and Access Management、Amazon Managed Streaming for Apache Kafka、AWS Lake Formation、Amazon CloudWatch Logs AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、AWS Secrets Manager Amazon Security Lake、AWS Service Catalog Amazon Simple Email Service AWS X-Ray、および Amazon API Gateway に対する追加のアクセス許可をサポートするようになりました。

2025 年 7 月 28 日

AWSConfigServiceRolePolicy – 追加: 「backup-gateway:GetHypervisor」、「backup-gateway:ListHypervisors」、「bcm-data-exports:GetExport」、「bcm-data-exports:ListExports」、「bcm-data-exports:ListTagsForResource」、「bedrock:GetAgent」、「bedrock:GetAgentActionGroup」、「bedrock:GetAgentKnowledgeBase」、「bedrock:GetDataSource」、「bedrock:GetFlowAlias」、「bedrock:GetFlowVersion」、「bedrock:ListAgentActionGroups」、「bedrock:ListAgentKnowledgeBases」、「bedrock:ListDataSources」、「bedrock:ListFlowAliases」、「bedrock:ListFlowVersions」、「cloudformation:BatchDescribeTypeConfigurations」、「cloudformation:DescribeStackInstance」、「cloudformation:DescribeStackSet」、「cloudformation:ListStackInstances」、「cloudformation:ListStackSets」、「cloudfront:GetPublicKey」、「cloudfront:GetRealtimeLogConfig」、「cloudfront:ListPublicKeys」、「cloudfront:ListRealtimeLogConfigs」、「entityresolution:GetIdMappingWorkflow」、「entityresolution:GetSchemaMapping」、「entityresolution:ListIdMappingWorkflows」、「entityresolution:ListSchemaMappings」、「entityresolution:ListTagsForResource」、「iotdeviceadvisor:GetSuiteDefinition」、「iotdeviceadvisor:ListSuiteDefinitions」、「lambda:GetEventSourceMapping」、「lambda:ListEventSourceMappings」、「mediapackagev2:GetChannel」、「mediapackagev2:ListChannels」、「networkmanager:GetTransitGatewayPeering」、「networkmanager:ListPeerings」、「pca-connector-ad:GetDirectoryRegistration」、「pca-connector-ad:ListDirectoryRegistrations」、「pca-connector-ad:ListTagsForResource」、「rds:DescribeDBShardGroups」、「rds:DescribeIntegrations」、「redshift:DescribeIntegrations」、「s3tables:GetTableBucket」、「s3tables:GetTableBucketEncryption」、「s3tables:GetTableBucketMaintenanceConfiguration」、「s3tables:ListTableBuckets」、「ssm-quicksetup:GetConfigurationManager」、「ssm-quicksetup:ListConfigurationManagers」

このポリシーはAWS Billing and Cost Management、AWS Backup gateway、Amazon Bedrock、AWS CloudFormation、Amazon CloudFront、AWS Entity ResolutionAWS IoT Core Device Advisor、AWS Lambda、AWS Network Manager、AWS Private Certificate Authority、Amazon Relational Database Service、Amazon Redshift、Amazon S3 Tables、 に対する追加のアクセス許可をサポートするようになりましたAWS Systems Manager Quick Setup。

AWS_ConfigRole – 追加: 「backup-gateway:GetHypervisor」、「backup-gateway:ListHypervisors」、「bcm-data-exports:GetExport」、「bcm-data-exports:ListExports」、「bcm-data-exports:ListTagsForResource」、「bedrock:GetAgent」、「bedrock:GetAgentActionGroup」、「bedrock:GetAgentKnowledgeBase」、「bedrock:GetDataSource」、「bedrock:GetFlowAlias」、「bedrock:GetFlowVersion」、「bedrock:ListAgentActionGroups」、「bedrock:ListAgentKnowledgeBases」、「bedrock:ListDataSources」、「bedrock:ListFlowAliases」、「bedrock:ListFlowVersions」、「cloudformation:BatchDescribeTypeConfigurations」、「cloudformation:DescribeStackInstance」、「cloudformation:DescribeStackSet」、「cloudformation:ListStackInstances」、「cloudformation:ListStackSets」、「cloudfront:GetPublicKey」、「cloudfront:GetRealtimeLogConfig」、「cloudfront:ListPublicKeys」、「cloudfront:ListRealtimeLogConfigs」、「entityresolution:GetIdMappingWorkflow」、「entityresolution:GetSchemaMapping」、「entityresolution:ListIdMappingWorkflows」、「entityresolution:ListSchemaMappings」、「entityresolution:ListTagsForResource」、「iotdeviceadvisor:GetSuiteDefinition」、「iotdeviceadvisor:ListSuiteDefinitions」、「lambda:GetEventSourceMapping」、「lambda:ListEventSourceMappings」、「networkmanager:GetTransitGatewayPeering」、「networkmanager:ListPeerings」、「pca-connector-ad:GetDirectoryRegistration」、「pca-connector-ad:ListDirectoryRegistrations」、「pca-connector-ad:ListTagsForResource」、「rds:DescribeDBShardGroups」、「rds:DescribeIntegrations」、「redshift:DescribeIntegrations」、「s3tables:GetTableBucket」、「s3tables:GetTableBucketEncryption」、「s3tables:GetTableBucketMaintenanceConfiguration」、「s3tables:ListTableBuckets」、「ssm-quicksetup:GetConfigurationManager」、「ssm-quicksetup:ListConfigurationManagers」

このポリシーはAWS Backup gateway、、Amazon Bedrock AWS Billing and Cost Management、、AWS CloudFormation Amazon CloudFront、AWS Entity ResolutionAWS IoT Core Device Advisor、AWS LambdaAWS Network Manager、AWS Private Certificate Authority、Amazon Relational Database Service、Amazon Redshift、Amazon S3 Tables、 に対する追加のアクセス許可をサポートするようになりましたAWS Systems Manager Quick Setup。

AWS_ConfigRole – 追加: "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

このポリシーでは、Amazon Bedrock に対するアクセス許可も追加でサポートされるようになりました。

AWSConfigServiceRolePolicy – 追加: "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

このポリシーでは、Amazon Bedrock に対するアクセス許可も追加でサポートされるようになりました。

AWS_ConfigRole – 追加: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

このポリシーはAWS B2B Data Interchange、、Amazon Bedrock、AWS Clean Rooms、、AWS Database Migration Service(AWS DMS)AWS CodeConnectionsAWS Direct Connect、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker AI AWS Security Hub CSPM、および Contacts、およびAWS Systems Manager Incident ManagerAWS Systems Manager Incident Managerの追加のアクセス許可をサポートするようになりましたAWS Systems Manager。

AWSConfigServiceRolePolicy – 追加: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

このポリシーはAWS B2B Data Interchange、、Amazon Bedrock、AWS Clean Rooms、、AWS Database Migration Service(AWS DMS)AWS CodeConnectionsAWS Direct Connect、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker AI AWS Security Hub CSPM、および Contacts、およびAWS Systems Manager Incident ManagerAWS Systems Manager Incident Managerの追加のアクセス許可をサポートするようになりましたAWS Systems Manager。このポリシーでは、リソースパターン「arn:aws:apigateway:::/domainnames/」を含めることで、すべての Amazon API Gateway ドメイン名に対するアクセス許可もサポートされるようになりました。

AWS_ConfigRole – 追加: "ec2:GetAllowedImagesSettings"

このポリシーでは、Amazon Elastic Compute Cloud (Amazon EC2) に対するアクセス許可も追加でサポートされるようになりました。

AWSConfigServiceRolePolicy – 追加: "ec2:GetAllowedImagesSettings"

このポリシーでは、Amazon Elastic Compute Cloud (Amazon EC2) に対するアクセス許可も追加でサポートされるようになりました。

AWS_ConfigRole – 追加: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

このポリシーはAWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Simple Storage Service (Amazon S3)AWS HealthOmics、Amazon Simple Email Service (Amazon SES) に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

このポリシーはAWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Simple Storage Service (Amazon S3)AWS HealthOmics、Amazon Simple Email Service (Amazon SES) に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: "organizations:ListAWSServiceAccessForOrganization"

このポリシーでは、AWS Organizationsに対するアクセス許可も追加でサポートされるようになりました。

AWS_ConfigRole – 追加: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

このポリシーはAWS AppConfig、、AWS CloudTrail Amazon Connect、Amazon DataZone、Amazon DevOpsGuru、AWS Glue Identity Store、AWS IoTAWS IoT FleetWise、Amazon Interactive Video Service (Amazon IVS)AWS IoT Wireless、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)、Amazon EventBridge Scheduler AWS Systems Manager、Amazon VPC Lattice に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

このポリシーはAWS AppConfig、、AWS CloudTrail Amazon Connect、Amazon DataZone、Amazon DevOpsGuru、AWS Glue Identity Store、AWS IoTAWS IoT FleetWise、Amazon Interactive Video Service (Amazon IVS)AWS IoT Wireless、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)、Amazon EventBridge Scheduler AWS Systems Manager、Amazon VPC Lattice に対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

このポリシーは、Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、AWS CloudTrail、AWS Glue EC2 Image Builder、AWS IoT Amazon Interactive Video Service (Amazon IVS)AWS Elemental MediaConnect、AWS Elemental MediaTailorAWS HealthOmics、および Amazon EventBridge スケジューラに対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

このポリシーは、Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、AWS CloudTrail、AWS Glue EC2 Image Builder、AWS IoT Amazon Interactive Video Service (Amazon IVS)AWS Elemental MediaConnect、AWS Elemental MediaTailorAWS HealthOmics、および Amazon EventBridge スケジューラに対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりましたAWS Systems Manager for SAP。

AWSConfigServiceRolePolicy – 追加: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりましたAWS Systems Manager for SAP。

このポリシーは、Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)AWS Lambda、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI、Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

このポリシーは、Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)AWS Lambda、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI、Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

AWSConfigUserAccess –AWS ConfigこのAWS管理ポリシーの変更の追跡を開始します

このポリシーはAWS Config、リソースのタグによる検索やすべてのタグの読み取りなど、 が使用できるアクセスを提供します。これはAWS Config、管理者権限を必要とする を設定するアクセス許可を提供しません。

このポリシーはAWS AppConfig、Amazon Managed Service for Prometheus、AWS Database Migration Service(AWS DMS)、 (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs AWS Organizations、Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

このポリシーはAWS AppConfig、Amazon Managed Service for Prometheus、AWS Database Migration Service(AWS DMS)、 (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs AWS Organizations、Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

このポリシーは、Amazon Cognito、Amazon Connect、Amazon EMR AWS Ground Station、AWS Mainframe Modernization、Amazon MemoryDB、AWS Organizations Amazon Quick Suite、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53 AWS Service Catalog、および に対する追加のアクセス許可をサポートするようになりましたAWS Transfer Family。

このポリシーにより、AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID、および AWSConfigSLRApiGatewayStatementID のセキュリティ識別子 (SID) が追加されるようになりました。

このポリシーは、Amazon Cognito、Amazon Connect、Amazon EMR AWS Ground Station、AWS Mainframe Modernization、Amazon MemoryDB、AWS Organizations Amazon Quick Suite、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53 AWS Service Catalog、および に対する追加のアクセス許可をサポートするようになりましたAWS Transfer Family。

このポリシーにより、AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID、および AWSConfigSLRApiGatewayStatementID のセキュリティ識別子 (SID) が追加されるようになりました。

このポリシーはAWS Private CA、、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)AWS App Mesh、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、AWS IoTAWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Lambda、、AWS Network ManagerAWS Organizations、および Amazon SageMaker AI に対する追加のアクセス許可をサポートするようになりました。

このポリシーはAWS Private CA、、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)AWS App Mesh、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、AWS IoTAWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Lambda、、AWS Network ManagerAWS Organizations、および Amazon SageMaker AI に対する追加のアクセス許可をサポートするようになりました。

このポリシーはAWS Systems Manager(Systems Manager) のアクセス許可を削除するようになりました。

このポリシーはAWS App Mesh、、AWS CloudFormation Amazon CloudFront AWS CodeArtifact、AWS CodeBuild、Amazon Connect、AWS Glue Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector、AWS IoTAWS IoT TwinMaker、AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnectAWS Network Manager、AWS OrganizationsAWS Resource Explorer、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

このポリシーはAWS App Mesh、、Amazon WorkSpaces Applications、AWS CloudFormation、Amazon CloudFront、AWS CodeArtifactAWS CodeBuild、Amazon Connect、AWS Glue、Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector AWS IoTAWS IoT TwinMaker、、AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnectAWS Network Manager、AWS OrganizationsAWS Resource Explorer、、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS)、Amazon EC2 Systems Manager (SSM) に対する追加のアクセス許可をサポートするようになりました。 Amazon EC2 Systems Manager

このポリシーはAWS Amplify、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Connect、AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、AWS BatchAWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、 Amazon CodeGuru、AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon CloudWatch Evidently、AWS Organizations、 Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Lightsail、、 Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC) Amazon Personalize、 Amazon Quick Suite、AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3) Amazon SageMaker AI、AWS Transfer Family。

このポリシーはAWS Amplify、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Connect、AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、AWS BatchAWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、 Amazon CodeGuru、AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon CloudWatch Evidently、AWS Organizations、Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Lightsail、、 Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC) Amazon Personalize、 Amazon Quick Suite、AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3) Amazon SageMaker AI、AWS Transfer Family。

このポリシーはAWS Amplify、、、Amazon CloudFront AWS App MeshAWS App Runner、、Amazon Elastic Compute Cloud AWS CodeArtifact、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、、AWS Transfer Family Amazon Pinpoint、AWS Resilience Hub AWS Migration Hub、Amazon CloudWatch、AWS Directory Service、および の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりましたAWS WAF。

このポリシーはAWS Amplify、、、Amazon CloudFront AWS App MeshAWS App Runner、、Amazon Elastic Compute Cloud AWS CodeArtifact、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、、AWS Transfer Family Amazon Pinpoint、AWS Resilience Hub AWS Migration Hub、Amazon CloudWatch、AWS Directory Service、および の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりましたAWS WAF。

このポリシーは、Amazon AppFlow AWS App Runner、、Amazon WorkSpaces Applications、Amazon CloudFront、Amazon CloudWatch AWS CodeArtifact、AWS CodeCommit、Amazon CloudWatch Evidently AWS Device Farm、Amazon Forecast AWS Ground Station、、AWS Identity and Access Management(IAM)AWS IoT、Amazon MemoryDB、Amazon Pinpoint、AWS Network ManagerAWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon SageMaker AI の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました。

このポリシーは、Amazon AppFlow AWS App Runner、、Amazon WorkSpaces Applications、AWS CloudFormation、Amazon CloudFront、Amazon CloudWatch、AWS CodeArtifactAWS CodeCommitAWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast AWS Ground Station、、AWS Identity and Access Management(IAM)AWS IoT、、、Amazon MemoryDB、Amazon Pinpoint AWS Network Manager、AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon SageMaker AI の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました。

AWSConfigRulesExecutionRole – このAWS管理ポリシーの変更の追跡AWS Configを開始します

このポリシーにより、AWS Lambda関数はAWS Config API と、 が定期的に Amazon S3 にAWS Config配信する設定スナップショットにアクセスできます。このアクセスは、AWSカスタム Lambda ルールの設定変更を評価する関数で必要です。

AWSConfigRoleForOrganizations – このAWS管理ポリシーの変更の追跡AWS Configを開始します

このポリシーにより、 は読み取り専用 API AWS Configを呼び出すことができます。AWS Organizations APIs

AWSConfigRemediationServiceRolePolicy – このAWS管理ポリシーの変更の追跡AWS Configを開始します

このポリシーにより、AWS Configはユーザーに代わって NON_COMPLIANT リソースを修復できます。

AWSConfigServiceRolePolicy – 追加: auditmanager:GetAccountStatus

このポリシーでは、AWS Audit Managerのアカウントの登録状態を返すアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加: auditmanager:GetAccountStatus

このポリシーでは、AWS Audit Managerのアカウントの登録状態を返すアクセス許可を付与するようになりました。

AWSConfigMultiAccountSetupPolicy – このAWS管理ポリシーの変更の追跡AWS Configを開始します

このポリシーによりAWS Config、 はAWSサービスを呼び出し、 を使用して組織全体にリソースをデプロイAWS ConfigできますAWS Organizations。

AWSConfigServiceRolePolicy – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow、AWS IoT Amazon WorkSpaces アプリケーション、Amazon CodeGuru Reviewer、、AWS HealthLake Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2)AWS Device Farm、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty、Amazon CloudWatch Logs に対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow、AWS IoT Amazon WorkSpaces アプリケーション、Amazon CodeGuru Reviewer、、AWS HealthLake Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2)AWS Device Farm、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty、Amazon CloudWatch Logs に対する追加のアクセス許可をサポートするようになりました。

ConfigConformsServiceRolePolicy – 更新: config:DescribeConfigRules

セキュリティのベストプラクティスとして、このポリシーは、config:DescribeConfigRules に対する広範なリソースレベルのアクセス許可を削除するようになりました。

AWSConfigServiceRolePolicy – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、、、AWS Database Migration Service(AWS DMS)AWS Audit ManagerAWS Device Farm、AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2)AWS GlueAWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、、AWS Network Manager、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、、、AWS Database Migration Service(AWS DMS)AWS Audit ManagerAWS Device Farm、AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2)AWS GlueAWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、、AWS Network Manager、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定されたAWS CloudFormationスタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

AWS_ConfigRole – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定されたAWS CloudFormationスタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

AWSConfigServiceRolePolicy – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーはAWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、OpsWorksAWS Panorama、、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS) Amazon Rekognition、AWS RoboMakerAWS Resource Groups、、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、、 およびAWS Security Token Service。

AWS_ConfigRole – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーはAWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、OpsWorksAWS Panorama、、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS) Amazon Rekognition、AWS RoboMakerAWS Resource Groups、、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、、 およびAWS Security Token Service。

AWSConfigServiceRolePolicy – 追加: Glue::GetTable

このポリシーは、指定したAWS Glueテーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加 Glue::GetTable

このポリシーは、指定したAWS Glueテーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS) Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3) Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES) Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS License Manager、、AWS IoT TwinMakerAWS Lake Formation、、AWS Resilience Hub、AWS Signer、 およびAWS Transfer Family。

AWS_ConfigRole – 追加: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS) Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3) Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES) Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS License Manager、、AWS IoT TwinMakerAWS Lake Formation、、AWS Resilience Hub、AWS Signer、 およびAWS Transfer Family

AWS_ConfigRole – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow、AWS IoT Amazon WorkSpaces アプリケーション、Amazon CodeGuru Reviewer、、AWS HealthLake Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2)AWS Device Farm、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty、Amazon CloudWatch Logs に対する追加のアクセス許可をサポートするようになりました。

ConfigConformsServiceRolePolicy – 更新: config:DescribeConfigRules

セキュリティのベストプラクティスとして、このポリシーは、config:DescribeConfigRules に対する広範なリソースレベルのアクセス許可を削除するようになりました。

AWSConfigServiceRolePolicy – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、、、AWS Database Migration Service(AWS DMS)AWS Audit ManagerAWS Device Farm、AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2)AWS GlueAWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、、AWS Network Manager、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、、、AWS Database Migration Service(AWS DMS)AWS Audit ManagerAWS Device Farm、AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2)AWS GlueAWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、、AWS Network Manager、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定されたAWS CloudFormationスタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

AWS_ConfigRole – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定されたAWS CloudFormationスタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

AWSConfigServiceRolePolicy – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーはAWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、OpsWorksAWS Panorama、、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS) Amazon Rekognition、AWS RoboMakerAWS Resource Groups、、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、、 およびAWS Security Token Service。

AWS_ConfigRole – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーはAWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、OpsWorksAWS Panorama、、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS) Amazon Rekognition、AWS RoboMakerAWS Resource Groups、、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、、 およびAWS Security Token Service。

AWSConfigServiceRolePolicy – 追加: Glue::GetTable

このポリシーは、指定したAWS Glueテーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加 Glue::GetTable

このポリシーは、指定したAWS Glueテーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS) Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3) Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES) Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS License Manager、、AWS IoT TwinMakerAWS Lake Formation、、AWS Resilience Hub、AWS Signer、 およびAWS Transfer Family。

AWS_ConfigRole – 追加: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2) Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS) Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3) Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES) Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS License Manager、、AWS IoT TwinMakerAWS Lake Formation、、AWS Resilience Hub、AWS Signer、 およびAWS Transfer Family

AWSConfigServiceRolePolicy – 追加: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

このポリシーは、 のエージェント、DataSync の送信元と送信先の場所、DataSync AWS アカウントタスクのリストAWS DataSyncを返すアクセス許可、 の 1 つ以上の指定された名前空間に関連付けられている名前空間とサービスに関するAWS Cloud Map概要情報を一覧表示するアクセス許可、AWS アカウントおよび で使用できるすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示するアクセス許可を付与するようになりましたAWS アカウント。

AWS_ConfigRole – 追加: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

このポリシーは、 のエージェント、DataSync の送信元と送信先の場所、DataSync AWS アカウントタスクのリストAWS DataSyncを返すアクセス許可、 の 1 つ以上の指定された名前空間に関連付けられている名前空間とサービスに関するAWS Cloud Map概要情報を一覧表示するアクセス許可、AWS アカウントおよび で使用できるすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示するアクセス許可を付与するようになりましたAWS アカウント。

ConfigConformsServiceRolePolicy – 追加: cloudwatch:PutMetricData

このポリシーは、メトリクスデータポイントを Amazon CloudWatch に発行する許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

このポリシーでは、Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)AWS RoboMaker、Amazon Simple Email Service (Amazon SES)AWS Amplify、AWS AppConfig、、AWS AppSync、AWS Billing Conductor、AWS DataSyncAWS Firewall Manager、AWS IAM アイデンティティセンター、(IAM Identity Center)AWS Glue、EC2 Image Builder、Elastic Load Balancing に対する追加のアクセス許可がサポートされるようになりました。

AWS_ConfigRole – 追加: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

このポリシーでは、Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)AWS RoboMaker、Amazon Simple Email Service (Amazon SES)AWS Amplify、AWS AppConfig、、AWS AppSync、AWS Billing Conductor、AWS DataSyncAWS Firewall Manager、AWS IAM アイデンティティセンター、(IAM Identity Center)AWS Glue、EC2 Image Builder、Elastic Load Balancing に対する追加のアクセス許可がサポートされるようになりました。

AWSConfigServiceRolePolicy – 追加: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

このポリシーは、指定された Amazon Athena データカタログを取得するアクセス許可を付与するようになりました。 で Athena データカタログを一覧表示しますAWS アカウント。 および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。 Amazon Detective 動作グラフのリストを取得し、Detective 動作グラフのタグを一覧表示する。 特定のAWS Glue開発エンドポイント名のリストのリソースメタデータのリストを取得します。 指定されたAWS Glue開発エンドポイントに関する情報を取得する でAWS Glueすべての開発エンドポイントを取得するAWS アカウント指定されたAWS Glueセキュリティ設定を取得する すべてのAWS Glueセキュリティ設定を取得するAWS Glueリソースに関連付けられたタグのリストを取得する 指定された名前のAWS Glueワークグループに関する情報を取得します。 アカウント内のすべてのAWS GlueAWSクローラリソースの名前を取得する 内のすべてのAWS GlueDevEndpointリソースの名前を取得するAWS アカウント内のすべてのAWS Glueジョブリソースの名前を一覧表示しますAWS アカウント。AWS Glueメンバーアカウントの詳細を取得する アカウントで作成されたAWS Glueワークフローの名前を一覧表示します。 および アカウントで使用可能なAWS Glueワークグループを一覧表示します。 Amazon GuardDuty フィルターの詳細を取得するには、 GuardDuty IPSet を取得する GuardDuty ThreatIntelSet を取得する GuardDuty メンバーアカウントの取得 GuardDuty フィルターのリストを取得する GuardDuty サービスの IPSets を取得する GuardDuty サービスのタグを取得する GuardDuty サービスの ThreatIntelSets を取得します。 Amazon Macie アカウントの現在のステータスと設定を取得するにはAWS Resource Access Manager(AWS RAM) リソース共有のリソースとプリンシパルの関連付けを取得し、リソース共有の詳細AWS RAMを取得する。 Amazon Simple Email Service (Amazon SES) の既存の設定セットに関する情報を取得するには、 Amazon SES 設定セットに関連付けられているイベント送信先のリストを取得します。 および Amazon SES アカウントに関連付けられているすべての設定セットを一覧表示します。 Identity Center ディレクトリ属性のリストを取得するには、AWS IAM アイデンティティセンターアクセス許可セットの詳細を取得する 指定された IAM Identity Center アクセス許可セットにアタッチされている IAM 管理ポリシーを取得します。 IAM Identity Center インスタンスのアクセス許可セットを取得する および は、IAM Identity Center リソースのタグを取得します。

AWS_ConfigRole – 追加: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

このポリシーは、指定された Amazon Athena データカタログを取得するアクセス許可を付与するようになりました。 で Athena データカタログを一覧表示しますAWS アカウント。 および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。 Amazon Detective 動作グラフのリストを取得し、Detective 動作グラフのタグを一覧表示する。 特定のAWS Glue開発エンドポイント名のリストのリソースメタデータのリストを取得します。 指定されたAWS Glue開発エンドポイントに関する情報を取得する でAWS Glueすべての開発エンドポイントを取得するAWS アカウント指定されたAWS Glueセキュリティ設定を取得する すべてのAWS Glueセキュリティ設定を取得するAWS Glueリソースに関連付けられたタグのリストを取得する 指定された名前のAWS Glueワークグループに関する情報を取得します。 アカウント内のすべてのAWS GlueAWSクローラリソースの名前を取得する 内のすべてのAWS GlueDevEndpointリソースの名前を取得するAWS アカウント内のすべてのAWS Glueジョブリソースの名前を一覧表示しますAWS アカウント。AWS Glueメンバーアカウントの詳細を取得する アカウントで作成されたAWS Glueワークフローの名前を一覧表示します。 および アカウントで使用可能なAWS Glueワークグループを一覧表示します。 Amazon GuardDuty フィルターの詳細を取得するには、 GuardDuty IPSet を取得する GuardDuty ThreatIntelSet を取得する GuardDuty メンバーアカウントの取得 GuardDuty フィルターのリストを取得する GuardDuty サービスの IPSets を取得する GuardDuty サービスのタグを取得する GuardDuty サービスの ThreatIntelSets を取得します。 Amazon Macie アカウントの現在のステータスと設定を取得するにはAWS Resource Access Manager(AWS RAM) リソース共有のリソースとプリンシパルの関連付けを取得し、リソース共有の詳細AWS RAMを取得する。 Amazon Simple Email Service (Amazon SES) の既存の設定セットに関する情報を取得するには、 Amazon SES 設定セットに関連付けられているイベント送信先のリストを取得します。 および Amazon SES アカウントに関連付けられているすべての設定セットを一覧表示します。 Identity Center ディレクトリ属性のリストを取得するには、AWS IAM アイデンティティセンターアクセス許可セットの詳細を取得する 指定された IAM Identity Center アクセス許可セットにアタッチされている IAM 管理ポリシーを取得します。 IAM Identity Center インスタンスのアクセス許可セットを取得する および は、IAM Identity Center リソースのタグを取得します。

AWSConfigServiceRolePolicy – 追加: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

このポリシーは、すべてまたは指定されたAWS CloudTrailイベントデータストア (EDS) に関する情報の取得、すべてまたは指定されたAWS CloudFormationリソースに関する情報の取得、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、アクセスされている現在のリージョンのアカウントのAWS Database Migration Service(AWS DMS) レプリケーションタスクに関する情報の取得、およびAWS Organizations指定されたタイプの のすべてのポリシーのリストの取得を行うアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

このポリシーは、すべてまたは指定されたAWS CloudTrailイベントデータストア (EDS) に関する情報の取得、すべてまたは指定されたAWS CloudFormationリソースに関する情報の取得、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、アクセスされている現在のリージョンのアカウントのAWS Database Migration Service(AWS DMS) レプリケーションタスクに関する情報の取得、およびAWS Organizations指定されたタイプの のすべてのポリシーのリストの取得を行うアクセス許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

このポリシーはAWS Backup、、AWS Batch DynamoDB Accelerator、AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、AWS Key Management ServiceAWS OpsWorks、Amazon Relational Database Service、AWS WAF V2、Amazon WorkSpaces に対する追加のアクセス許可をサポートするようになりました。

AWS_ConfigRole – 追加: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

このポリシーはAWS Backup、、AWS Batch DynamoDB Accelerator、AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、AWS Key Management ServiceAWS OpsWorks、Amazon Relational Database Service、AWS WAF V2、Amazon WorkSpaces に対する追加のアクセス許可をサポートするようになりました。

AWSConfigServiceRolePolicy – 追加: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定内容に関する説明の取得、OpenSearch または Elasticsearch バージョンのマップの取得、データベースに利用できる Amazon RDS オプショングループの説明、および CodeDeploy デプロイ設定に関する情報の取得を実行する許可を付与するようになりました。また、このポリシーはAWS アカウント、 にアタッチされた指定された代替連絡先の取得、AWS Organizationsポリシーに関する情報の取得、Amazon ECR リポジトリポリシーの取得、アーカイブされたAWS Configルールに関する情報の取得、Amazon ECS タスク定義ファミリーのリストの取得、指定された子 OUs) のリスト、指定されたターゲットルート、組織単位、またはアカウントにアタッチされたポリシーのリストを取得するアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定内容に関する説明の取得、OpenSearch または Elasticsearch バージョンのマップの取得、データベースに利用できる Amazon RDS オプショングループの説明、および CodeDeploy デプロイ設定に関する情報の取得を実行する許可を付与するようになりました。また、このポリシーはAWS アカウント、 にアタッチされた指定された代替連絡先の取得、AWS Organizationsポリシーに関する情報の取得、Amazon ECR リポジトリポリシーの取得、アーカイブされたAWS Configルールに関する情報の取得、Amazon ECS タスク定義ファミリーのリストの取得、指定された子 OUs) のリスト、指定されたターゲットルート、組織単位、またはアカウントにアタッチされたポリシーのリストを取得するアクセス許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

このポリシーは、Amazon CloudWatch ロググループおよびストリームを作成し、作成したログストリームにログを書き込むアクセス許可を付与するようになりました。

AWS_ConfigRole – 追加: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

このポリシーは、Amazon CloudWatch ロググループおよびストリームを作成し、作成したログストリームにログを書き込むアクセス許可を付与するようになりました。

AWSConfigServiceRolePolicy – 追加: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

このポリシーは、今は Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得する権限と、特定の Amazon Relational Database Service (Amazon RDS) DB パラメータグループの詳細なパラメータリストを取得するアクセスを許可します。このポリシーは、Amazon ElastiCache のスナップショットの詳細を取得するアクセスも許可します。

AWS_ConfigRole – 追加: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

このポリシーは、今は Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得する権限と、特定の Amazon Relational Database Service (Amazon RDS) DB パラメータグループの詳細なパラメータリストを取得するアクセスを許可します。このポリシーは、Amazon ElastiCache のスナップショットの詳細を取得するアクセスも許可します。

AWSConfigServiceRolePolicy – logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine、およびAWSリソースタイプの追加のアクセス許可を追加する

このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、、AWS Global Accelerator、および に対する追加のアクセス許可もサポートされるようになりましたAWS Storage Gateway。

AWS_ConfigRole –AWSリソースタイプに l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachineと追加のアクセス許可を追加する

このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、、AWS Global Accelerator、および に対する追加のアクセス許可もサポートされるようになりましたAWS Storage Gateway。

AWSConfigServiceRolePolicy –AWSリソースタイプのアクセス許可を追加ssm:DescribeDocumentPermissionおよび追加する

このポリシーは、AWS Systems Managerドキュメントのアクセス許可とIAM Access Analyzer に関する情報の閲覧を許可するようになりました。このポリシーは、Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53、Amazon Relational Database Service (Amazon RDS) の追加AWSリソースタイプをサポートするようになりました。これらのアクセス許可の変更によりAWS Config、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。このポリシーでは、lambda-inside-vpc マネージドルールの Lambda@AWS Config Edge 関数のフィルタリングもサポートされるようになりました。

AWS_ConfigRole –AWSリソースタイプのアクセス許可の追加ssm:DescribeDocumentPermissionと追加

このポリシーは、AWS Systems Managerドキュメントのアクセス許可とIAM Access Analyzer に関する情報の閲覧を許可するようになりました。このポリシーは、Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53、Amazon Relational Database Service (Amazon RDS) の追加AWSリソースタイプをサポートするようになりました。これらのアクセス許可の変更によりAWS Config、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。このポリシーでは、lambda-inside-vpc マネージドルールの Lambda AWS Config@Edge 関数のフィルタリングもサポートされるようになりました。

AWSConfigServiceRolePolicy – 追加: API Gateway に対して読み取り専用の GET 呼び出しを行う apigateway:GET アクセス許可と、Amazon S3 読み取り専用 API を呼び出す s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus アクセス許可

このポリシーは、 API Gateway のAWS Configルールをサポートするために API Gateway への読み取り専用 GET 呼び出しをAWS Configが実行できるアクセス許可を付与するようになりました。このポリシーでは、 が Amazon Simple Storage Service (Amazon S3) 読み取り専用 APIs AWS Configを呼び出すためのアクセス許可も追加されます。これは、新しいAWS::S3::AccessPointリソースタイプをサポートするために必要です。

AWS_ConfigRole – 追加: API Gateway に対して読み取り専用 GET 呼び出しを行う apigateway:GET アクセス許可と、Amazon S3 読み取り専用 API を呼び出す s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus アクセス許可

このポリシーは、 for API Gateway をサポートするために API AWS Config Gateway への読み取り専用 GET 呼び出しをAWS Configに許可するアクセス許可を付与するようになりました。このポリシーでは、 が Amazon Simple Storage Service (Amazon S3) 読み取り専用 APIs AWS Configを呼び出すためのアクセス許可も追加されます。これは、新しいAWS::S3::AccessPointリソースタイプをサポートするために必要です。

AWSConfigServiceRolePolicy –AWSリソースタイプのssm:ListDocumentsアクセス許可と追加のアクセス許可を追加する

このポリシーは、指定したAWS Systems Managerドキュメントに関する情報を表示するアクセス許可を付与します。このポリシーでは、Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI AWS Database Migration Service、Amazon Route 53 の追加AWSリソースタイプもサポートされるようになりました。これらのアクセス許可の変更によりAWS Config、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。

AWS_ConfigRole –AWSリソースタイプのssm:ListDocumentsアクセス許可と追加のアクセス許可を追加する

このポリシーは、指定したAWS Systems Managerドキュメントに関する情報を表示するアクセス許可を付与します。このポリシーでは、Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI AWS Database Migration Service、Amazon Route 53 の追加AWSリソースタイプもサポートされるようになりました。これらのアクセス許可の変更によりAWS Config、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。

AWSConfigRole は廃止に

AWSConfigRole は廃止されました。交換ポリシーは AWS_ConfigRole です。

AWS Configが変更の追跡を開始しました

AWS Configは、AWS管理ポリシーの変更の追跡を開始しました。