AWS에 대한 관리형 정책AWS Config - AWS Config
AWSConfigServiceRolePolicyAWS_ConfigRoleAWSConfigUserAccessConfigConformsServiceRolePolicyAWSConfigRulesExecutionRoleAWSConfigMultiAccountSetupPolicyAWSConfigRoleForOrganizationsAWSConfigRemediationServiceRolePolicy정책 업데이트

기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.

AWS에 대한 관리형 정책AWS Config

AWS관리형 정책은에서 생성하고 관리하는 독립 실행형 정책입니다AWS.AWS관리형 정책은 사용자, 그룹 및 역할에 권한 할당을 시작할 수 있도록 많은 일반적인 사용 사례에 대한 권한을 제공하도록 설계되었습니다.

AWS관리형 정책은 모든AWS고객이 사용할 수 있으므로 특정 사용 사례에 대해 최소 권한을 부여하지 않을 수 있습니다. 사용 사례에 고유한 고객 관리형 정책을 정의하여 권한을 줄이는 것이 좋습니다.

AWS관리형 정책에 정의된 권한은 변경할 수 없습니다. 가 관리형 정책에 정의된 권한을AWS업데이트하는AWS경우 업데이트는 정책이 연결된 모든 보안 주체 자격 증명(사용자, 그룹 및 역할)에 영향을 줍니다.AWSAWS 서비스는 새가 시작되거나 기존 서비스에 새 API 작업을 사용할 수 있게 될 때AWS관리형 정책을 업데이트할 가능성이 높습니다.

자세한 내용은 IAM 사용자 가이드AWS관리형 정책을 참조하세요.

AWS관리형 정책: AWSConfigServiceRolePolicy

AWS Config는 라는 서비스 연결 역할을 AWSServiceRoleForConfig 사용하여 사용자를 대신하여 다른AWS서비스를 호출합니다.AWS Management 콘솔를 사용하여 설정하면 자체AWS Identity and Access Management(IAM) 서비스 역할 대신 SLR을 사용하는 옵션을AWS Config선택하면AWS Config이AWS Config SLR이에 의해 자동으로 생성됩니다.

AWSServiceRoleForConfig SLR에는 관리형 정책 AWSConfigServiceRolePolicy가 포함되어 있습니다. 이 관리형 정책에는AWS Config리소스에 대한 읽기 전용 및 쓰기 전용 권한과가AWS Config지원하는 다른 서비스의 리소스에 대한 읽기 전용 권한이 포함되어 있습니다. 이 정책은 컴퓨팅, 스토리지, 네트워킹, 보안, 분석 및 기계 학습 서비스와 같은 100개 이상의AWS서비스에 대한 권한을 포함하여AWS인프라 전반의 구성 변경을 모니터링하고 기록할 수 있는 포괄적인 액세스를 제공합니다.

정책에는 다음 서비스 범주에 대한 권한이 포함됩니다.

  • access-analyzer - 보안 주체가 액세스 패턴을 분석하고 보안 조사 결과를 검색할 수 있도록 허용합니다.

  • account - 보안 주체가 계정 연락처 정보를 검색할 수 있도록 허용합니다.

  • acmacm-pca - 보안 주체가 SSL/TLS 인증서 및 프라이빗 인증 기관을 관리할 수 있도록 허용합니다.

  • airflow - 보안 주체가 관리형 Apache Airflow 환경을 모니터링할 수 있도록 허용합니다.

  • amplifyamplifyuibuilder - 보안 주체가 웹 애플리케이션 및 UI 구성 요소를 모니터링할 수 있습니다.

  • aoss - 보안 주체가 OpenSearch Serverless 컬렉션 및 보안 구성을 모니터링할 수 있도록 허용합니다.

  • app-integrations - 보안 주체가 애플리케이션 통합 구성을 모니터링할 수 있도록 허용합니다.

  • appconfig - 보안 주체가 애플리케이션 구성 배포를 모니터링할 수 있도록 허용합니다.

  • appflow - 보안 주체가 애플리케이션 간의 데이터 흐름 구성을 모니터링할 수 있습니다.

  • application-autoscalingapplication-signals - 보안 주체가 자동 조정 정책 및 애플리케이션 성능 지표를 모니터링할 수 있습니다.

  • appmesh - 보안 주체가 서비스 메시 구성을 모니터링할 수 있도록 허용합니다.

  • apprunner - 보안 주체가 컨테이너화된 웹 애플리케이션 및 서비스를 모니터링할 수 있도록 허용합니다.

  • appstream - 보안 주체가 애플리케이션 스트리밍 구성을 모니터링할 수 있도록 허용합니다.

  • appsync - 보안 주체가 GraphQL API 구성을 모니터링할 수 있도록 허용합니다.

  • aps - 보안 주체가 Prometheus 모니터링 구성을 모니터링할 수 있도록 허용합니다.

  • apptest - 보안 주체가 애플리케이션 테스트 구성을 모니터링할 수 있도록 허용합니다.

  • arc-zonal-shift - 보안 주체가 영역 전환 구성의 가용성을 모니터링할 수 있습니다.

  • athena - 보안 주체가 쿼리 엔진 구성 및 데이터 카탈로그를 모니터링할 수 있습니다.

  • auditmanager - 보안 주체가 감사 및 규정 준수 평가를 모니터링할 수 있도록 허용합니다.

  • autoscalingautoscaling-plans - 보안 주체가 Auto Scaling 그룹 및 조정 계획을 모니터링할 수 있습니다.

  • b2bi - 보안 주체가 business-to-business 통합 구성을 모니터링할 수 있습니다.

  • backupbackup-gateway - 보안 주체가 백업 정책 및 게이트웨이 구성을 모니터링할 수 있도록 허용합니다.

  • batch - 보안 주체가 배치 컴퓨팅 환경 및 작업 대기열을 모니터링할 수 있습니다.

  • bcm-data-exports - 보안 주체가 결제 및 비용 관리 데이터 내보내기를 모니터링할 수 있습니다.

  • bedrockbedrock-agentcore - 보안 주체가 파운데이션 모델 및 AI 에이전트 구성을 모니터링할 수 있습니다.

  • billingconductor - 보안 주체가 결제 그룹 구성을 모니터링할 수 있도록 허용합니다.

  • budgets - 보안 주체가 예산 구성 및 작업을 모니터링할 수 있도록 허용합니다.

  • cassandra - 보안 주체가 관리형 Cassandra 데이터베이스 구성을 쿼리할 수 있도록 허용합니다.

  • ce - 보안 주체가 비용 및 사용량 보고 구성을 모니터링할 수 있습니다.

  • cleanroomscleanrooms-ml - 보안 주체가 데이터 협업 및 기계 학습 구성을 모니터링할 수 있도록 허용합니다.

  • cloud9 - 보안 주체가 클라우드 개발 환경 구성을 모니터링할 수 있도록 허용합니다.

  • cloudformation - 보안 주체가 코드 스택 구성으로 인프라를 모니터링할 수 있도록 허용합니다.

  • cloudfront - 보안 주체가 콘텐츠 전송 네트워크 구성을 모니터링할 수 있도록 허용합니다.

  • cloudtrail - 보안 주체가 API 로깅 및 감사 추적 구성을 모니터링할 수 있도록 허용합니다.

  • cloudwatch - 보안 주체가 지표, 경보 및 대시보드 구성을 모니터링할 수 있습니다.

  • codeartifact - 보안 주체가 소프트웨어 패키지 리포지토리 구성을 모니터링할 수 있도록 허용합니다.

  • codebuild - 보안 주체가 빌드 프로젝트 구성을 모니터링할 수 있도록 허용합니다.

  • codecommit - 보안 주체가 소스 코드 리포지토리 구성을 모니터링할 수 있도록 허용합니다.

  • codeconnections - 보안 주체가 타사 소스 연결을 모니터링할 수 있도록 허용합니다.

  • codedeploy - 보안 주체가 애플리케이션 배포 구성을 모니터링할 수 있도록 허용합니다.

  • codeguru-profilercodeguru-reviewer - 보안 주체가 코드 분석 및 프로파일링 구성을 모니터링할 수 있습니다.

  • codepipeline - 보안 주체가 지속적인 통합 및 배포 파이프라인 구성을 모니터링할 수 있도록 허용합니다.

  • codestar-connections - 보안 주체가 개발자 도구 연결을 모니터링할 수 있습니다.

  • cognito-identitycognito-idp - 보안 주체가 자격 증명 및 사용자 풀 구성을 모니터링할 수 있습니다.

  • comprehend - 보안 주체가 자연어 처리 구성을 모니터링할 수 있도록 허용합니다.

  • config - 보안 주체가 구성 기록 및 규정 준수 모니터링을 관리할 수 있도록 허용합니다.

  • connect - 보안 주체가 콜센터 구성을 모니터링할 수 있도록 허용합니다.

지원되는 리소스 유형에 대한 자세한 내용은 에 대해 지원되는 리소스 유형AWS Config 및 섹션을 참조하세요에 서비스 연결 역할 사용AWS Config.

최신 버전의 JSON 정책 문서를 포함하여 정책에 대한 자세한 내용은 AWS관리형 정책 참조 안내서AWSConfigServiceRolePolicy를 참조하세요.

권장 사항: 서비스 연결 역할 사용

특정 사용 사례가 없는 한 서비스 연결 역할을 사용하는 것이 좋습니다. 서비스 연결 역할은AWS Config을 예상대로 실행하는 데 필요한 모든 권한을 추가합니다. 서비스 연결 구성 레코더와 같은 일부 기능을 사용하려면 서비스 연결 역할을 사용해야 합니다.

AWS관리형 정책: AWS_ConfigRole

AWS리소스 구성을 기록하려면에 리소스에 대한 구성 세부 정보를 가져오려면 IAM 권한이AWS Config필요합니다.AWS Config용 IAM 역할을 생성하려는 경우 관리형 정책 AWS_ConfigRole을 사용하여 IAM 역할에 연결할 수 있습니다.

이 IAM 정책은가AWS리소스 유형에 대한 지원을AWS Config추가할 때마다 업데이트됩니다. 즉, AWS_ConfigRole 역할에이 관리형 정책이 연결되어 있는 한는 지원되는 리소스 유형의 구성 데이터를 기록하는 데 필요한 권한을 계속 갖게AWS Config됩니다. 이 정책은 컴퓨팅, 스토리지, 네트워킹, 보안, 분석 및 기계 학습 서비스와 같은 100개 이상의AWS서비스에 대한 권한을 포함하여AWS인프라 전반의 구성 변경을 모니터링하고 기록할 수 있는 포괄적인 액세스를 제공합니다. 자세한 내용은 에 대해 지원되는 리소스 유형AWS Config에 할당된 IAM 역할에 대한 권한AWS Config 섹션을 참조하세요.

최신 버전의 JSON 정책 문서를 포함하여 정책에 대한 자세한 내용은 AWS관리형 정책 참조 안내서AWS_ConfigRole을 참조하세요.

AWS관리형 정책: AWSConfigUserAccess

이 IAM 정책은 리소스의 태그별 검색 및 모든 태그 읽기AWS Config를 포함하여 사용할 수 있는 액세스 권한을 제공합니다. 이는 관리 권한이 필요한를 구성할 수AWS Config있는 권한을 제공하지 않습니다.

AWSConfigUserAccess 정책을 확인합니다.

AWS관리형 정책: ConfigConformsServiceRolePolicy

적합성 팩을 배포하고 관리하려면 다른AWS서비스의 IAM 권한과 특정 권한이AWS Config필요합니다. 이를 통해 전체 기능으로 적합성 팩을 배포하고 관리할 수 있으며가 적합성 팩에 대한 새 기능을AWS Config추가할 때마다 업데이트됩니다. 적합성 팩에 대한 자세한 내용은 적합성 팩을 참조하세요.

정책 보기: ConfigConformsServiceRolePolicy.

AWS관리형 정책: AWSConfigRulesExecutionRole

AWS사용자 지정 Lambda 규칙을 배포하려면에 IAM 권한과 다른AWS서비스의 특정 권한이AWS Config필요합니다. 이를 통해AWS Lambda함수는AWS Config API 및가 Amazon S3에 주기적으로AWS Config전송하는 구성 스냅샷에 액세스할 수 있습니다. 이 액세스는AWS사용자 지정 Lambda 규칙에 대한 구성 변경을 평가하는 함수에 필요하며가 새 기능을AWS Config추가할 때마다 업데이트됩니다.AWS사용자 지정 Lambda 규칙에 대한 자세한 내용은 AWS Config사용자 지정 Lambda 규칙 생성을 참조하세요. 구성 스냅샷에 대한 자세한 내용은 개념 | 구성 스냅샷을 참조하세요. 구성 스냅샷 전송에 대한 자세한 내용은 전송 채널 관리를 참조하세요.

정책 보기: AWSConfigRulesExecutionRole.

AWS관리형 정책: AWSConfigMultiAccountSetupPolicy

의 조직 내 멤버 계정 간에AWS Config규칙 및 적합성 팩을 중앙에서 배포, 업데이트 및 삭제하려면 다른AWS서비스의 IAM 권한과 특정 권한이AWS OrganizationsAWS Config필요합니다. 이 관리형 정책은AWS Config가 다중 계정 설정을 위한 새로운 기능을 추가할 때마다 업데이트됩니다. 자세한 내용은 조직의 모든 계정에서AWS Config규칙 관리조직의 모든 계정에서 적합성 팩 관리를 참조하세요.

정책 보기: AWSConfigMultiAccountSetupPolicy.

AWS관리형 정책: AWSConfigRoleForOrganizations

가 읽기 전용AWS Organizations APIs 호출AWS Config하도록 허용하려면 다른AWS서비스의 IAM 권한과 특정 권한이AWS Config필요합니다. 이 관리형 정책은AWS Config가 다중 계정 설정을 위한 새로운 기능을 추가할 때마다 업데이트됩니다. 자세한 내용은 조직의 모든 계정에서AWS Config규칙 관리조직의 모든 계정에서 적합성 팩 관리를 참조하세요.

정책 보기: AWSConfigRoleForOrganizations.

AWS관리형 정책: AWSConfigRemediationServiceRolePolicy

AWS Config가 사용자를 대신하여 NON_COMPLIANTAWS Config리소스를 수정할 수 있도록 하려면에 IAM 권한과 다른AWS서비스의 특정 권한이 필요합니다. 이 관리형 정책은가 문제 해결을 위한 새 기능을AWS Config추가할 때마다 업데이트됩니다. 문제 해결에 대한 자세한 내용은 AWS Config규칙을 사용하여 규정 미준수 리소스 문제 해결을 참조하세요. 가능한AWS Config평가 결과를 시작하는 조건에 대한 자세한 내용은 개념 |AWS Config규칙을 참조하세요.

정책 보기: AWSConfigRemediationServiceRolePolicy.

AWS ConfigAWS관리형 정책에 대한 업데이트

이 서비스가 이러한 변경 사항을 추적하기 시작한AWS Config이후부터의AWS관리형 정책 업데이트에 대한 세부 정보를 봅니다. 이 페이지의 변경 사항에 대한 자동 알림을 받으려면AWS Config문서 기록 페이지에서 RSS 피드를 구독하세요.

변경 설명 Date

AWS_ConfigRole - "lightsail:GetActiveNames" "lightsail:GetOperations" "s3:GetBucketAbac" 추가

이 정책은 이제 Amazon Lightsail 및 Amazon Simple Storage Service(Amazon S3)에 대한 추가 권한을 지원합니다.

2025년 11월 20일

AWSConfigServiceRolePolicy - "lightsail:GetActiveNames" "lightsail:GetOperations" "s3:GetBucketAbac" 추가

이 정책은 이제 Amazon Lightsail 및 Amazon Simple Storage Service(Amazon S3)에 대한 추가 권한을 지원합니다.

2025년 11월 20일

AWSConfigServiceRolePolicy - 컴퓨팅, 스토리지, 네트워킹, 보안, 분석 및 기계 학습 서비스를 포함한 100개 이상의AWS서비스에서AWS리소스 구성 기록을 위한 포괄적인 권한으로 관리형 정책을 업데이트했습니다.

이제이 정책은 서비스 권한에 대한 향상된 설명서를 제공하고가 구성 기록을 위해AWS Config지원하는 모든AWS서비스에서 포괄적인 모니터링을 지원합니다.

2025년 11월 11일

AWS_ConfigRole - Amazon Elastic Compute Cloud AWS Identity and Access Management, Amazon Simple Storage Service, Amazon AWS Lambda Amazon Relational Database Service 등 여러 서비스에서AWS리소스 구성 기록을 위한 포괄적인 권한으로 관리형 정책을 업데이트했습니다.

이제이 정책은 지원되는 모든AWS서비스에서 포괄적인AWS리소스 구성 기록 및 모니터링을 위한 추가 권한을 지원합니다.

2025년 11월 10일

AWS_ConfigRole – 'amplify:GetDomainAssociation' 'amplify:ListDomainAssociations' 'amplify:ListTagsForResource' 'appsync:GetSourceApiAssociation' 'appsync:ListSourceApiAssociations' 'bedrock:GetFlow' 'bedrock:ListAgentCollaborators' 'bedrock:ListFlows' 'bedrock:ListPrompts' 'cloudTrail:GetResourcePolicy' 'cloudformation:DescribePublisher' 'codeartifact:DescribePackageGroup' 'codeartifact:ListAllowedRepositoriesForGroup' 'codeartifact:ListPackageGroups' 'codepipeline:ListActionTypes' 'codepipeline:ListTagsForResource' 'codepipeline:ListWebhooks' 'connect:DescribeTrafficDistributionGroup' 'connect:ListTrafficDistributionGroups' 'deadline:ListFarms' 'ec2:GetTransitGatewayRouteTablePropagations' 'ec2:SearchLocalGatewayRoutes' 'ec2:SearchTransitGatewayMulticastGroups' 'entityresolution:GetMatchingWorkflow' 'entityresolution:ListMatchingWorkflows' 'iotsitewise:ListAssetModelCompositeModels' 'iotsitewise:ListAssetModelProperties' 'iotsitewise:ListAssetProperties' 'iotsitewise:ListAssociatedAssets' 'ivs:ListPublicKeys' 'lambda:GetProvisionedConcurrencyConfig' 'lambda:GetRuntimeManagementConfig' 'lambda:ListFunctionEventInvokeConfigs' 'lambda:ListFunctionUrlConfigs' 'pipes:DescribePipe' 'pipes:ListPipes' 'quicksight:DescribeRefreshSchedule' 'quicksight:ListRefreshSchedules' 'redshift-serverless:ListSnapshotCopyConfigurations' 'redshift:GetResourcePolicy' 'rolesanywhere:GetCrl' 'rolesanywhere:ListCrls' 'sagemaker:DescribeApp' 'sagemaker:DescribeUserProfile' 'sagemaker:ListApps' 'sagemaker:ListModelPackages' 'sagemaker:ListUserProfiles' 'secretsmanager:GetResourcePolicy' 'securitylake:ListSubscribers' 'securitylake:ListTagsForResource' 'servicecatalog:DescribeServiceAction' 'servicecatalog:ListApplications' 'servicecatalog:ListAssociatedResources' 'shield:ListProtectionGroups' 'shield:ListTagsForResource' 'ssm-incidents:GetReplicationSet' 'ssm-incidents:ListReplicationSets' 'ssm:DescribeAssociation' 'ssm:DescribePatchBaselines' 'ssm:GetDefaultPatchBaseline' 'ssm:GetPatchBaseline' 'ssm:GetResourcePolicies' 'ssm:ListAssociations' 'ssm:ListResourceDataSync' 'wafv2:ListLoggingConfigurations' 'bedrock-agentcore:ListCodeInterpreters' 'bedrock-agentcore:GetCodeInterpreter' 'bedrock-agentcore:ListBrowsers' 'bedrock-agentcore:GetBrowser' 'bedrock-agentcore:ListAgentRuntimes' 'bedrock-agentcore:GetAgentRuntime' 'bedrock-agentcore:ListAgentRuntimeEndpoints' 'bedrock-agentcore:GetAgentRuntimeEndpoint' 추가

이제이 정책은AWS AmplifyAWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifact,AWS CodePipeline,, Amazon Connect,AWS Deadline Cloud, Amazon EC2,AWS Entity ResolutionAWS IoT SiteWise, Amazon IVS,AWS Lambda Amazon EventBridge, Amazon Quick Suite, Amazon Redshift, Amazon Redshift Serverless,AWS Identity and Access Management Roles Anywhere, Amazon SageMaker,AWS Secrets Manager, Amazon Security Lake AWS Service Catalog,,AWS Shield, Amazon EC2 Systems Manager 및에 대한 추가 권한을 지원합니다AWS WAFV2.

2025년 10월 1일

AWSConfigServiceRolePolicy – 'amplify:GetDomainAssociation' 'amplify:ListDomainAssociations' 'amplify:ListTagsForResource' 'appsync:GetSourceApiAssociation' 'appsync:ListSourceApiAssociations' 'bedrock:GetFlow' 'bedrock:ListAgentCollaborators' 'bedrock:ListFlows' 'bedrock:ListPrompts' 'cloudTrail:GetResourcePolicy' 'cloudformation:DescribePublisher' 'codeartifact:DescribePackageGroup' 'codeartifact:ListAllowedRepositoriesForGroup' 'codeartifact:ListPackageGroups' 'codepipeline:ListActionTypes' 'codepipeline:ListTagsForResource' 'codepipeline:ListWebhooks' 'connect:DescribeTrafficDistributionGroup' 'connect:ListTrafficDistributionGroups' 'deadline:ListFarms' 'ec2:GetTransitGatewayRouteTablePropagations' 'ec2:SearchLocalGatewayRoutes' 'ec2:SearchTransitGatewayMulticastGroups' 'entityresolution:GetMatchingWorkflow' 'entityresolution:ListMatchingWorkflows' 'iotsitewise:ListAssetModelCompositeModels' 'iotsitewise:ListAssetModelProperties' 'iotsitewise:ListAssetProperties' 'iotsitewise:ListAssociatedAssets' 'ivs:ListPublicKeys' 'lambda:GetProvisionedConcurrencyConfig' 'lambda:GetRuntimeManagementConfig' 'lambda:ListFunctionEventInvokeConfigs' 'lambda:ListFunctionUrlConfigs' 'pipes:DescribePipe' 'pipes:ListPipes' 'quicksight:DescribeRefreshSchedule' 'quicksight:ListRefreshSchedules' 'redshift-serverless:ListSnapshotCopyConfigurations' 'redshift:GetResourcePolicy' 'rolesanywhere:GetCrl' 'rolesanywhere:ListCrls' 'sagemaker:DescribeApp' 'sagemaker:DescribeUserProfile' 'sagemaker:ListApps' 'sagemaker:ListModelPackages' 'sagemaker:ListUserProfiles' 'secretsmanager:GetResourcePolicy' 'securitylake:ListSubscribers' 'securitylake:ListTagsForResource' 'servicecatalog:DescribeServiceAction' 'servicecatalog:ListApplications' 'servicecatalog:ListAssociatedResources' 'shield:ListProtectionGroups' 'shield:ListTagsForResource' 'ssm-incidents:GetReplicationSet' 'ssm-incidents:ListReplicationSets' 'ssm:DescribeAssociation' 'ssm:DescribePatchBaselines' 'ssm:GetDefaultPatchBaseline' 'ssm:GetPatchBaseline' 'ssm:GetResourcePolicies' 'ssm:ListAssociations' 'ssm:ListResourceDataSync' 'wafv2:ListLoggingConfigurations' 'bedrock-agentcore:ListCodeInterpreters' 'bedrock-agentcore:GetCodeInterpreter' 'bedrock-agentcore:ListBrowsers' 'bedrock-agentcore:GetBrowser' 'bedrock-agentcore:ListAgentRuntimes' 'bedrock-agentcore:GetAgentRuntime' 'bedrock-agentcore:ListAgentRuntimeEndpoints' 'bedrock-agentcore:GetAgentRuntimeEndpoint' 추가

이제이 정책은AWS AmplifyAWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifact,AWS CodePipeline,, Amazon Connect,AWS Deadline Cloud, Amazon EC2,AWS Entity ResolutionAWS IoT SiteWise, Amazon IVS,AWS Lambda Amazon EventBridge, Amazon Quick Suite, Amazon Redshift, Amazon Redshift Serverless,AWS Identity and Access Management Roles Anywhere, Amazon SageMaker,AWS Secrets Manager, Amazon Security Lake AWS Service Catalog,,AWS Shield, Amazon EC2 Systems Manager 및에 대한 추가 권한을 지원합니다AWS WAFV2.

2025년 10월 1일

AWS_ConfigRole – 'arc-zonal-shift:GetAutoshiftObserverNotificationStatus', 'bedrock:GetModelInvocationLoggingConfiguration', 'cloudtrail:GetEventConfiguration', 'codeartifact:DescribeDomain', 'codeartifact:GetDomainPermissionsPolicy', 'deadline:GetFleet', 'deadline:GetQueueFleetAssociation', 'deadline:ListFleets', 'deadline:ListQueueFleetAssociations', 'deadline:ListTagsForResource', 'dms:DescribeDataMigrations', 'dms:ListMigrationProjects', 'glue:GetDataCatalogEncryptionSettings', 'kafkaconnect:DescribeCustomPlugin', 'kafkaconnect:DescribeWorkerConfiguration', 'kafkaconnect:ListCustomPlugins', 'kafkaconnect:ListTagsForResource', 'kafkaconnect:ListWorkerConfigurations', 'lakeformation:DescribeLakeFormationIdentityCenterConfiguration', 'medialive:DescribeMultiplexProgram', 'medialive:ListMultiplexPrograms', 'mediapackagev2:GetChannelGroup', 'mediapackagev2:ListChannelGroups', 'rds:DescribeEngineDefaultParameters', 'rolesanywhere:GetProfile', 'rolesanywhere:GetTrustAnchor', 'rolesanywhere:ListProfiles', 'rolesanywhere:ListTagsForResource', 'rolesanywhere:ListTrustAnchors', 's3:GetAccessGrant', 's3:ListAccessGrants', 'secretsmanager:DescribeSecret', 'securitylake:ListDataLakeExceptions', 'securitylake:ListDataLakes', 'securitylake:ListLogSources', 'servicecatalog:GetAttributeGroup', 'servicecatalog:ListAttributeGroups', 'servicecatalog:ListServiceActions', 'servicecatalog:ListServiceActionsForProvisioningArtifact', 'ses:GetTrafficPolicy', 'ses:ListTagsForResource', 'ses:ListTrafficPolicies', 'xray:GetGroup', 'xray:GetGroups', 'xray:GetSamplingRules', 'xray:ListResourcePolicies', 'xray:ListTagsForResource' 추가

이제이 정책은 Amazon Bedrock AWS ARC - Zonal Shift,AWS CloudTrail,,AWS CodeArtifactAWS Deadline CloudAWS Database Migration Service,AWS Glue,,AWS Identity and Access Management,, Amazon Managed Streaming for Apache Kafka,AWS Lake Formation, Amazon CloudWatch Logs,AWS Elemental MediaLive,AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service,AWS Secrets Manager, Amazon Security Lake,AWS Service Catalog Amazon Simple Email Service 및에 대한 추가 권한을 지원합니다AWS X-Ray.

2025년 7월 28일

AWSConfigServiceRolePolicy - 추가

'arc-zonal-shift:GetAutoshiftObserverNotificationStatus', 'bedrock:GetModelInvocationLoggingConfiguration', 'cloudtrail:GetEventConfiguration', 'codeartifact:DescribeDomain', 'codeartifact:GetDomainPermissionsPolicy', 'deadline:GetFleet', 'deadline:GetQueueFleetAssociation', 'deadline:ListFleets', 'deadline:ListQueueFleetAssociations', 'deadline:ListTagsForResource', 'dms:DescribeDataMigrations', 'dms:ListMigrationProjects', 'glue:GetDataCatalogEncryptionSettings', 'iam:ListPolicies', 'kafkaconnect:DescribeCustomPlugin', 'kafkaconnect:DescribeWorkerConfiguration', 'kafkaconnect:ListCustomPlugins', 'kafkaconnect:ListTagsForResource', 'kafkaconnect:ListWorkerConfigurations', 'lakeformation:DescribeLakeFormationIdentityCenterConfiguration', 'logs:DescribeIndexPolicies', 'logs:ListTagsForResource', 'medialive:DescribeMultiplexProgram', 'medialive:ListMultiplexPrograms', 'mediapackagev2:GetChannelGroup', 'mediapackagev2:ListChannelGroups', 'rds:DescribeEngineDefaultParameters', 'rolesanywhere:GetProfile', 'rolesanywhere:GetTrustAnchor', 'rolesanywhere:ListProfiles', 'rolesanywhere:ListTagsForResource', 'rolesanywhere:ListTrustAnchors', 's3:GetAccessGrant', 's3:ListAccessGrants', 'secretsmanager:DescribeSecret', 'securitylake:ListDataLakeExceptions', 'securitylake:ListDataLakes', 'securitylake:ListLogSources', 'servicecatalog:GetAttributeGroup', 'servicecatalog:ListAttributeGroups', 'servicecatalog:ListServiceActions', 'servicecatalog:ListServiceActionsForProvisioningArtifact', 'ses:GetTrafficPolicy', 'ses:ListTagsForResource', 'ses:ListTrafficPolicies', 'xray:GetGroup', 'xray:GetGroups', 'xray:GetSamplingRules', 'xray:ListResourcePolicies', 'xray:ListTagsForResource', 'arn:aws:apigateway:::/account', 'arn:aws:apigateway:::/usageplans', 'arn:aws:apigateway:::/usageplans/'.

이제이 정책은 Amazon Bedrock AWS ARC - Zonal Shift,AWS CloudTrail,,AWS CodeArtifactAWS Deadline CloudAWS Database Migration Service,AWS Glue,,AWS Identity and Access Management,, Amazon Managed Streaming for Apache Kafka,AWS Lake Formation, Amazon CloudWatch Logs,AWS Elemental MediaLive,AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service,AWS Secrets Manager, Amazon Security Lake,AWS Service Catalog, Amazon Simple Email Service AWS X-Ray및 Amazon API Gateway에 대한 추가 권한을 지원합니다.

2025년 7월 28일

AWSConfigServiceRolePolicy – 'backup-gateway:GetHypervisor', 'backup-gateway:ListHypervisors', 'bcm-data-exports:GetExport', 'bcm-data-exports:ListExports', 'bcm-data-exports:ListTagsForResource', 'bedrock:GetAgent', 'bedrock:GetAgentActionGroup', 'bedrock:GetAgentKnowledgeBase', 'bedrock:GetDataSource', 'bedrock:GetFlowAlias', 'bedrock:GetFlowVersion', 'bedrock:ListAgentActionGroups', 'bedrock:ListAgentKnowledgeBases', 'bedrock:ListDataSources', 'bedrock:ListFlowAliases', 'bedrock:ListFlowVersions', 'cloudformation:BatchDescribeTypeConfigurations', 'cloudformation:DescribeStackInstance', 'cloudformation:DescribeStackSet', 'cloudformation:ListStackInstances', 'cloudformation:ListStackSets', 'cloudfront:GetPublicKey', 'cloudfront:GetRealtimeLogConfig', 'cloudfront:ListPublicKeys', 'cloudfront:ListRealtimeLogConfigs', 'entityresolution:GetIdMappingWorkflow', 'entityresolution:GetSchemaMapping', 'entityresolution:ListIdMappingWorkflows', 'entityresolution:ListSchemaMappings', 'entityresolution:ListTagsForResource', 'iotdeviceadvisor:GetSuiteDefinition', 'iotdeviceadvisor:ListSuiteDefinitions', 'lambda:GetEventSourceMapping', 'lambda:ListEventSourceMappings', 'mediapackagev2:GetChannel', 'mediapackagev2:ListChannels', 'networkmanager:GetTransitGatewayPeering', 'networkmanager:ListPeerings', 'pca-connector-ad:GetDirectoryRegistration', 'pca-connector-ad:ListDirectoryRegistrations', 'pca-connector-ad:ListTagsForResource', 'rds:DescribeDBShardGroups', 'rds:DescribeIntegrations', 'redshift:DescribeIntegrations', 's3tables:GetTableBucket', 's3tables:GetTableBucketEncryption', 's3tables:GetTableBucketMaintenanceConfiguration', 's3tables:ListTableBuckets', 'ssm-quicksetup:GetConfigurationManager', 'ssm-quicksetup:ListConfigurationManagers' 추가

이제이 정책은AWS Backup gateway,AWS 결제 및 비용 관리 Amazon Bedrock,AWS CloudFormation, Amazon CloudFront,AWS Entity Resolution,,AWS IoT Core Device AdvisorAWS Lambda,AWS Network ManagerAWS Private Certificate Authority,, Amazon Relational Database Service, Amazon Redshift, Amazon S3 Tables,에 대한 추가 권한을 지원합니다AWS Systems Manager 빠른 설정.

 2025년 6월 18일

AWS_ConfigRole – 'backup-gateway:GetHypervisor', 'backup-gateway:ListHypervisors', 'bcm-data-exports:GetExport', 'bcm-data-exports:ListExports', 'bcm-data-exports:ListTagsForResource', 'bedrock:GetAgent', 'bedrock:GetAgentActionGroup', 'bedrock:GetAgentKnowledgeBase', 'bedrock:GetDataSource', 'bedrock:GetFlowAlias', 'bedrock:GetFlowVersion', 'bedrock:ListAgentActionGroups', 'bedrock:ListAgentKnowledgeBases', 'bedrock:ListDataSources', 'bedrock:ListFlowAliases', 'bedrock:ListFlowVersions', 'cloudformation:BatchDescribeTypeConfigurations', 'cloudformation:DescribeStackInstance', 'cloudformation:DescribeStackSet', 'cloudformation:ListStackInstances', 'cloudformation:ListStackSets', 'cloudfront:GetPublicKey', 'cloudfront:GetRealtimeLogConfig', 'cloudfront:ListPublicKeys', 'cloudfront:ListRealtimeLogConfigs', 'entityresolution:GetIdMappingWorkflow', 'entityresolution:GetSchemaMapping', 'entityresolution:ListIdMappingWorkflows', 'entityresolution:ListSchemaMappings', 'entityresolution:ListTagsForResource', 'iotdeviceadvisor:GetSuiteDefinition', 'iotdeviceadvisor:ListSuiteDefinitions', 'lambda:GetEventSourceMapping', 'lambda:ListEventSourceMappings', 'networkmanager:GetTransitGatewayPeering', 'networkmanager:ListPeerings', 'pca-connector-ad:GetDirectoryRegistration', 'pca-connector-ad:ListDirectoryRegistrations', 'pca-connector-ad:ListTagsForResource', 'rds:DescribeDBShardGroups', 'rds:DescribeIntegrations', 'redshift:DescribeIntegrations', 's3tables:GetTableBucket', 's3tables:GetTableBucketEncryption', 's3tables:GetTableBucketMaintenanceConfiguration', 's3tables:ListTableBuckets', 'ssm-quicksetup:GetConfigurationManager', 'ssm-quicksetup:ListConfigurationManagers' 추가

이제이 정책은 Amazon Bedrock AWS 결제 및 비용 관리, , Amazon AWS CloudFormation Amazon CloudFront AWS Backup gateway,,AWS Entity Resolution,AWS IoT Core Device AdvisorAWS Lambda,AWS Network Manager,AWS Private Certificate Authority, Amazon Relational Database Service, Amazon Redshift, Amazon S3 Tables에 대한 추가 권한을 지원합니다AWS Systems Manager 빠른 설정.

 2025년 6월 18일

AWS_ConfigRole – "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" 추가

이제 이 정책은 Amazon Bedrock에 대한 추가 권한을 지원합니다.

 2025년 5월 27일

AWSConfigServiceRolePolicy – "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" 추가

이제 이 정책은 Amazon Bedrock에 대한 추가 권한을 지원합니다.

 2025년 5월 27일

AWS_ConfigRole – "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" 추가

이제이 정책은 Amazon Bedrock AWS B2B Data Interchange,AWS Clean Rooms,AWS CodeConnectionsAWS Direct Connect,,AWS Database Migration Service(AWS DMS), Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service(Amazon S3), Amazon SageMaker AI AWS Security Hub CSPMAWS Systems Manager Incident Manager및AWS Systems Manager Incident Manager연락처에 대한 추가 권한을 지원합니다AWS Systems Manager.

 2025년 4월 8일

AWSConfigServiceRolePolicy – "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" 추가

이제이 정책은 Amazon Bedrock AWS B2B Data Interchange,AWS Clean Rooms,AWS CodeConnectionsAWS Direct Connect,,AWS Database Migration Service(AWS DMS), Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service(Amazon S3), Amazon SageMaker AI AWS Security Hub CSPMAWS Systems Manager Incident Manager및AWS Systems Manager Incident Manager연락처에 대한 추가 권한을 지원합니다AWS Systems Manager. 이 정책은 이제 리소스 패턴 'arn:aws:apigateway:::/domainnames/'를 포함하여 모든 Amazon API Gateway 도메인 이름에 액세스할 수 있는 권한도 지원합니다.

 2025년 4월 8일

AWS_ConfigRole – "ec2:GetAllowedImagesSettings" 추가

이제 이 정책은 Amazon Elastic Compute Cloud(Amazon EC2)에 대한 추가 권한을 지원합니다.

 2025년 3월 4일

AWSConfigServiceRolePolicy – "ec2:GetAllowedImagesSettings" 추가

이제 이 정책은 Amazon Elastic Compute Cloud(Amazon EC2)에 대한 추가 권한을 지원합니다.

 2025년 3월 4일

AWS_ConfigRole – "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" 추가

이제이 정책은 Amazon Comprehend AWS Clean Rooms, Amazon Elastic Compute Cloud(Amazon EC2),AWS HealthOmics Amazon Simple Storage Service(Amazon S3) 및 Amazon Simple Email Service(Amazon SES)에 대한 추가 권한을 지원합니다.

 2025년 1월 16일

AWSConfigServiceRolePolicy – "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" 추가

이제이 정책은 Amazon Comprehend AWS Clean Rooms, Amazon Elastic Compute Cloud(Amazon EC2),AWS HealthOmics Amazon Simple Storage Service(Amazon S3) 및 Amazon Simple Email Service(Amazon SES)에 대한 추가 권한을 지원합니다.

 2025년 1월 16일

AWSConfigServiceRolePolicy – "organizations:ListAWSServiceAccessForOrganization" 추가

이 정책은 이제AWS Organizations에 대한 추가 권한을 지원합니다.

 2024년 12월 18일

AWS_ConfigRole – "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" 추가

이제이 정책은AWS AppConfig,AWS CloudTrail Amazon Connect, Amazon DataZone, Amazon DevOpsGuru,AWS Glue Identity Store,AWS IoT,AWS IoT FleetWise,AWS IoT 무선,, Amazon Interactive Video Service(Amazon IVS), Amazon CloudWatch Logs, Amazon CloudWatch Observability Access Manager,AWS Payment Cryptography, Amazon Relational Database Service(Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service(Amazon S3), Amazon EventBridge Scheduler AWS Systems Manager및 Amazon VPC Lattice에 대한 추가 권한을 지원합니다.

 2024년 11월 7일

AWSConfigServiceRolePolicy – "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" 추가

이제이 정책은AWS AppConfig,AWS CloudTrail Amazon Connect, Amazon DataZone, Amazon DevOpsGuru,AWS Glue Identity Store,AWS IoT,AWS IoT FleetWise,AWS IoT 무선,, Amazon Interactive Video Service(Amazon IVS), Amazon CloudWatch Logs, Amazon CloudWatch Observability Access Manager,AWS Payment Cryptography, Amazon Relational Database Service(Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service(Amazon S3), Amazon EventBridge Scheduler AWS Systems Manager및 Amazon VPC Lattice에 대한 추가 권한을 지원합니다.

 2024년 11월 7일

AWS_ConfigRole – "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" 추가

이제이 정책은 Amazon OpenSearch Service Severless, Amazon AppStream,AWS Backup,AWS CloudTrailAWS Glue,, EC2 Image Builder,AWS IoT Amazon Interactive Video Service(Amazon IVS),AWS Elemental MediaConnect,AWS Elemental MediaTailorAWS HealthOmics, 및 Amazon EventBridge 스케줄러에 대한 추가 권한을 지원합니다.

 2024년 9월 16일

AWSConfigServiceRolePolicy – "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" 추가

이제이 정책은 Amazon OpenSearch Service Severless, Amazon AppStream,AWS Backup,AWS CloudTrailAWS Glue,, EC2 Image Builder,AWS IoT Amazon Interactive Video Service(Amazon IVS),AWS Elemental MediaConnect,AWS Elemental MediaTailorAWS HealthOmics, 및 Amazon EventBridge 스케줄러에 대한 추가 권한을 지원합니다.

 2024년 9월 16일

AWS_ConfigRole – "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" 추가

이제이 정책은 Amazon Elastic File System(Amazon EFS), Amazon Redshift 및에 대한 추가 권한을 지원합니다AWS Systems Manager for SAP.

 2024년 6월 17일

AWSConfigServiceRolePolicy – "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" 추가

이제이 정책은 Amazon Elastic File System(Amazon EFS), Amazon Redshift 및에 대한 추가 권한을 지원합니다AWS Systems Manager for SAP.

 2024년 6월 17일
AWS_ConfigRole – "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" 추가

이제이 정책은 Amazon Managed Service for Prometheus, Amazon CloudWatch, Amazon Cognito, Amazon ElastiCache, Amazon FSx,AWS Glue,AWS Identity and Access Management(IAM),AWS Lambda,AWS RAM, Amazon Redshift Serverless, Amazon SageMaker AI 및 Amazon Simple Notification Service(Amazon SNS)에 대한 추가 권한을 지원합니다.

 2024년 2월 22일
AWSConfigServiceRolePolicy – "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" 추가

이제이 정책은 Amazon Managed Service for Prometheus, Amazon CloudWatch, Amazon Cognito, Amazon ElastiCache, Amazon FSx,AWS Glue,AWS Identity and Access Management(IAM),AWS Lambda,AWS RAM, Amazon Redshift Serverless, Amazon SageMaker AI 및 Amazon Simple Notification Service(Amazon SNS)에 대한 추가 권한을 지원합니다.

 2024년 2월 22일

AWSConfigUserAccess -AWS Config이AWS관리형 정책에 대한 변경 사항 추적 시작

이 정책은 리소스에 대한 태그별 검색 및 모든 태그 읽기AWS Config를 포함하여 사용할 수 있는 액세스 권한을 제공합니다. 이렇게 하면 관리 권한이 필요한를 구성할 수AWS Config있는 권한이 제공되지 않습니다.

 2024년 2월 22일
AWS_ConfigRole – "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" 추가

이제이 정책은AWS AppConfig Amazon Managed Service for Prometheus,AWS Database Migration Service(AWS DMS), (AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon CloudWatch Logs AWS Organizations및 Amazon Simple Storage Service(Amazon S3)에 대한 추가 권한을 지원합니다.

 2023년 12월 5일
AWSConfigServiceRolePolicy – "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" 추가

이제이 정책은AWS AppConfig Amazon Managed Service for Prometheus,AWS Database Migration Service(AWS DMS), (AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon CloudWatch Logs AWS Organizations및 Amazon Simple Storage Service(Amazon S3)에 대한 추가 권한을 지원합니다.

 2023년 12월 5일
AWS_ConfigRole – "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" 추가

이제이 정책은 Amazon Cognito, Amazon Connect, Amazon EMR,AWS Ground Station,AWS Mainframe Modernization, Amazon MemoryDB,AWS Organizations Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Redshift, Amazon Route 53 AWS Service Catalog및에 대한 추가 권한을 지원합니다AWS Transfer Family.

 2023년 11월 17일
AWS_ConfigRole – "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" 추가

이 정책은 이제 AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID, AWSConfigSLRApiGatewayStatementID에 대한 보안 식별자(SID)를 추가합니다.

 2023년 11월 17일
AWSConfigServiceRolePolicy – "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" 추가

이제이 정책은 Amazon Cognito, Amazon Connect, Amazon EMR,AWS Ground Station,AWS Mainframe Modernization, Amazon MemoryDB,AWS Organizations Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Redshift, Amazon Route 53 AWS Service Catalog및에 대한 추가 권한을 지원합니다AWS Transfer Family.

 2023년 11월 17일
AWSConfigServiceRolePolicy – "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" 추가

이 정책은 이제 AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID, AWSConfigSLRApiGatewayStatementID에 대한 보안 식별자(SID)를 추가합니다.

 2023년 11월 17일
AWS_ConfigRole – "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" 추가

이제이 정책은AWS Private CA,AWS App Mesh Amazon Connect, Amazon Elastic Container Service(Amazon ECS), Amazon CloudWatch Evidently, Amazon Managed Grafana, Amazon GuardDuty, Amazon Inspector,AWS IoTAWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka(Amazon MSK),AWS LambdaAWS Network ManagerAWS Organizations, 및 Amazon SageMaker AI에 대한 추가 권한을 지원합니다.

 2023년 10월 4일
AWSConfigServiceRolePolicy – "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" 추가

이제이 정책은AWS Private CA,AWS App Mesh Amazon Connect, Amazon Elastic Container Service(Amazon ECS), Amazon CloudWatch Evidently, Amazon Managed Grafana, Amazon GuardDuty, Amazon Inspector,AWS IoTAWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka(Amazon MSK),AWS LambdaAWS Network ManagerAWS Organizations, 및 Amazon SageMaker AI에 대한 추가 권한을 지원합니다.

 2023년 10월 4일
AWSConfigServiceRolePolicy – "ssm:GetParameter" 제거

이제이 정책은AWS Systems Manager(Systems Manager)에 대한 권한을 제거합니다.

 2023년 9월 6일
AWS_ConfigRole – "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" 추가

이제이 정책은AWS App Mesh,AWS CloudFormation, Amazon CloudFront AWS CodeArtifact,AWS CodeBuild, Amazon Connect,AWS Glue, Amazon GuardDuty,AWS Identity and Access Management(IAM), Amazon Inspector,AWS IoT,AWS IoT TwinMaker,AWS IoT 무선, Amazon Managed Streaming for Apache Kafka, Amazon Macie,AWS Elemental MediaConnect,AWS Network Manager,AWS OrganizationsAWS 리소스 탐색기, Amazon Route 53, Amazon Simple Storage Service(Amazon S3), Amazon Simple Notification Service(Amazon SNS)에 대한 추가 권한을 지원합니다.

 2023년 7월 28일
AWSConfigServiceRolePolicy – "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" 추가

이제이 정책은 Amazon WorkSpaces Applications AWS App Mesh,AWS CloudFormation, Amazon CloudFront,,AWS CodeArtifactAWS CodeBuild, Amazon Connect,AWS Glue, Amazon GuardDuty,AWS Identity and Access Management(IAM), Amazon Inspector,AWS IoT,AWS IoT TwinMaker,AWS IoT 무선, Amazon Managed Streaming for Apache Kafka, Amazon Macie,AWS Elemental MediaConnect,AWS Network ManagerAWS Organizations,AWS 리소스 탐색기,, Amazon Route 53, Amazon Simple Storage Service(Amazon S3), Amazon Simple Notification Service(Amazon SNS) 및 Amazon EC2 Systems Manager(SSM)에 대한 추가 권한을 지원합니다.

 2023년 7월 28일
AWS_ConfigRole – "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" 추가

이 정책은 이제에 대한 추가 권한을 지원합니다AWS Amplify. Amazon Connect AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena,AWS Batch,AWS CloudFormation,AWS CloudTrail,AWS CodeArtifact, Amazon CodeGuru AWS Directory Service, Amazon DynamoDB, Amazon Elastic Compute Cloud(Amazon EC2), Amazon CloudWatch Evidently AWS Organizations, Amazon Forecast,AWS IoT Greengrass,AWS Ground Station,AWS Identity and Access Management(IAM), Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon Lightsail, Amazon CloudWatch Logs,AWS Elemental MediaConnect,AWS Elemental MediaTailor, Amazon Pinpoint, Amazon Virtual Private Cloud(Amazon VPC), Personalize, Amazon Quick Suite,AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service(Amazon S3), Amazon SageMaker AI,AWS Transfer Family.

 2023년 6월 13일
AWSConfigServiceRolePolicy – "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" 추가

이 정책은 이제에 대한 추가 권한을 지원합니다AWS Amplify. Amazon Connect AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena,AWS Batch,AWS CloudFormation,AWS CloudTrail,AWS CodeArtifact, Amazon CodeGuru AWS Directory Service, Amazon DynamoDB, Amazon Elastic Compute Cloud(Amazon EC2), Amazon CloudWatch Evidently AWS Organizations,Amazon Forecast,AWS IoT Greengrass,AWS Ground Station,AWS Identity and Access Management(IAM), Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon Lightsail, Amazon CloudWatch Logs,AWS Elemental MediaConnect,AWS Elemental MediaTailor, Amazon Pinpoint, Amazon Virtual Private Cloud(Amazon VPC), Personalize, Amazon Quick Suite,AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service(Amazon S3), Amazon SageMaker AI,AWS Transfer Family.

 2023년 6월 13일
AWSConfigServiceRolePolicy – amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations 추가

이제이 정책은 Amazon Managed Workflows for AWS Amplify,AWS App Mesh,AWS App Runner,, Amazon CloudFront,AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,AWS Transfer Family, Amazon Pinpoint,AWS Migration Hub,AWS Resilience Hub, Amazon CloudWatch,AWS Directory Service 및에 대한 추가 권한을 지원합니다AWS WAF.

 2023년 4월 13일
AWS_ConfigRole – amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations 추가

이제이 정책은 Amazon Managed Workflows for AWS Amplify,AWS App Mesh,AWS App Runner,, Amazon CloudFront,AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,AWS Transfer Family, Amazon Pinpoint,AWS Migration Hub,AWS Resilience Hub, Amazon CloudWatch,AWS Directory Service 및에 대한 추가 권한을 지원합니다AWS WAF.

 2023년 4월 13일
AWSConfigServiceRolePolicy – appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions 추가

이제이 정책은 Amazon Managed Workflows for Amazon AppFlow,AWS App Runner, Amazon WorkSpaces Applications, Amazon CloudFront, Amazon CloudWatch,AWS CodeArtifact,AWS CodeCommit,AWS Device Farm Amazon CloudWatch Evidently, Amazon Forecast,AWS Ground Station,AWS Identity and Access Management(IAM),AWS IoT Amazon MemoryDB, Amazon Pinpoint,AWS Network Manager,AWS Panorama Amazon Relational Database Service(RDS), Amazon Redshift 및 Amazon SageMaker AI에 대한 추가 권한을 지원합니다.

 2023년 3월 30일
AWS_ConfigRole – appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions 추가

이 정책은 이제 Amazon Managed Workflows for Amazon AppFlow,AWS App Runner, Amazon WorkSpaces Applications,AWS CloudFormation, Amazon CloudFront, Amazon CloudWatch,AWS CodeArtifactAWS CodeCommit,AWS Device Farm,, Amazon Elastic Compute Cloud(Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast AWS Ground Station,AWS Identity and Access Management(IAM),AWS IoT, Amazon MemoryDB, Amazon Pinpoint,AWS Network ManagerAWS Panorama, Amazon Relational Database Service(Amazon RDS), Amazon Redshift 및 Amazon SageMaker AI에 대한 추가 권한을 지원합니다.

 2023년 3월 30일

AWSConfigRulesExecutionRole -이AWS관리형 정책에 대한 변경 사항 추적을AWS Config시작합니다.

이 정책은AWS Lambda함수가AWS Config API 및가 Amazon S3에 주기적으로AWS Config전송하는 구성 스냅샷에 액세스할 수 있도록 허용합니다. 이 액세스는AWS사용자 지정 Lambda 규칙에 대한 구성 변경을 평가하는 함수에 필요합니다.

 2023년 3월 7일

AWSConfigRoleForOrganizations -이AWS관리형 정책에 대한 변경 사항 추적을AWS Config시작합니다.

이 정책은가 읽기 전용AWS Organizations APIs 호출AWS Config하도록 허용합니다.

 2023년 3월 7일

AWSConfigRemediationServiceRolePolicy -이AWS관리형 정책에 대한 변경 사항 추적을AWS Config시작합니다.

이 정책은AWS Config가 사용자를 대신하여 NON_COMPLIANT 리소스를 수정할 수 있도록 허용합니다.

 2023년 3월 7일

AWSConfigServiceRolePolicy – auditmanager:GetAccountStatus 추가

이 정책은 이제AWS Audit Manager내 계정의 등록 상태를 반환할 수 있는 권한을 부여합니다.

 2023년 3월 3일

AWS_ConfigRole – auditmanager:GetAccountStatus 추가

이 정책은 이제AWS Audit Manager내 계정의 등록 상태를 반환할 수 있는 권한을 부여합니다.

 2023년 3월 3일

AWSConfigMultiAccountSetupPolicy -이AWS관리형 정책에 대한 변경 사항 추적을AWS Config시작합니다.

이 정책은AWS Config가AWS서비스를 호출하고를 사용하여 조직 전체에 리소스를 배포할AWS Config수 있도록 허용합니다AWS Organizations.

 2023년 2월 27일

AWSConfigServiceRolePolicy – airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries 추가

이제이 정책은 Amazon Managed Workflows for Apache Airflow,AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer,AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller(ARC),AWS Device Farm Amazon Elastic Compute Cloud(Amazon EC2), Amazon Pinpoint,AWS Identity and Access Management(IAM), Amazon GuardDuty 및 Amazon CloudWatch Logs에 대한 추가 권한을 지원합니다.

 2023년 2월 1일

AWS_ConfigRole – airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries 추가

이제이 정책은 Amazon Managed Workflows for Apache Airflow,AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer,AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller(ARC),AWS Device Farm Amazon Elastic Compute Cloud(Amazon EC2), Amazon Pinpoint,AWS Identity and Access Management(IAM), Amazon GuardDuty 및 Amazon CloudWatch Logs에 대한 추가 권한을 지원합니다.

 2023년 2월 1일

ConfigConformsServiceRolePolicy – config:DescribeConfigRules 업데이트

보안 모범 사례로서 이 정책은 이제 config:DescribeConfigRules에 대한 광범위한 리소스 수준 권한을 제거합니다.

 2023년 1월 12일

AWSConfigServiceRolePolicy – APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource 추가

이제이 정책은 Amazon Managed Service for Prometheus,AWS Audit Manager,AWS Device Farm,AWS Database Migration Service(AWS DMS),AWS Directory Service Amazon Elastic Compute Cloud(Amazon EC2),AWS Glue,AWS IoT, Amazon Lightsail,AWS Elemental MediaPackage,AWS Network Manager, Amazon Quick Suite AWS Resource Access Manager, Amazon Application Recovery Controller(ARC), Amazon Simple Storage Service(Amazon S3) 및 Amazon Timestream에 대한 추가 권한을 지원합니다.

 2022년 12월 15일

AWS_ConfigRole – APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource 추가

이제이 정책은 Amazon Managed Service for Prometheus,AWS Audit Manager,AWS Device Farm,AWS Database Migration Service(AWS DMS),AWS Directory Service Amazon Elastic Compute Cloud(Amazon EC2),AWS Glue,AWS IoT, Amazon Lightsail,AWS Elemental MediaPackage,AWS Network Manager, Amazon Quick Suite AWS Resource Access Manager, Amazon Application Recovery Controller(ARC), Amazon Simple Storage Service(Amazon S3) 및 Amazon Timestream에 대한 추가 권한을 지원합니다.

 2022년 12월 15일

AWSConfigServiceRolePolicy – cloudformation:ListStackResources and cloudformation:ListStacks 추가

이제이 정책은 지정된AWS CloudFormation스택의 모든 리소스에 대한 설명을 반환하고 상태가 지정된와 일치하는 스택에 대한 요약 정보를 반환할 수 있는 권한을 부여합니다StackStatusFilter.

 2022년 11월 7일

AWS_ConfigRole – cloudformation:ListStackResources and cloudformation:ListStacks 추가

이제이 정책은 지정된AWS CloudFormation스택의 모든 리소스에 대한 설명을 반환하고 상태가 지정된와 일치하는 스택에 대한 요약 정보를 반환할 수 있는 권한을 부여합니다StackStatusFilter.

 2022년 11월 7일

AWSConfigServiceRolePolicy – acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups 추가

이제이 정책은에 대한 추가 권한을 지원합니다AWS Certificate Manager. Amazon Managed Workflows for Apache Airflow,AWS Amplify,AWS AppConfig, Amazon Keyspaces, Amazon CloudWatch, Amazon Connect AWS Glue DataBrew, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service(Amazon EKS), Amazon EventBridge AWS Fault Injection Service, Amazon Fraud Detector, Amazon FSx, Amazon GameLift 서버, Amazon Location Service AWS IoT, Amazon Lex, Amazon Lightsail, Amazon Pinpoint,OpsWorks,AWS Panorama,AWS Resource Access Manager, Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Rekognition,AWS RoboMaker,AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service(Amazon S3),AWS Cloud Map, 및AWS Security Token Service.

 2022년 10월 19일

AWS_ConfigRole – acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups 추가

이제이 정책은에 대한 추가 권한을 지원합니다AWS Certificate Manager. Amazon Managed Workflows for Apache Airflow,AWS Amplify,AWS AppConfig, Amazon Keyspaces, Amazon CloudWatch, Amazon Connect AWS Glue DataBrew, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service(Amazon EKS), Amazon EventBridge AWS Fault Injection Service, Amazon Fraud Detector, Amazon FSx, Amazon GameLift 서버, Amazon Location Service AWS IoT, Amazon Lex, Amazon Lightsail, Amazon Pinpoint,OpsWorks,AWS Panorama,AWS Resource Access Manager, Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Rekognition,AWS RoboMaker,AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service(Amazon S3),AWS Cloud Map, 및AWS Security Token Service.

 2022년 10월 19일

AWSConfigServiceRolePolicy – Glue::GetTable 추가

이제이 정책은 지정된AWS Glue테이블의 데이터 카탈로그에서 테이블 정의를 검색할 수 있는 권한을 부여합니다.

 2022년 9월 14일

AWS_ConfigRole – Glue::GetTable 추가

이제이 정책은 지정된AWS Glue테이블의 데이터 카탈로그에서 테이블 정의를 검색할 수 있는 권한을 부여합니다.

 2022년 9월 14일

AWSConfigServiceRolePolicy – appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource 추가

이 정책은 이제 Amazon AppFlow에 대한 추가 권한을 지원합니다. Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOpsGuru, Amazon Elastic Compute Cloud(Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon EventBridge, Amazon EventBridge 스키마,Amazon FinSpace, Amazon Fraud Detector, Amazon GameLift 서버, Amazon Interactive Video Service(Amazon IVS), Amazon Managed Service for Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller(ARC),Amazon Route 53 Resolver, Amazon Simple Storage Service(Amazon S3), Amazon SimpleDB, Amazon Simple Email Service(Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSyncAWS Auto Scaling,AWS Backup,,AWS Budgets,AWS Cost Explorer,AWS Cloud9AWS Directory Service,AWS DataSync,,,AWS Elemental MediaPackageAWS Glue,AWS IoT,AWS IoT 분석,AWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,,AWS Lake FormationAWS License Manager,,AWS Resilience HubAWS Signer, 및AWS Transfer Family.

 2022년 9월 7일

AWS_ConfigRole – appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource 추가

이 정책은 이제 Amazon AppFlow에 대한 추가 권한을 지원합니다. Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOpsGuru, Amazon Elastic Compute Cloud(Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon EventBridge, Amazon EventBridge 스키마,Amazon FinSpace, Amazon Fraud Detector, Amazon GameLift 서버, Amazon Interactive Video Service(Amazon IVS), Amazon Managed Service for Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller(ARC),Amazon Route 53 Resolver, Amazon Simple Storage Service(Amazon S3), Amazon SimpleDB, Amazon Simple Email Service(Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSyncAWS Auto Scaling,AWS Backup,,AWS Budgets,AWS Cost Explorer,AWS Cloud9AWS Directory Service,AWS DataSync,,,AWS Elemental MediaPackageAWS Glue,AWS IoT,AWS IoT 분석,AWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,,AWS Lake FormationAWS License Manager,,AWS Resilience HubAWS Signer, 및AWS Transfer Family

 2022년 9월 7일
AWSConfigServiceRolePolicy – airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries 추가 이제이 정책은 Amazon Managed Workflows for Apache Airflow,AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller(ARC),AWS Device Farm Amazon Elastic Compute Cloud(Amazon EC2), Amazon Pinpoint,AWS Identity and Access Management(IAM), Amazon GuardDuty 및 Amazon CloudWatch Logs에 대한 추가 권한을 지원합니다. 2023년 2월 1일

AWS_ConfigRole – airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries 추가

이제이 정책은 Amazon Managed Workflows for Apache Airflow,AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer,AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller(ARC),AWS Device Farm Amazon Elastic Compute Cloud(Amazon EC2), Amazon Pinpoint,AWS Identity and Access Management(IAM), Amazon GuardDuty 및 Amazon CloudWatch Logs에 대한 추가 권한을 지원합니다.

 2023년 2월 1일

ConfigConformsServiceRolePolicy – config:DescribeConfigRules 업데이트

보안 모범 사례로서 이 정책은 이제 config:DescribeConfigRules에 대한 광범위한 리소스 수준 권한을 제거합니다.

 2023년 1월 12일

AWSConfigServiceRolePolicy – APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource 추가

이제이 정책은 Amazon Managed Service for Prometheus,AWS Audit Manager,AWS Device Farm,AWS Database Migration Service(AWS DMS),AWS Directory Service Amazon Elastic Compute Cloud(Amazon EC2),AWS Glue,AWS IoT, Amazon Lightsail,AWS Elemental MediaPackage,AWS Network Manager, Amazon Quick Suite AWS Resource Access Manager, Amazon Application Recovery Controller(ARC), Amazon Simple Storage Service(Amazon S3) 및 Amazon Timestream에 대한 추가 권한을 지원합니다.

 2022년 12월 15일

AWS_ConfigRole – APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource 추가

이제이 정책은 Amazon Managed Service for Prometheus,AWS Audit Manager,AWS Device Farm,AWS Database Migration Service(AWS DMS),AWS Directory Service Amazon Elastic Compute Cloud(Amazon EC2),AWS Glue,AWS IoT, Amazon Lightsail,AWS Elemental MediaPackage,AWS Network Manager, Amazon Quick Suite AWS Resource Access Manager, Amazon Application Recovery Controller(ARC), Amazon Simple Storage Service(Amazon S3) 및 Amazon Timestream에 대한 추가 권한을 지원합니다.

 2022년 12월 15일

AWSConfigServiceRolePolicy – cloudformation:ListStackResources and cloudformation:ListStacks 추가

이제이 정책은 지정된AWS CloudFormation스택의 모든 리소스에 대한 설명을 반환하고 상태가 지정된와 일치하는 스택에 대한 요약 정보를 반환할 수 있는 권한을 부여합니다StackStatusFilter.

 2022년 11월 7일

AWS_ConfigRole – cloudformation:ListStackResources and cloudformation:ListStacks 추가

이제이 정책은 지정된AWS CloudFormation스택의 모든 리소스에 대한 설명을 반환하고 상태가 지정된와 일치하는 스택에 대한 요약 정보를 반환할 수 있는 권한을 부여합니다StackStatusFilter.

 2022년 11월 7일

AWSConfigServiceRolePolicy – acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups 추가

이제이 정책은에 대한 추가 권한을 지원합니다AWS Certificate Manager. Amazon Managed Workflows for Apache Airflow,AWS Amplify,AWS AppConfig, Amazon Keyspaces, Amazon CloudWatch, Amazon Connect AWS Glue DataBrew, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service(Amazon EKS), Amazon EventBridge AWS Fault Injection Service, Amazon Fraud Detector, Amazon FSx, Amazon GameLift 서버, Amazon Location Service AWS IoT, Amazon Lex, Amazon Lightsail, Amazon Pinpoint,OpsWorks,AWS Panorama,AWS Resource Access Manager, Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Rekognition,AWS RoboMaker,AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service(Amazon S3),AWS Cloud Map, 및AWS Security Token Service.

 2022년 10월 19일

AWS_ConfigRole – acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups 추가

이제이 정책은에 대한 추가 권한을 지원합니다AWS Certificate Manager. Amazon Managed Workflows for Apache Airflow,AWS Amplify,AWS AppConfig, Amazon Keyspaces, Amazon CloudWatch, Amazon Connect AWS Glue DataBrew, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service(Amazon EKS), Amazon EventBridge AWS Fault Injection Service, Amazon Fraud Detector, Amazon FSx, Amazon GameLift 서버, Amazon Location Service AWS IoT, Amazon Lex, Amazon Lightsail, Amazon Pinpoint,OpsWorks,AWS Panorama,AWS Resource Access Manager, Amazon Quick Suite, Amazon Relational Database Service(RDS), Amazon Rekognition,AWS RoboMaker,AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service(Amazon S3),AWS Cloud Map, 및AWS Security Token Service.

 2022년 10월 19일

AWSConfigServiceRolePolicy – Glue::GetTable 추가

이제이 정책은 지정된AWS Glue테이블의 데이터 카탈로그에서 테이블 정의를 검색할 수 있는 권한을 부여합니다.

 2022년 9월 14일

AWS_ConfigRole – Glue::GetTable 추가

이제이 정책은 지정된AWS Glue테이블의 데이터 카탈로그에서 테이블 정의를 검색할 수 있는 권한을 부여합니다.

 2022년 9월 14일

AWSConfigServiceRolePolicy – appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource 추가

이 정책은 이제 Amazon AppFlow에 대한 추가 권한을 지원합니다. Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOpsGuru, Amazon Elastic Compute Cloud(Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon EventBridge, Amazon EventBridge 스키마,Amazon FinSpace, Amazon Fraud Detector, Amazon GameLift 서버, Amazon Interactive Video Service(Amazon IVS), Amazon Managed Service for Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller(ARC),Amazon Route 53 Resolver, Amazon Simple Storage Service(Amazon S3), Amazon SimpleDB, Amazon Simple Email Service(Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSyncAWS Auto Scaling,AWS Backup,,AWS Budgets,AWS Cost Explorer,AWS Cloud9AWS Directory Service,AWS DataSync,,,AWS Elemental MediaPackageAWS Glue,AWS IoT,AWS IoT 분석,AWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,,AWS Lake FormationAWS License Manager,,AWS Resilience HubAWS Signer, 및AWS Transfer Family.

 2022년 9월 7일

AWS_ConfigRole – appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource 추가

이 정책은 이제 Amazon AppFlow에 대한 추가 권한을 지원합니다. Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOpsGuru, Amazon Elastic Compute Cloud(Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon EventBridge, Amazon EventBridge 스키마,Amazon FinSpace, Amazon Fraud Detector, Amazon GameLift 서버, Amazon Interactive Video Service(Amazon IVS), Amazon Managed Service for Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller(ARC),Amazon Route 53 Resolver, Amazon Simple Storage Service(Amazon S3), Amazon SimpleDB, Amazon Simple Email Service(Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSyncAWS Auto Scaling,AWS Backup,,AWS Budgets,AWS Cost Explorer,AWS Cloud9AWS Directory Service,AWS DataSync,,,AWS Elemental MediaPackageAWS Glue,AWS IoT,AWS IoT 분석,AWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,,AWS Lake FormationAWS License Manager,,AWS Resilience HubAWS Signer, 및AWS Transfer Family

 2022년 9월 7일

AWSConfigServiceRolePolicy – datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists 추가

이제이 정책은에서 에이전트, DataSync 소스 및 대상 위치, DataSync 작업 목록을AWS DataSync반환하고AWS 계정,에서 하나 이상의 지정된 네임스페이스와 연결된 네임스페이스 및 서비스에 대한AWS Cloud Map요약 정보를 나열하고AWS 계정,에서 사용할 수 있는 모든 Amazon Simple Email Service(Amazon SES) 연락처 목록을 나열할 수 있는 권한을 부여합니다AWS 계정.

 2022년 8월 22일

AWS_ConfigRole – datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists 추가

이제이 정책은에서 에이전트, DataSync 소스 및 대상 위치, DataSync 작업 목록을AWS DataSync반환하고AWS 계정,에서 하나 이상의 지정된 네임스페이스와 연결된 네임스페이스 및 서비스에 대한AWS Cloud Map요약 정보를 나열하고AWS 계정,에서 사용할 수 있는 모든 Amazon Simple Email Service(Amazon SES) 연락처 목록을 나열할 수 있는 권한을 부여합니다AWS 계정.

 2022년 8월 22일

ConfigConformsServiceRolePolicy – cloudwatch:PutMetricData 추가

이 정책은 이제 Amazon CloudWatch에 지표 데이터 포인트를 게시할 수 있는 권한을 부여합니다.

 2022년 7월 25일

AWSConfigServiceRolePolicy – amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet 추가

이 정책은 이제 Amazon Elastic Container Service(Amazon ECS), Amazon ElastiCache, Amazon EventBridge, Amazon FSx, Amazon Managed Service for Apache Flink, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition AWS RoboMaker, Amazon Simple Storage Service(Amazon S3), Amazon Simple Email Service(Amazon SES),AWS Amplify,AWS AppConfig,,AWS AppSyncAWS Billing Conductor,AWS Firewall Manager,AWS DataSync,AWS GlueAWS IAM Identity Center,(IAM Identity Center), EC2 Image Builder 및 Elastic Load Balancing에 대한 추가 권한을 지원합니다.

 2022년 7월 15일

AWS_ConfigRole – amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet 추가

이 정책은 이제 Amazon Elastic Container Service(Amazon ECS), Amazon ElastiCache, Amazon EventBridge, Amazon FSx, Amazon Managed Service for Apache Flink, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition AWS RoboMaker, Amazon Simple Storage Service(Amazon S3), Amazon Simple Email Service(Amazon SES),AWS Amplify,AWS AppConfig,,AWS AppSyncAWS Billing Conductor,AWS Firewall Manager,AWS DataSync,AWS GlueAWS IAM Identity Center,(IAM Identity Center), EC2 Image Builder 및 Elastic Load Balancing에 대한 추가 권한을 지원합니다.

 2022년 7월 15일

AWSConfigServiceRolePolicy – athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource 추가

이제이 정책은 지정된 Amazon Athena 데이터 카탈로그를 가져올 수 있는 권한을 부여합니다. 에 Athena 데이터 카탈로그 나열AWS 계정및 Athena 작업 그룹 또는 데이터 카탈로그 리소스와 연결된 태그 나열 Amazon Detective 동작 그래프 목록을 가져오고 Detective 동작 그래프의 태그를 나열하려면 지정된AWS Glue개발 엔드포인트 이름 목록에 대한 리소스 메타데이터 목록 가져오기 지정된AWS Glue개발 엔드포인트에 대한 정보 가져오기 에서AWS Glue모든 개발 엔드포인트 가져오기AWS 계정지정된AWS Glue보안 구성을 검색합니다. 모든AWS Glue보안 구성 가져오기AWS Glue리소스와 연결된 태그 목록 가져오기 지정된 이름의AWS Glue작업 그룹에 대한 정보를 가져옵니다. 계정에 있는 모든AWS GlueAWS크롤러 리소스의 이름을 검색합니다. 에 있는 모든AWS GlueDevEndpoint 리소스의 이름을 가져옵니다AWS 계정. 에 있는 모든AWS Glue작업 리소스의 이름을 나열합니다AWS 계정.AWS Glue멤버 계정에 대한 세부 정보 가져오기 계정에서 생성된AWS Glue워크플로의 목록 이름 및 계정에 사용 가능한AWS Glue작업 그룹 나열 Amazon GuardDuty 필터에 대한 세부 정보를 검색하려면 GuardDuty IPSet 검색 GuardDuty ThreatIntelSet 검색 GuardDuty 멤버 계정 검색 GuardDuty 필터 목록 가져오기 GuardDuty 서비스의 IPSets를 가져옵니다. GuardDuty Service에 대한 태그 검색 및 GuardDuty 서비스의 ThreatIntelSets 가져오기 Amazon Macie 계정의 현재 상태 및 구성 설정을 가져오는 방법AWS Resource Access Manager(AWS RAM) 리소스 공유에 대한 리소스 및 보안 주체 연결을 검색하고 리소스 공유에 대한AWS RAM세부 정보를 검색합니다. Amazon Simple Email Service(Amazon SES) 기존 구성 세트에 대한 정보를 가져오려면 Amazon SES 구성 세트와 연결된 이벤트 대상 목록 가져오기 및는 Amazon SES 계정과 연결된 모든 구성 세트를 나열합니다. Identity Center 디렉터리 속성 목록을 가져오려면AWS IAM Identity Center권한 세트의 세부 정보를 가져옵니다. 지정된 IAM Identity Center 권한 세트에 연결된 IAM 관리형 정책을 가져옵니다. IAM Identity Center 인스턴스에 대해 설정된 권한 가져오기 및 IAM Identity Center 리소스에 대한 태그를 가져옵니다.

 2022년 5월 31일

AWS_ConfigRole – athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource 추가

이제이 정책은 지정된 Amazon Athena 데이터 카탈로그를 가져올 수 있는 권한을 부여합니다. 에 Athena 데이터 카탈로그 나열AWS 계정및 Athena 작업 그룹 또는 데이터 카탈로그 리소스와 연결된 태그 나열 Amazon Detective 동작 그래프 목록을 가져오고 Detective 동작 그래프의 태그를 나열하려면 지정된AWS Glue개발 엔드포인트 이름 목록에 대한 리소스 메타데이터 목록 가져오기 지정된AWS Glue개발 엔드포인트에 대한 정보 가져오기 에서AWS Glue모든 개발 엔드포인트 가져오기AWS 계정지정된AWS Glue보안 구성을 검색합니다. 모든AWS Glue보안 구성 가져오기AWS Glue리소스와 연결된 태그 목록 가져오기 지정된 이름의AWS Glue작업 그룹에 대한 정보를 가져옵니다. 계정에 있는 모든AWS GlueAWS크롤러 리소스의 이름을 검색합니다. 에 있는 모든AWS GlueDevEndpoint 리소스의 이름을 가져옵니다AWS 계정. 에 있는 모든AWS Glue작업 리소스의 이름을 나열합니다AWS 계정.AWS Glue멤버 계정에 대한 세부 정보 가져오기 계정에서 생성된AWS Glue워크플로의 목록 이름 및 계정에 사용 가능한AWS Glue작업 그룹 나열 Amazon GuardDuty 필터에 대한 세부 정보를 검색하려면 GuardDuty IPSet 검색 GuardDuty ThreatIntelSet 검색 GuardDuty 멤버 계정 검색 GuardDuty 필터 목록 가져오기 GuardDuty 서비스의 IPSets를 가져옵니다. GuardDuty Service에 대한 태그 검색 및 GuardDuty 서비스의 ThreatIntelSets 가져오기 Amazon Macie 계정의 현재 상태 및 구성 설정을 가져오는 방법AWS Resource Access Manager(AWS RAM) 리소스 공유에 대한 리소스 및 보안 주체 연결을 검색하고 리소스 공유에 대한AWS RAM세부 정보를 검색합니다. Amazon Simple Email Service(Amazon SES) 기존 구성 세트에 대한 정보를 가져오려면 Amazon SES 구성 세트와 연결된 이벤트 대상 목록 가져오기 및는 Amazon SES 계정과 연결된 모든 구성 세트를 나열합니다. Identity Center 디렉터리 속성 목록을 가져오려면AWS IAM Identity Center권한 세트의 세부 정보를 가져옵니다. 지정된 IAM Identity Center 권한 세트에 연결된 IAM 관리형 정책을 가져옵니다. IAM Identity Center 인스턴스에 대해 설정된 권한 가져오기 및 IAM Identity Center 리소스에 대한 태그를 가져옵니다.

 2022년 5월 31일

AWSConfigServiceRolePolicy – cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies 추가

이제이 정책은 전체 또는 지정된AWS CloudTrail이벤트 데이터 스토어(EDS)에 대한 정보를 가져오고, 전체 또는 지정된AWS CloudFormation리소스에 대한 정보를 가져오고, DynamoDB Accelerator(DAX) 파라미터 그룹 또는 서브넷 그룹의 목록을 가져오고, 액세스 중인 현재 리전의 계정에 대한AWS Database Migration Service(AWS DMS) 복제 작업에 대한 정보를 가져오고, 지정된 유형의에 있는 모든 정책 목록을 가져올 수AWS Organizations있는 권한을 부여합니다.

 2022년 4월 7일

AWS_ConfigRole – cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies 추가

이제이 정책은 전체 또는 지정된AWS CloudTrail이벤트 데이터 스토어(EDS)에 대한 정보를 가져오고, 전체 또는 지정된AWS CloudFormation리소스에 대한 정보를 가져오고, DynamoDB Accelerator(DAX) 파라미터 그룹 또는 서브넷 그룹의 목록을 가져오고, 액세스 중인 현재 리전의 계정에 대한AWS Database Migration Service(AWS DMS) 복제 작업에 대한 정보를 가져오고, 지정된 유형의에 있는 모든 정책 목록을 가져올 수AWS Organizations있는 권한을 부여합니다.

 2022년 4월 7일

AWSConfigServiceRolePolicy – backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces 추가

이제이 정책은AWS BackupAWS Batch, DynamoDB Accelerator,AWS Database Migration Service Amazon DynamoDB, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service, Amazon FSx, Amazon GuardDuty,AWS Key Management ServiceAWS OpsWorks, Amazon Relational Database Service,AWS WAF V2 및 Amazon WorkSpaces에 대한 추가 권한을 지원합니다.

 2022년 3월 14일

AWS_ConfigRole – backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces 추가

이제이 정책은AWS BackupAWS Batch, DynamoDB Accelerator,AWS Database Migration Service Amazon DynamoDB, Amazon Elastic Compute Cloud(Amazon EC2), Amazon Elastic Kubernetes Service, Amazon FSx, Amazon GuardDuty,AWS Key Management ServiceAWS OpsWorks, Amazon Relational Database Service,AWS WAF V2 및 Amazon WorkSpaces에 대한 추가 권한을 지원합니다.

 2022년 3월 14일

AWSConfigServiceRolePolicy – elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies 추가

이 정책은 이제 Elastic Beanstalk 환경에 대한 세부 정보 및 지정된 Elastic Beanstalk 구성 세트의 설정에 대한 설명을 가져오고, OpenSearch 또는 Elasticsearch 버전의 맵을 가져오고, 데이터베이스에 사용할 수 있는 Amazon RDS 옵션 그룹을 설명하고, CodeDeploy 배포 구성에 대한 정보를 가져올 수 있는 권한을 부여합니다. 또한이 정책은에 연결된 지정된 대체 연락처를 검색하고AWS 계정,AWS Organizations정책에 대한 정보를 검색하고, Amazon ECR 리포지토리 정책을 검색하고, 아카이브된AWS Config규칙에 대한 정보를 검색하고, Amazon ECS 태스크 정의 패밀리 목록을 검색하고, 지정된 하위 OUs 또는 계정의 루트 또는 상위 조직 단위(OU)를 나열하고, 지정된 대상 루트, 조직 단위 또는 계정에 연결된 정책을 나열할 수 있는 권한을 부여합니다.

 2022년 2월 10일

AWS_ConfigRole – elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies 추가

이 정책은 이제 Elastic Beanstalk 환경에 대한 세부 정보 및 지정된 Elastic Beanstalk 구성 세트의 설정에 대한 설명을 가져오고, OpenSearch 또는 Elasticsearch 버전의 맵을 가져오고, 데이터베이스에 사용할 수 있는 Amazon RDS 옵션 그룹을 설명하고, CodeDeploy 배포 구성에 대한 정보를 가져올 수 있는 권한을 부여합니다. 또한이 정책은에 연결된 지정된 대체 연락처를 검색하고AWS 계정,AWS Organizations정책에 대한 정보를 검색하고, Amazon ECR 리포지토리 정책을 검색하고, 아카이브된AWS Config규칙에 대한 정보를 검색하고, Amazon ECS 태스크 정의 패밀리 목록을 검색하고, 지정된 하위 OUs 또는 계정의 루트 또는 상위 조직 단위(OU)를 나열하고, 지정된 대상 루트, 조직 단위 또는 계정에 연결된 정책을 나열할 수 있는 권한을 부여합니다.

 2022년 2월 10일

AWSConfigServiceRolePolicy – logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent 추가

이 정책은 이제 Amazon CloudWatch 로그 그룹 및 스트림을 생성하고 생성된 로그 스트림에 로그를 쓸 수 있는 권한을 부여합니다.

 2021년 12월 15일

AWS_ConfigRole – logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent 추가

이 정책은 이제 Amazon CloudWatch 로그 그룹 및 스트림을 생성하고 생성된 로그 스트림에 로그를 쓸 수 있는 권한을 부여합니다.

 2021년 12월 15일

AWSConfigServiceRolePolicy – es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots 추가

이 정책은 이제 Amazon OpenSearch Service(OpenSearch Service) 도메인에 대한 세부 정보를 가져오고 특정 Amazon Relational Database Service(Amazon RDS) DB 파라미터 그룹에 대한 세부 파라미터 목록을 가져올 수 있는 권한을 부여합니다. 또한 이 정책은 Amazon ElastiCache 스냅샷에 대한 세부 정보를 가져올 수 있는 권한을 부여합니다.

 2021년 9월 8일

AWS_ConfigRole – es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots 추가

이 정책은 이제 Amazon OpenSearch Service(OpenSearch Service) 도메인에 대한 세부 정보를 가져오고 특정 Amazon Relational Database Service(Amazon RDS) DB 파라미터 그룹에 대한 세부 파라미터 목록을 가져올 수 있는 권한을 부여합니다. 또한 이 정책은 Amazon ElastiCache 스냅샷에 대한 세부 정보를 가져올 수 있는 권한을 부여합니다.

 2021년 9월 8일

AWSConfigServiceRolePolicy - 및AWS리소스 유형에 대한 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine추가 권한 추가

이 정책은 이제 로그 그룹의 태그를 나열하고, 상태 시스템의 태그를 나열하고, 모든 상태 시스템을 나열할 수 있는 권한을 부여합니다. 이 정책은 이제 상태 시스템에 대한 세부 정보를 가져올 수 있는 권한을 부여합니다. 이 정책은 이제 Amazon EC2 Systems Manager(SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon Relational Database Service(RDS), Amazon Route 53, Amazon SageMaker AI, Amazon Simple Notification Service AWS Database Migration Service,AWS Global Accelerator및에 대한 추가 권한도 지원합니다AWS Storage Gateway.

 2021년 7월 28일

AWS_ConfigRole -AWS리소스 유형에 대한 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine및 추가 권한 추가

이 정책은 이제 로그 그룹의 태그를 나열하고, 상태 시스템의 태그를 나열하고, 모든 상태 시스템을 나열할 수 있는 권한을 부여합니다. 이 정책은 이제 상태 시스템에 대한 세부 정보를 가져올 수 있는 권한을 부여합니다. 이 정책은 이제 Amazon EC2 Systems Manager(SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon Relational Database Service(RDS), Amazon Route 53, Amazon SageMaker AI, Amazon Simple Notification Service AWS Database Migration Service,AWS Global Accelerator및에 대한 추가 권한도 지원합니다AWS Storage Gateway.

 2021년 7월 28일

AWSConfigServiceRolePolicy -AWS리소스 유형에 대한 ssm:DescribeDocumentPermission 및 추가 권한 추가

이 정책은 이제AWS Systems Manager문서의 권한 및 IAM Access Analyzer에 대한 정보를 볼 수 있는 권한을 부여합니다. 이제이 정책은 Amazon Kinesis, Amazon ElastiCache, Amazon EMR AWS Network Firewall, Amazon Route 53 및 Amazon Relational Database Service(RDS)에 대한 추가AWS리소스 유형을 지원합니다. 이러한 권한 변경을 통해는 이러한 리소스 유형을 지원하는 데 필요한 읽기 전용 APIs AWS Config호출할 수 있습니다. 이 정책은 이제 lambda-inside-vpc 관리형 규칙에 대한 Lambda AWS Config@Edge 함수 필터링도 지원합니다.

 2021년 6월 8일

AWS_ConfigRole -AWS리소스 유형에 대한 ssm:DescribeDocumentPermission 및 추가 권한 추가

이 정책은 이제AWS Systems Manager문서의 권한 및 IAM Access Analyzer에 대한 정보를 볼 수 있는 권한을 부여합니다. 이제이 정책은 Amazon Kinesis, Amazon ElastiCache, Amazon EMR AWS Network Firewall, Amazon Route 53 및 Amazon Relational Database Service(RDS)에 대한 추가AWS리소스 유형을 지원합니다. 이러한 권한 변경을 통해는 이러한 리소스 유형을 지원하는 데 필요한 읽기 전용 APIs AWS Config호출할 수 있습니다. 이 정책은 이제 lambda-inside-vpc 관리형 규칙에 대한 Lambda AWS Config@Edge 함수 필터링도 지원합니다.

 2021년 6월 8일

AWSConfigServiceRolePolicy - API Gateway에 읽기 전용 GET 직접 호출을 수행할 수 있는 apigateway:GET 권한 및 Amazon S3 읽기 전용 API를 간접 호출할 수 있는 s3:GetAccessPointPolicy 권한 및 s3:GetAccessPointPolicyStatus 권한을 추가

이제이 정책은가 API Gateway AWS Config에 대한AWS Config규칙을 지원하기 위해 API Gateway에 대한 읽기 전용 GET 호출을 수행할 수 있는 권한을 부여합니다. 또한이 정책은가 새 AWS::S3::AccessPoint 리소스 유형을 지원하는AWS Config데 필요한 Amazon Simple Storage Service(Amazon S3) 읽기 전용 APIs를 호출할 수 있는 권한을 추가합니다.

 2021년 5월 10일

AWS_ConfigRole - API Gateway에 읽기 전용 GET 호출을 수행할 수 있는 apigateway:GET 권한 및 Amazon S3 읽기 전용 API를 간접 호출할 수 있는 s3:GetAccessPointPolicy 권한 및 s3:GetAccessPointPolicyStatus 권한을 추가

이제이 정책은가 API Gateway AWS Config용AWS Config를 지원하기 위해 API Gateway에 대한 읽기 전용 GET 호출을 수행할 수 있는 권한을 부여합니다. 또한이 정책은가 새 AWS::S3::AccessPoint 리소스 유형을 지원하는AWS Config데 필요한 Amazon Simple Storage Service(Amazon S3) 읽기 전용 APIs를 호출할 수 있는 권한을 추가합니다.

 2021년 5월 10일

AWSConfigServiceRolePolicy -AWS리소스 유형에 대한 ssm:ListDocuments 권한 및 추가 권한 추가

이 정책은 이제AWS Systems Manager에서 지정된 문서에 대한 정보를 볼 수 있는 권한을 부여합니다. 이 정책은 이제 Amazon Elastic File System AWS Backup, Amazon ElastiCache, Amazon Simple Storage Service(Amazon S3), Amazon Elastic Compute Cloud(Amazon EC2), Amazon Kinesis, Amazon SageMaker AI AWS Database Migration Service및 Amazon Route 53에 대한 추가AWS리소스 유형도 지원합니다. 이러한 권한 변경을 통해는 이러한 리소스 유형을 지원하는 데 필요한 읽기 전용 APIs AWS Config호출할 수 있습니다.

 2021년 4월 1일

AWS_ConfigRole -AWS리소스 유형에 대한 ssm:ListDocuments 권한 및 추가 권한 추가

이 정책은 이제AWS Systems Manager에서 지정된 문서에 대한 정보를 볼 수 있는 권한을 부여합니다. 이 정책은 이제 Amazon Elastic File System AWS Backup, Amazon ElastiCache, Amazon Simple Storage Service(Amazon S3), Amazon Elastic Compute Cloud(Amazon EC2), Amazon Kinesis, Amazon SageMaker AI AWS Database Migration Service및 Amazon Route 53에 대한 추가AWS리소스 유형도 지원합니다. 이러한 권한 변경을 통해는 이러한 리소스 유형을 지원하는 데 필요한 읽기 전용 APIs AWS Config호출할 수 있습니다.

 2021년 4월 1일

AWSConfigRole은 더 이상 사용되지 않습니다.

AWSConfigRole은 더 이상 사용되지 않습니다. 대체 정책은 AWS_ConfigRole입니다.

 2021년 4월 1일

AWS Config에서 변경 내용 추적 시작

AWS Config가AWS관리형 정책에 대한 변경 사항 추적을 시작했습니다.

 2021년 4월 1일