AWS políticas gerenciadas para AWS Config - AWS Config
AWSConfigServiceRolePolicyAWS_ConfigRoleAWSConfigUserAccessConfigConformsServiceRolePolicyAWSConfigRulesExecutionRoleAWSConfigMultiAccountSetupPolicyAWSConfigRoleForOrganizationsAWSConfigRemediationServiceRolePolicyAtualizações da política

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

AWS políticas gerenciadas para AWS Config

Uma política AWS gerenciada é uma política autônoma criada e administrada por AWS. AWS as políticas gerenciadas são projetadas para fornecer permissões para muitos casos de uso comuns, para que você possa começar a atribuir permissões a usuários, grupos e funções.

Lembre-se de que as políticas AWS gerenciadas podem não conceder permissões de privilégio mínimo para seus casos de uso específicos porque estão disponíveis para uso de todos os AWS clientes. Recomendamos que você reduza ainda mais as permissões definindo as políticas gerenciadas pelo cliente que são específicas para seus casos de uso.

Você não pode alterar as permissões definidas nas políticas AWS gerenciadas. Se AWS atualizar as permissões definidas em uma política AWS gerenciada, a atualização afetará todas as identidades principais (usuários, grupos e funções) às quais a política está anexada. AWS é mais provável que atualize uma política AWS gerenciada quando uma nova AWS service (Serviço da AWS) é lançada ou novas operações de API são disponibilizadas para serviços existentes.

Para saber mais, consulte AWS Políticas gerenciadas pela no Guia do usuário do IAM.

AWS política gerenciada: AWSConfigServiceRolePolicy

AWS Config usa a função vinculada ao serviço nomeada AWSServiceRoleForConfigpara chamar outros AWS serviços em seu nome. Quando você usa o Console de gerenciamento da AWS para configurar AWS Config, essa SLR é criada automaticamente AWS Config se você selecionar a opção de usar a AWS Config SLR em vez de sua própria função de serviço AWS Identity and Access Management (IAM).

O SLR AWSServiceRoleForConfig contém a política gerenciada AWSConfigServiceRolePolicy. Essa política gerenciada contém permissões somente leitura e somente gravação para recursos e permissões somente leitura para AWS Config recursos em outros serviços que oferecem suporte. AWS Config A política fornece acesso abrangente para monitorar e registrar alterações de configuração em toda a sua AWS infraestrutura, incluindo permissões para mais de 100 AWS serviços, como computação, armazenamento, rede, segurança, análise e serviços de aprendizado de máquina.

A política inclui permissões para as seguintes categorias de serviços:

  • access-analyzer— permite que os diretores analisem os padrões de acesso e recuperem as descobertas de segurança.

  • account— Permite que os diretores recuperem as informações de contato da conta.

  • acme acm-pca — Permite que os diretores gerenciem SSL/TLS certificados e autoridades de certificação privadas.

  • airflow— Permite que os diretores monitorem ambientes gerenciados do Apache Airflow.

  • amplifye amplifyuibuilder — Permite que os diretores monitorem aplicativos web e componentes de interface do usuário.

  • aoss— Permite que os diretores monitorem coleções OpenSearch sem servidor e configurações de segurança.

  • app-integrations— Permite que os diretores monitorem as configurações de integração de aplicativos.

  • appconfig— permite que os diretores monitorem as implantações de configuração de aplicativos.

  • appflow— Permite que os diretores monitorem as configurações de fluxo de dados entre os aplicativos.

  • application-autoscalinge application-signals — Permite que os diretores monitorem políticas de auto-scaling e métricas de desempenho de aplicativos.

  • appmesh— Permite que os diretores monitorem as configurações do service mesh.

  • apprunner— permite que os diretores monitorem aplicativos e serviços da web em contêineres.

  • appstream— Permite que os diretores monitorem as configurações de streaming de aplicativos.

  • appsync— Permite que os diretores monitorem as configurações da API GraphQL.

  • aps— Permite que os diretores monitorem as configurações de monitoramento do Prometheus.

  • apptest— Permite que os diretores monitorem as configurações de testes de aplicativos.

  • arc-zonal-shift— Permite que os diretores monitorem as configurações de turnos zonais quanto à disponibilidade.

  • athena— Permite que os diretores monitorem as configurações do mecanismo de consulta e os catálogos de dados.

  • auditmanager— Permite que os diretores monitorem as avaliações de auditoria e conformidade.

  • autoscalinge autoscaling-plans — Permite que os diretores monitorem grupos e planos de escalonamento automático.

  • b2bi— Permite que os diretores monitorem as configurações de business-to-business integração.

  • backupe backup-gateway — permite que os diretores monitorem as políticas de backup e as configurações de gateway.

  • batch— permite que os diretores monitorem ambientes de computação em lotes e filas de trabalhos.

  • bcm-data-exports— Permite que os diretores monitorem as exportações de dados de faturamento e gerenciamento de custos.

  • bedrocke bedrock-agentcore — Permite que os diretores monitorem os modelos básicos e as configurações dos agentes de IA.

  • billingconductor— Permite que os diretores monitorem as configurações do grupo de cobrança.

  • budgets— Permite que os diretores monitorem as configurações e ações orçamentárias.

  • cassandra— Permite que os diretores consultem as configurações gerenciadas do banco de dados Cassandra.

  • ce— permite que os diretores monitorem as configurações de relatórios de custo e uso.

  • cleanroomse cleanrooms-ml — permite que os diretores monitorem as configurações de colaboração de dados e aprendizado de máquina.

  • cloud9— Permite que os diretores monitorem as configurações do ambiente de desenvolvimento em nuvem.

  • cloudformation— Permite que os diretores monitorem a infraestrutura como configurações de pilha de código.

  • cloudfront— permite que os diretores monitorem as configurações da rede de distribuição de conteúdo.

  • cloudtrail— Permite que os diretores monitorem o registro da API e as configurações da trilha de auditoria.

  • cloudwatch— Permite que os diretores monitorem métricas, alarmes e configurações do painel.

  • codeartifact— Permite que os diretores monitorem as configurações do repositório de pacotes de software.

  • codebuild— Permite que os diretores monitorem as configurações do projeto de construção.

  • codecommit— Permite que os diretores monitorem as configurações do repositório de código-fonte.

  • codeconnections— Permite que os diretores monitorem conexões de origem de terceiros.

  • codedeploy— Permite que os diretores monitorem as configurações de implantação de aplicativos.

  • codeguru-profilere codeguru-reviewer — Permite que os diretores monitorem a análise de código e as configurações de criação de perfil.

  • codepipeline— permite que os diretores monitorem a integração contínua e as configurações do pipeline de implantação.

  • codestar-connections— Permite que os diretores monitorem as conexões das ferramentas do desenvolvedor.

  • cognito-identitye cognito-idp — Permite que os diretores monitorem as configurações de identidades e grupos de usuários.

  • comprehend— Permite que os diretores monitorem as configurações de processamento de linguagem natural.

  • config— permite que os diretores gerenciem o registro da configuração e o monitoramento da conformidade.

  • connect— Permite que os diretores monitorem as configurações do contact center.

Para obter mais informações sobre os tipos de recursos compatíveis, consulte Tipos de recursos suportados para AWS Config Usando funções vinculadas ao serviço para AWS Config e.

Para visualizar mais detalhes sobre a política, inclusive a versão mais recente do documento de política JSON, consulte AWSConfigServiceRolePolicy no AWS Managed Policy Reference Guide.

Recomendado: use a função vinculada ao serviço

É recomendável usar um perfil vinculado ao serviço, a menos que você tenha um caso de uso específico. Uma função vinculada ao serviço adiciona todas as permissões necessárias para o AWS Config ser executado conforme o esperado. Alguns recursos, como gravadores de configuração vinculados ao serviço, exigem que você use um perfil vinculado ao serviço.

AWS política gerenciada: AWS_ConfigRole

Para registrar suas configurações AWS de recursos, AWS Config são necessárias permissões do IAM para obter os detalhes de configuração sobre seus recursos. Se você deseja criar um perfil do IAM para o AWS Config, use a política gerenciada AWS_ConfigRole e anexe-a ao seu perfil do IAM.

Essa política do IAM é atualizada sempre que AWS Config adiciona suporte para um tipo de AWS recurso. Isso significa que AWS Config continuará a ter as permissões necessárias para registrar dados de configuração dos tipos de recursos suportados, desde que a AWS_Cfunção ConfigRole tenha essa política gerenciada anexada. A política fornece acesso abrangente para monitorar e registrar alterações de configuração em toda a sua AWS infraestrutura, incluindo permissões para mais de 100 AWS serviços, como computação, armazenamento, rede, segurança, análise e serviços de aprendizado de máquina. Para obter mais informações, consulte Tipos de recursos suportados para AWS Config e Permissões para a função do IAM atribuída a AWS Config.

Para ver mais detalhes sobre a política, incluindo a versão mais recente do documento de política JSON, consulte AWS_CInfigRole no Guia de referência de políticas AWS gerenciadas.

AWS política gerenciada: AWSConfigUserAccess

Essa política do IAM fornece acesso ao uso AWS Config, incluindo a pesquisa por tags nos recursos e a leitura de todas as tags. Isso não fornece permissão para configuração AWS Config, o que requer privilégios administrativos.

Veja esta política: AWSConfigUserAccess.

AWS política gerenciada: ConfigConformsServiceRolePolicy

Para implantar e gerenciar pacotes de conformidade, AWS Config são necessárias permissões do IAM e determinadas permissões de outros serviços. AWS Eles permitem que você implante e gerencie pacotes de conformidade com todas as funcionalidades e são atualizados sempre que AWS Config adicionam novas funcionalidades aos pacotes de conformidade. Consulte Pacotes de conformidade para obter mais informações sobre pacotes de conformidade.

Veja esta política: ConfigConformsServiceRolePolicy.

AWS política gerenciada: AWSConfigRulesExecutionRole

Para implantar regras AWS personalizadas do Lambda, AWS Config são necessárias permissões do IAM e determinadas permissões de outros AWS serviços. Eles permitem que AWS Lambda as funções acessem a AWS Config API e os snapshots de configuração que são AWS Config entregues periodicamente ao Amazon S3. Esse acesso é exigido por funções que avaliam as alterações de configuração das regras AWS personalizadas do Lambda e é atualizado sempre que novas funcionalidades são AWS Config adicionadas. Para obter mais informações sobre regras AWS personalizadas do Lambda, consulte Criação de regras personalizadas do AWS Config Lambda. Para obter mais informações sobre snapshots de configuração, consulte Conceitos | Snapshot de configuração. Para obter mais informações sobre a entrega de snapshots de configuração, consulte Gerenciar o canal de entrega.

Veja esta política: AWSConfigRulesExecutionRole.

AWS política gerenciada: AWSConfigMultiAccountSetupPolicy

Para implantar, atualizar e excluir de forma centralizada AWS Config regras e pacotes de conformidade nas contas dos membros de uma organização em AWS Organizations, AWS Config são necessárias permissões do IAM e certas permissões de outros serviços. AWS Essa política gerenciada é atualizada sempre que o AWS Config adiciona novas funcionalidades para a configuração de várias contas. Para obter mais informações, consulte Gerenciando AWS Config regras em todas as contas em sua organização e Gerenciando pacotes de conformidade em todas as contas em sua organização.

Veja esta política: AWSConfigMultiAccountSetupPolicy.

AWS política gerenciada: AWSConfigRoleForOrganizations

Para permitir AWS Config a chamada somente para leitura AWS Organizations APIs, AWS Config são necessárias permissões do IAM e determinadas permissões de outros AWS serviços. Essa política gerenciada é atualizada sempre que o AWS Config adiciona novas funcionalidades para a configuração de várias contas. Para obter mais informações, consulte Gerenciando AWS Config regras em todas as contas em sua organização e Gerenciando pacotes de conformidade em todas as contas em sua organização.

Veja esta política: AWSConfigRoleForOrganizations.

AWS política gerenciada: AWSConfigRemediationServiceRolePolicy

Para permitir AWS Config a correção de NON_COMPLIANT recursos em seu nome, AWS Config são necessárias permissões do IAM e determinadas permissões de outros AWS serviços. Essa política gerenciada é atualizada sempre que AWS Config adiciona novas funcionalidades para remediação. Para obter mais informações sobre remediação, consulte Correção de recursos não compatíveis com regras. AWS Config Para obter mais informações sobre as condições que iniciam os possíveis resultados da AWS Config avaliação, consulte Conceitos | AWS Config Regras.

Veja esta política: AWSConfigRemediationServiceRolePolicy.

AWS Config atualizações nas políticas AWS gerenciadas

Veja detalhes sobre as atualizações das políticas AWS gerenciadas AWS Config desde que esse serviço começou a rastrear essas alterações. Para receber alertas automáticos sobre alterações nessa página, assine o feed RSS na página Histórico do AWS Config documento.

Alteração Descrição Data

AWSConfigServiceRolePolicy— Política gerenciada atualizada com permissões abrangentes para registro de configuração de AWS recursos em mais de 100 AWS serviços, incluindo computação, armazenamento, rede, segurança, análise e serviços de aprendizado de máquina.

Essa política agora fornece documentação aprimorada das permissões de serviço e oferece suporte ao monitoramento abrangente em todos os AWS serviços que oferecem AWS Config suporte ao registro de configuração.

27 de janeiro de 2026

AWS_ConfigRole— Política gerenciada atualizada com permissões abrangentes para registro de configuração de AWS recursos em mais de 100 AWS serviços, incluindo computação, armazenamento, rede, segurança, análise e serviços de aprendizado de máquina.

Essa política agora fornece documentação aprimorada das permissões de serviço e oferece suporte ao monitoramento abrangente em todos os AWS serviços que oferecem AWS Config suporte ao registro de configuração.

27 de janeiro de 2026

AWS_ConfigRole— adicione “s3tables: ListTagsForResource “, “s3tables: “, “s3tables:GetTableBucketMetricsConfiguration” GetTableBucketStorageClass

Essa política agora oferece suporte a permissões adicionais para S3Tables.

9 de janeiro de 2026

AWSConfigServiceRolePolicy— adicione “s3tables: ListTagsForResource “, “s3tables: “, “s3tables:GetTableBucketMetricsConfiguration” GetTableBucketStorageClass

Essa política agora oferece suporte a permissões adicionais para S3Tables.

9 de janeiro de 2026

AWS_ConfigRole— adicione “lightsail:GetActiveNames" “lightsail:" “s3:GetOperations” GetBucketAbac

Essa política agora oferece suporte a permissões adicionais para o Amazon Lightsail e o Amazon Simple Storage Service (Amazon S3).

20 de novembro de 2025

AWSConfigServiceRolePolicy— adicione “lightsail:GetActiveNames" “lightsail:" “s3:GetOperations” GetBucketAbac

Essa política agora oferece suporte a permissões adicionais para o Amazon Lightsail e o Amazon Simple Storage Service (Amazon S3).

20 de novembro de 2025

AWSConfigServiceRolePolicy— Política gerenciada atualizada com permissões abrangentes para registro de configuração de AWS recursos em mais de 100 AWS serviços, incluindo computação, armazenamento, rede, segurança, análise e serviços de aprendizado de máquina.

Essa política agora fornece documentação aprimorada das permissões de serviço e oferece suporte ao monitoramento abrangente em todos os AWS serviços que oferecem AWS Config suporte ao registro de configuração.

11 de novembro de 2025

AWS_ConfigRole— Política gerenciada atualizada com permissões abrangentes para registro de configuração de AWS recursos em vários serviços AWS Identity and Access Management, incluindo Amazon Elastic Compute Cloud, Amazon Simple Storage Service AWS Lambda, Amazon Relational Database Service e muitos outros.

Agora, essa política oferece suporte a permissões adicionais para registro e monitoramento abrangentes da configuração de AWS recursos em todos os AWS serviços compatíveis.

10 de novembro de 2025

AWS_ConfigRole— adicione “amplify:GetDomainAssociation" “amplify:" “amplify:" “appsync:" “appsync:ListDomainAssociations" “bedrock:" “bedrock:ListTagsForResource" “bedrock:" “cloudTrail:GetSourceApiAssociation" “cloudformation:" “codeartefact:ListSourceApiAssociations" “codeartefact:" “codeartefact:GetFlow" “codepipeline:" “codepipeline:ListAgentCollaborators" “codepipeline:" “codepipeline:ListFlows" “codepipeline:" “codepipeline:ListPrompts" “codepipeline:" “codepipeline:GetResourcePolicy" “codepipeline:" “codepipeline:DescribePublisher" “codepipeline:" “codepipeline:" “codepipeline:DescribePackageGroup" “codepipeline:" “codepipeline:" “codepipeline:ListAllowedRepositoriesForGroup" “codepipeline:" “codepipeline:" “codepipeline:ListPackageGroups" “pipeline:" “connect:" “connect:ListActionTypes" “prazo final:" “ec2:" “ec2:ListTagsForResource" “ec2: ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups” “entityresolution:GetMatchingWorkflow” “entityresolution:” “iotsitewise:ListMatchingWorkflows” “iotsitewise:ListAssetModelCompositeModels” “iotsitewise:” “iotsitewise:ListAssetModelProperties” “ivs:” “lambda:ListAssetProperties” “lambda:” “lambda:ListAssociatedAssets" “lambda:" “pipes:ListPublicKeys” “quicksight:” “quicksight:GetProvisionedConcurrencyConfig” “redshift-server less: GetRuntimeManagementConfig ““redshift:ListFunctionEventInvokeConfigs” “rolesanywhere:ListFunctionUrlConfigs” “rolesanywhere:DescribePipe” “sagemaker:ListPipes” “sagemaker:DescribeRefreshSchedule” “sagemaker:” “sagemaker: ListRefreshSchedules ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps"“sagemaker:" “sagemaker:ListModelPackages" “secretsmanager:" “securitylake:" “securitylake:ListUserProfiles" “service catalog:" “servicecatalog:GetResourcePolicy" “shield:" “shield:" “ssm-incidents:" “ssm-incidents:ListSubscribers" “ssm:" “ssm:" “ssm:ListTagsForResource" “ssm:" “ssm:" “ssm:" “ssm:DescribeServiceAction" “ssm:" “ssm:" “ssm:ListApplications" “ssm:" “ssm:" “ssm:" “ssm:ListAssociatedResources" “ssm:" “ssm:ListProtectionGroups" “ssm:" “ssm:ListTagsForResource" “ssm:" “ssm:" “ssm:" “ssm:GetReplicationSet" “ssm:" “ssm:" “m:" “ssm:" “ssm:ListReplicationSets" “ssm:" “wafv2:DescribeAssociation" “bedrock-agentcore:DescribePatchBaselines" “bedrock-agentcore:" “bedrock GetDefaultPatchBaseline GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter -agentcore: ListBrowsers "“bedrock-agentcore:” “bedrock-agentcore:GetBrowser” “bedrock-agentcore:” “bedrock-agentcore:” “bedrock-agentcore:ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

Essa política agora oferece suporte a permissões adicionais para AWS Amplify, AWS AppSync, Amazon Bedrock, AWS CloudTrail, CloudFormation, AWS CodeArtifact AWS CodePipeline, Amazon Connect, AWS Deadline Cloud, Amazon EC2, AWS Entity Resolution,, Amazon IVS AWS IoT SiteWise, Amazon, Amazon Quick AWS Lambda EventBridge, Amazon Redshift, Amazon Redshift Serverless,, Amazon,, Amazon Security AWS Identity and Access Management Roles Anywhere Lake,,, SageMaker AWS Secrets Manager Amazon EC2 Systems Manager AWS Service Catalog, AWS Shield e. AWS WAFV2

1.º de outubro de 2025

AWSConfigServiceRolePolicy— adicione “amplify:GetDomainAssociation" “amplify:" “amplify:" “appsync:" “appsync:ListDomainAssociations" “bedrock:" “bedrock:ListTagsForResource" “bedrock:" “cloudTrail:GetSourceApiAssociation" “cloudformation:" “codeartefact:ListSourceApiAssociations" “codeartefact:" “codeartefact:GetFlow" “codepipeline:" “codepipeline:ListAgentCollaborators" “codepipeline:" “codepipeline:ListFlows" “codepipeline:" “codepipeline:ListPrompts" “codepipeline:" “codepipeline:GetResourcePolicy" “codepipeline:" “codepipeline:DescribePublisher" “codepipeline:" “codepipeline:" “codepipeline:DescribePackageGroup" “codepipeline:" “codepipeline:" “codepipeline:ListAllowedRepositoriesForGroup" “codepipeline:" “codepipeline:" “codepipeline:ListPackageGroups" “pipeline:" “connect:" “connect:ListActionTypes" “prazo final:" “ec2:" “ec2:ListTagsForResource" “ec2: ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups” “entityresolution:GetMatchingWorkflow” “entityresolution:” “iotsitewise:ListMatchingWorkflows” “iotsitewise:ListAssetModelCompositeModels” “iotsitewise:” “iotsitewise:ListAssetModelProperties” “ivs:” “lambda:ListAssetProperties” “lambda:” “lambda:ListAssociatedAssets" “lambda:" “pipes:ListPublicKeys” “quicksight:” “quicksight:GetProvisionedConcurrencyConfig” “redshift-server less: GetRuntimeManagementConfig ““redshift:ListFunctionEventInvokeConfigs” “rolesanywhere:ListFunctionUrlConfigs” “rolesanywhere:DescribePipe” “sagemaker:ListPipes” “sagemaker:DescribeRefreshSchedule” “sagemaker:” “sagemaker: ListRefreshSchedules ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps"“sagemaker:" “sagemaker:ListModelPackages" “secretsmanager:" “securitylake:" “securitylake:ListUserProfiles" “service catalog:" “servicecatalog:GetResourcePolicy" “shield:" “shield:" “ssm-incidents:" “ssm-incidents:ListSubscribers" “ssm:" “ssm:" “ssm:ListTagsForResource" “ssm:" “ssm:" “ssm:" “ssm:DescribeServiceAction" “ssm:" “ssm:" “ssm:ListApplications" “ssm:" “ssm:" “ssm:" “ssm:ListAssociatedResources" “ssm:" “ssm:ListProtectionGroups" “ssm:" “ssm:ListTagsForResource" “ssm:" “ssm:" “ssm:" “ssm:GetReplicationSet" “ssm:" “ssm:" “m:" “ssm:" “ssm:ListReplicationSets" “ssm:" “wafv2:DescribeAssociation" “bedrock-agentcore:DescribePatchBaselines" “bedrock-agentcore:" “bedrock GetDefaultPatchBaseline GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter -agentcore: ListBrowsers "“bedrock-agentcore:” “bedrock-agentcore:GetBrowser” “bedrock-agentcore:” “bedrock-agentcore:” “bedrock-agentcore:ListAgentRuntimes” GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

Essa política agora oferece suporte a permissões adicionais para AWS Amplify, AWS AppSync, Amazon Bedrock, AWS CloudTrail, CloudFormation, AWS CodeArtifact AWS CodePipeline, Amazon Connect, AWS Deadline Cloud, Amazon EC2, AWS Entity Resolution,, Amazon IVS AWS IoT SiteWise, Amazon, Amazon Quick AWS Lambda EventBridge, Amazon Redshift, Amazon Redshift Serverless,, Amazon,, Amazon Security AWS Identity and Access Management Roles Anywhere Lake,,, SageMaker AWS Secrets Manager Amazon EC2 Systems Manager AWS Service Catalog, AWS Shield e. AWS WAFV2

1.º de outubro de 2025

AWS_ConfigRole— Adicione "arc-zonal-shift: GetAutoshiftObserverNotificationStatus “, “bedrock: “, “cloudtrail: “, “codeartefact: GetModelInvocationLoggingConfiguration “, “codeartefact: “, “deadline: GetEventConfiguration “, “deadline: “, “deadline: “, “deadline: DescribeDomain “, “kafkaconnect: “, “kafkaconnect: GetDomainPermissionsPolicy “, “kafkaconnect: “, “kafkaconnect: GetFleet “, “kafkaconnect: GetQueueFleetAssociation “, “kafkaconnect: “, “kafkaconnect: ListFleets “, “kafkaconnect: ListQueueFleetAssociations “, “kafkaconnect: “, ListTagsForResource “kafkaconnect: “, “kafkaconnect: DescribeDataMigrations “, “kafkaconnect: “, “kafkaconnect: ListMigrationProjects “, “kafkaconnect: GetDataCatalogEncryptionSettings “, “kafkaconnect: “, “kafkaconnect: DescribeCustomPlugin “, “kafkaconnect: “, afkaconnect: “, “kafkaconnect: DescribeWorkerConfiguration “, “kafkaconnect: “, “lakeformation: ListCustomPlugins “, “medialive: “, “medialive: ListTagsForResource ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeMultiplexProgram ListMultiplexPrograms“, “mediapackagev2: “, “mediapackagev2: GetChannelGroup “, “rds: “, “rolesanywhere: “, “rolesanywhere: “, “rolesanywhere: ListChannelGroups “, “rolesanywhere: “, “rolesanywhere: DescribeEngineDefaultParameters “, “s3: “, “s3: GetProfile “, “secretsmanager: “, “securitylake: GetTrustAnchor “, “securitylake: “, “securitylake: ListProfiles “, “securitylake: “, “securitylake: ListTagsForResource “, “securitylake: “, “securitylake: ListTrustAnchors “, “securitylake: “, “securitylake: GetAccessGrant “, “securitylake: “, “securitylake: ListAccessGrants “, “securitylake: “, “securitylake: DescribeSecret “, “securitylake: “, “securitylake: ListDataLakeExceptions “, “catálogo de serviços: “, “catálogo de serviços: “, “catálogo de serviços: ListDataLakes “, “catálogo de serviços: “, “ses: “,” ListLogSources GetAttributeGroup ListAttributeGroups ListServiceActions ListServiceActionsForProvisioningArtifact GetTrafficPolicy ListTagsForResource usa: ListTrafficPolicies “, “xray: GetGroup “, “xray: “, GetGroups “xray: “, GetSamplingRules “xray: “, “xray:ListResourcePolicies” ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para AWS ARC - Zonal Shift, Amazon Bedrock, AWS CloudTrail, AWS CodeArtifact,, AWS Deadline Cloud, AWS Database Migration Service AWS Glue AWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka AWS Lake Formation, Amazon AWS Elemental MediaLive Logs,,, CloudWatch Amazon AWS Elemental MediaPackage Relational Database Service, Amazon Simple Storage Service, Amazon Security Lake AWS Secrets Manager, Amazon Simple Email Service AWS Service Catalog, e. AWS X-Ray

28 de julho de 2025

AWSConfigServiceRolePolicy: adicione

“arc-zonal-shift: “, GetAutoshiftObserverNotificationStatus “bedrock: “, “cloudtrail: GetModelInvocationLoggingConfiguration “, “codeartefact: GetEventConfiguration “, “codeartefact: DescribeDomain “, “deadline: “, “deadline: “, “deadline: GetDomainPermissionsPolicy “, “deadline: “, “deadline: GetFleet “, “deadline: GetQueueFleetAssociation “, “dms: “, ListFleets “dms: “, “glue: ListQueueFleetAssociations “, “iam: “, ListTagsForResource “kafkaconnect: “, DescribeDataMigrations “kafkaconnect: “, ListMigrationProjects “kafkaconnect: “, “kafkaconnect: “, ListPolicies “kafkaconnect: “, “kafkaconnect: DescribeCustomPlugin “, “kafkaconnect: DescribeWorkerConfiguration “, “kafkaconnect: “, “lakeformation: ListCustomPlugins “, “logs: “, “logs: ListTagsForResource “, “medialive: GetDataCatalogEncryptionSettings ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeIndexPolicies ListTagsForResource DescribeMultiplexProgram“, “medialive: ListMultiplexPrograms “, “mediapackagev2: “, “mediapackagev2: GetChannelGroup “, “rds: ListChannelGroups “, “rolesanywhere: “, “rolesanywhere: DescribeEngineDefaultParameters “, “rolesanywhere: GetProfile “, “rolesanywhere: GetTrustAnchor “, “rolesanywhere: “, “s3: ListProfiles “, “secretsmanager: ListTagsForResource “, “securitylake: “, ListTrustAnchors “securitylake: “, GetAccessGrant “securitylake: “, “catálogo de serviços: ListAccessGrants “, “catálogo de serviços: DescribeSecret “, “catálogo de serviços: “, ListDataLakeExceptions “catálogo de serviços: “, “ses: ListDataLakes ListLogSources GetAttributeGroup ListAttributeGroups ListServiceActions ListServiceActionsForProvisioningArtifact GetTrafficPolicy “, “ses: “, “ses: ListTagsForResource “, “xray: “, “xray: ListTrafficPolicies “, “xray: “, “xray: GetGroup “, “xray: “, “arn:aws:apigateway: ::/account”, GetGroups “arn:aws:apigateway: GetSamplingRules ::/usageplansListResourcePolicies”, “arn:aws:apigateway: ::/usageplan: ::/usageplan”, ListTagsForResource “arn:aws:apigateway: ::/usageplan fãs/”.

Essa política agora oferece suporte a permissões adicionais para AWS ARC - Zonal Shift Amazon Bedrock,, AWS CloudTrail, AWS CodeArtifact, AWS Deadline Cloud, AWS Database Migration Service AWS Glue AWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka AWS Lake Formation, Amazon AWS Elemental MediaLive Logs,,, CloudWatch Amazon AWS Elemental MediaPackage Relational Database Service, Amazon Simple Storage Service, Amazon Security Lake AWS Secrets Manager AWS Service Catalog, Amazon Simple Email Service e Amazon API Gateway. AWS X-Ray

28 de julho de 2025

AWSConfigServiceRolePolicy— Adicione “backup-gateway: GetHypervisor “, “backup-gateway: ListHypervisors “,"bcm-data-exports: GetExport “,"bcm-data-exports: ListExports “,"bcm-data-exports: ListTagsForResource “, “alicerce: “, GetAgentActionGroup “alicerce: GetAgentKnowledgeBase “, “alicerce: GetDataSource “, “alicerce: GetFlowAlias “, “alicerce: “, ListAgentActionGroups “alicerce: ListAgentKnowledgeBases “, “formação na nuvem: ListDataSources “, “formação na nuvem: ListFlowAliases “, “formação na nuvem: ListFlowVersions “,” GetAgent GetFlowVersion BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstances cloudformation: ListStackSets “, “cloudfront: “, “cloudfront: “, “cloudfront: GetPublicKey “, “cloudfront: “, “resolução da entidade: “, “resolução da entidade: GetRealtimeLogConfig “, “resolução da entidade: “, “resolução da entidade: ListPublicKeys “, “resolução da entidade: “, “iotdeviceadvisor: “, “lambda: ListRealtimeLogConfigs “, lambda: “, lambda: “, lambda: GetIdMappingWorkflow “, lambda: “, lambda: “, lambda: “, lambda: GetSchemaMapping “, lambda: “, lambda: “, lambda: ListIdMappingWorkflows “, lambda: “, lambda: “, lambda: ListSchemaMappings “, lambda: “, lambda: “, lambda: “, lambda: ListTagsForResource “, lambda: “, lambda: “, lambda: “, lambda: GetSuiteDefinition “, lambda da: “, “mediapackagev2: “, “mediapackagev2: ListSuiteDefinitions “, “networkmanager: “, “networkmanager: GetEventSourceMapping “,": “,” ListEventSourceMappings GetChannel ListChannels GetTransitGatewayPeering ListPeerings pca-connector-ad GetDirectoryRegistration pca-connector-ad: ListDirectoryRegistrations “,"pca-connector-ad: ListTagsForResource “, “rds:Descreva DBShard grupos”, “rds: “, DescribeIntegrations “redshift: “, “s3tables: DescribeIntegrations “, “s3tables: GetTableBucket “, “s3tables: GetTableBucketEncryption “, “s3tables: “, GetTableBucketMaintenanceConfiguration “ssm-quicksetup:” ListTableBuckets GetConfigurationManager ListConfigurationManagers

Essa política agora oferece suporte a permissões adicionais para AWS Backup gateway, Gerenciamento de Faturamento e Custos da AWS, Amazon Bedrock,, AWS CloudFormation,, CloudFront,, AWS Entity Resolution, AWS IoT Core Device Advisor AWS Lambda AWS Network Manager Autoridade de Certificação Privada da AWS, Amazon Relational Database Service, Amazon Redshift, Amazon S3 Tables,. Configuração rápida do AWS Systems Manager

 18 de junho de 2025

AWS_ConfigRole— Adicione “backup-gateway: GetHypervisor “, “backup-gateway: ListHypervisors “,"bcm-data-exports: GetExport “,"bcm-data-exports: ListExports “,"bcm-data-exports: ListTagsForResource “, “alicerce: “, GetAgentActionGroup “alicerce: GetAgentKnowledgeBase “, “alicerce: GetDataSource “, “alicerce: GetFlowAlias “, “alicerce: “, ListAgentActionGroups “alicerce: ListAgentKnowledgeBases “, “formação na nuvem: ListDataSources “, “formação na nuvem: ListFlowAliases “, “formação na nuvem: ListFlowVersions “,” GetAgent GetFlowVersion BatchDescribeTypeConfigurations DescribeStackInstance DescribeStackSet ListStackInstances cloudformation: ListStackSets “, “cloudfront: “, “cloudfront: “, “cloudfront: GetPublicKey “, “cloudfront: “, “resolução da entidade: “, “resolução da entidade: GetRealtimeLogConfig “, “resolução da entidade: “, “resolução da entidade: ListPublicKeys “, “resolução da entidade: “, “iotdeviceadvisor: ListRealtimeLogConfigs “, “lambda: “, lambda: “, lambda: GetIdMappingWorkflow “, lambda: “, lambda: “, lambda: “, lambda: GetSchemaMapping “, lambda: “, lambda: “, lambda: ListIdMappingWorkflows “, lambda: “, lambda: “, lambda: ListSchemaMappings “, lambda: “, lambda: “, lambda: “, lambda: ListTagsForResource “, lambda: “, lambda: “, lambda: “, lambda: GetSuiteDefinition “, lambda: “, lambda da: “, “gerenciador de rede: ListSuiteDefinitions “, “gerenciador de rede: “,": “,": GetEventSourceMapping “,": “, “rds: ListEventSourceMappings GetTransitGatewayPeering ListPeerings pca-connector-ad GetDirectoryRegistration pca-connector-ad ListDirectoryRegistrations pca-connector-ad ListTagsForResource Descreva DBShard os grupos”, “rds: DescribeIntegrations “, “redshift: “, DescribeIntegrations “s3tables: “, “s3tables: GetTableBucket “, “s3tables: “, GetTableBucketEncryption “s3tables: “, “GetTableBucketMaintenanceConfigurationssm-quicksetup: “, “ssm-quicksetup:ListTableBuckets” GetConfigurationManager ListConfigurationManagers

Essa política agora oferece suporte a permissões adicionais para AWS Backup gateway, Gerenciamento de Faturamento e Custos da AWS, Amazon Bedrock,, AWS CloudFormation,, CloudFront,, AWS Entity Resolution, AWS IoT Core Device Advisor AWS Lambda AWS Network Manager Autoridade de Certificação Privada da AWS, Amazon Relational Database Service, Amazon Redshift, Amazon S3 Tables,. Configuração rápida do AWS Systems Manager

 18 de junho de 2025

AWS_ConfigRole: adição de "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

Agora esta política oferece suporte a permissões adicionais para o Amazon Bedrock.

 27 de maio de 2025

AWSConfigServiceRolePolicy: adição de "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

Agora esta política oferece suporte a permissões adicionais para o Amazon Bedrock.

 27 de maio de 2025

AWS_ConfigRole: adição de "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

Essa política agora oferece suporte a permissões adicionais para AWS B2B Data Interchange Amazon Bedrock,, AWS Clean Rooms, Conexões de código da AWS, AWS Database Migration Service (AWS DMS) AWS Direct Connect, Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3) SageMaker , AWS Security Hub CSPM Amazon AI, e, Contacts AWS Systems Manager Incident Manager, AWS Systems Manager Incident Manager e. AWS Systems Manager

 08 de abril de 2025

AWSConfigServiceRolePolicy: adição de "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

Essa política agora oferece suporte a permissões adicionais para AWS B2B Data Interchange Amazon Bedrock,, AWS Clean Rooms, Conexões de código da AWS, AWS Database Migration Service (AWS DMS) AWS Direct Connect, Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3) SageMaker , AWS Security Hub CSPM Amazon AI, e, Contacts AWS Systems Manager Incident Manager, AWS Systems Manager Incident Manager e. AWS Systems Manager Agora esta política também oferece permissão para acessar todos os nomes de domínio do Amazon API Gateway ao incluir o padrão de recurso “arn:aws:apigateway:::/domainnames/”.

 08 de abril de 2025

AWS_ConfigRole: adição de "ec2:GetAllowedImagesSettings"

Agora esta política oferece suporte a permissões adicionais para o Amazon Elastic Compute Cloud (Amazon EC2).

 4 de março de 2025

AWSConfigServiceRolePolicy: adição de "ec2:GetAllowedImagesSettings"

Agora esta política oferece suporte a permissões adicionais para o Amazon Elastic Compute Cloud (Amazon EC2).

 4 de março de 2025

AWS_ConfigRole: adição de "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

Essa política agora oferece suporte a permissões adicionais para AWS Clean Rooms Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon AWS HealthOmics EC2), Amazon Simple Storage Service (Amazon S3) e Amazon Simple Email Service (Amazon SES).

 16 de janeiro de 2025

AWSConfigServiceRolePolicy: adição de "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

Essa política agora oferece suporte a permissões adicionais para AWS Clean Rooms Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon AWS HealthOmics EC2), Amazon Simple Storage Service (Amazon S3) e Amazon Simple Email Service (Amazon SES).

 16 de janeiro de 2025

AWSConfigServiceRolePolicy: adição de "organizations:ListAWSServiceAccessForOrganization"

Agora esta política oferece suporte a permissões adicionais para o AWS Organizations.

 18 de dezembro de 2024

AWS_ConfigRole: adição de "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

Essa política agora oferece suporte a permissões adicionais para AWS AppConfig AWS CloudTrail, Amazon Connect, Amazon DataZone, Amazon DevOps Guru, Identity Store AWS Glue,,, AWS IoT AWS IoT FleetWise AWS IoT Wireless, Amazon Interactive Video Service (Amazon IVS), Amazon CloudWatch Logs, Amazon Observability Access Manager, Amazon AWS Payment Cryptography Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3), Amazon Scheduler e Amazon VPC Lattice. EventBridge AWS Systems Manager

 7 de novembro de 2024

AWSConfigServiceRolePolicy: adição de "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

Essa política agora oferece suporte a permissões adicionais para AWS AppConfig AWS CloudTrail, Amazon Connect, Amazon DataZone, Amazon DevOps Guru, Identity Store AWS Glue,,, AWS IoT AWS IoT FleetWise AWS IoT Wireless, Amazon Interactive Video Service (Amazon IVS), Amazon CloudWatch Logs, Amazon Observability Access Manager, Amazon AWS Payment Cryptography Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3), Amazon Scheduler e Amazon VPC Lattice. EventBridge AWS Systems Manager

 7 de novembro de 2024

AWS_ConfigRole: adição de "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

Essa política agora oferece suporte a permissões adicionais para Amazon OpenSearch Service Severless, Amazon AppStream,, AWS Backup, AWS CloudTrail AWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon AWS Elemental MediaConnect IVS),,, AWS Elemental MediaTailor, AWS HealthOmics e Amazon Scheduler. EventBridge

16 de setembro de 2024

AWSConfigServiceRolePolicy: adição de "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

Essa política agora oferece suporte a permissões adicionais para Amazon OpenSearch Service Severless, Amazon AppStream,, AWS Backup, AWS CloudTrail AWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon AWS Elemental MediaConnect IVS),,, AWS Elemental MediaTailor, AWS HealthOmics e Amazon Scheduler. EventBridge

16 de setembro de 2024

AWS_ConfigRole: adição de "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

Essa política agora oferece suporte a permissões adicionais para Amazon Elastic File System (Amazon EFS), Amazon Redshift e. AWS Systems Manager para SAP

 17 de junho de 2024

AWSConfigServiceRolePolicy: adição de "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

Essa política agora oferece suporte a permissões adicionais para Amazon Elastic File System (Amazon EFS), Amazon Redshift e. AWS Systems Manager para SAP

 17 de junho de 2024
AWS_ConfigRole: adição de "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

Essa política agora suporta permissões adicionais para o Amazon Managed Service para Prometheus, CloudWatch Amazon, Amazon Cognito, Amazon, ElastiCache Amazon, (IAM) AWS Identity and Access Management ,,, FSx AWS Glue Amazon Redshift Serverless AWS Lambda AWS RAM SageMaker , Amazon AI e Amazon Simple Notification Service (Amazon SNS).

 22 de fevereiro de 2024
AWSConfigServiceRolePolicy: adição de "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

Essa política agora suporta permissões adicionais para o Amazon Managed Service para Prometheus, CloudWatch Amazon, Amazon Cognito, Amazon, ElastiCache Amazon, (IAM) AWS Identity and Access Management ,,, FSx AWS Glue Amazon Redshift Serverless AWS Lambda AWS RAM SageMaker , Amazon AI e Amazon Simple Notification Service (Amazon SNS).

 22 de fevereiro de 2024

AWSConfigUserAccess— AWS Config começa a rastrear as alterações dessa política AWS gerenciada

Essa política fornece acesso ao uso AWS Config, incluindo a pesquisa por tags nos recursos e a leitura de todas as tags. Isso não fornece permissão para configuração AWS Config, o que requer privilégios administrativos.

 22 de fevereiro de 2024
AWS_ConfigRole: adição de "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

Essa política agora oferece suporte a permissões adicionais para AWS AppConfig Amazon Managed Service for Prometheus AWS Database Migration Service ,AWS DMS(), () IAM,AWS Identity and Access Management Amazon Managed Streaming for Apache Kafka (Amazon MSK CloudWatch ), Amazon Logs e Amazon Simple Storage Service ( AWS Organizations Amazon S3).

 5 de dezembro de 2023
AWSConfigServiceRolePolicy: adição de "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

Essa política agora oferece suporte a permissões adicionais para AWS AppConfig Amazon Managed Service for Prometheus AWS Database Migration Service ,AWS DMS(), () IAM,AWS Identity and Access Management Amazon Managed Streaming for Apache Kafka (Amazon MSK CloudWatch ), Amazon Logs e Amazon Simple Storage Service ( AWS Organizations Amazon S3).

 5 de dezembro de 2023
AWS_ConfigRole: adição de "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

Essa política agora oferece suporte a permissões adicionais para Amazon Cognito, Amazon Connect, Amazon EMR,, AWS Ground Station, AWS Mainframe Modernization Amazon MemoryDB, Amazon Quick AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53 e. AWS Service Catalog AWS Transfer Family

 17 de novembro de 2023
AWS_ConfigRole: adição de "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

Essa política agora adiciona identificadores de segurança (SID) para AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID e AWSConfigSLRApiGatewayStatementID.

 17 de novembro de 2023
AWSConfigServiceRolePolicy: adição de "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

Essa política agora oferece suporte a permissões adicionais para Amazon Cognito, Amazon Connect, Amazon EMR,, AWS Ground Station, AWS Mainframe Modernization Amazon MemoryDB, Amazon Quick AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53 e. AWS Service Catalog AWS Transfer Family

 17 de novembro de 2023
AWSConfigServiceRolePolicy: adição de "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

Essa política agora adiciona identificadores de segurança (SID) para AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID e AWSConfigSLRApiGatewayStatementID.

 17 de novembro de 2023
AWS_ConfigRole: adição de "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

Essa política agora oferece suporte a permissões adicionais para CA Privada da AWS, AWS App Mesh, Amazon Connect, Amazon Elastic Container Service (Amazon ECS), Amazon Evidently, CloudWatch Amazon Managed Grafana, Amazon GuardDuty, Amazon AWS IoT Inspector,,, Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS IoT TwinMaker,,,, e Amazon AI. AWS Lambda AWS Network Manager AWS Organizations SageMaker

4 de outubro de 2023
AWSConfigServiceRolePolicy: adição de "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

Essa política agora oferece suporte a permissões adicionais para CA Privada da AWS, AWS App Mesh, Amazon Connect, Amazon Elastic Container Service (Amazon ECS), Amazon Evidently, CloudWatch Amazon Managed Grafana, Amazon GuardDuty, Amazon AWS IoT Inspector,,, Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS IoT TwinMaker,,,, e Amazon AI. AWS Lambda AWS Network Manager AWS Organizations SageMaker

4 de outubro de 2023
AWSConfigServiceRolePolicy: remoção de "ssm:GetParameter"

Essa política agora remove as permissões para AWS Systems Manager (Systems Manager).

 6 de setembro de 2023
AWS_ConfigRole: adição de "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy"

Essa política agora suporta permissões adicionais para AWS App Mesh,, Amazon AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact AWS CodeBuild, Amazon, AWS Identity and Access Management (IAM) AWS Glue GuardDuty, Amazon Inspector,,,,, Amazon Managed Streaming for Apache Kafka AWS IoT TwinMaker, AWS IoT Wireless Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,,,,, Amazon Route 53 AWS Organizations Explorador de recursos da AWS, Amazon Simple Storage Service (Amazon S3) e Amazon Simple Notification Serviço (Amazon SNS). AWS IoT

 28 de julho de 2023
AWSConfigServiceRolePolicy: adição de "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource"

Esta política agora oferece suporte a permissões adicionais para AWS App Mesh Amazon WorkSpaces Applications, AWS CloudFormation, Amazon, CloudFront, AWS CodeArtifact AWS CodeBuild, Amazon Connect, Amazon AWS Glue, AWS Identity and Access Management (IAM) GuardDuty, Amazon Inspector,,,, Amazon Managed Streaming for Apache Kafka AWS IoT TwinMaker, AWS IoT Wireless Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,,,,, Amazon Route 53 AWS Organizations Explorador de recursos da AWS, Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon SNS) e Amazon EC2 Systems Manager (SSM). AWS IoT

 28 de julho de 2023
AWS_ConfigRole: adição de "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

Essa política agora oferece suporte a permissões adicionais para Amazon Connect AWS Amplify AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena,,,,, Amazon, Amazon AWS Directory Service DynamoDB AWS Batch AWS CloudFormation AWS CloudTrail AWS CodeArtifact, Amazon Elastic Compute Cloud (Amazon EC2) CodeGuru, Amazon CloudWatch Evidently, Amazon Forecast,,, (IAM), Amazon Managed Streaming for Apache Kafka Streaming for Apache Kafka (Amazon MSK AWS IoT Greengrass) AWS Ground Station, AWS Identity and Access Management Amazon Lightsail, Amazon Logs,, Amazon Pinpoint, Amazon Virtual Private Cloud (Amazon VPC) AWS Organizations CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor), Amazon Personalize, Amazon Quick, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family

 13 de junho de 2023
AWSConfigServiceRolePolicy: adição de "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

Essa política agora oferece suporte a permissões adicionais para Amazon Connect AWS Amplify AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena,,,,, Amazon, Amazon AWS Directory Service DynamoDB AWS Batch AWS CloudFormation AWS CloudTrail AWS CodeArtifact CodeGuru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast,,, (IAM), Amazon Managed Streaming for Apache Kafka Streaming for Apache Kafka (Amazon MSK AWS IoT Greengrass) AWS Ground Station, AWS Identity and Access Management Amazon Lightsail, Amazon Logs,, Amazon Pinpoint, Amazon Virtual Private Cloud (Amazon VPC) AWS Organizations CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor, Amazon Personalize, Amazon Quick, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family

 13 de junho de 2023
AWSConfigServiceRolePolicy: adição de amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

Agora, essa política oferece suporte a permissões adicionais para Amazon Managed Workflows para AWS Amplify AWS App Mesh, AWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon AI, SageMaker Amazon AWS Migration Hub Pinpoint AWS Transfer Family, AWS Resilience Hub, Amazon, Directory Service e. CloudWatch AWS AWS WAF

 13 de abril de 2023
AWS_ConfigRole: adição de amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

Agora, essa política oferece suporte a permissões adicionais para Amazon Managed Workflows para AWS Amplify AWS App Mesh, AWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon AI, SageMaker Amazon AWS Migration Hub Pinpoint AWS Transfer Family, AWS Resilience Hub, Amazon, Directory Service e. CloudWatch AWS AWS WAF

 13 de abril de 2023
AWSConfigServiceRolePolicy: adição de appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows for Amazon AppFlow AWS App Runner, Amazon WorkSpaces Applications, Amazon CloudFront,, CloudWatch, AWS CodeArtifact, Amazon CloudWatch Evidently AWS CodeCommit AWS Device Farm, Amazon Forecast,, AWS Identity and Access Management (IAM) AWS Ground Station, Amazon MemoryDB, AWS IoT Amazon Pinpoint,,, Amazon AWS Network Manager Relational AWS Panorama Database Service (Amazon RDS), Amazon Redshift e Amazon AI. SageMaker

30 de março de 2023
AWS_ConfigRole: adição de appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

Essa política agora suporta permissões adicionais para Amazon Managed Workflows for Amazon, Amazon WorkSpaces Applications AppFlow, Amazon AWS App Runner, Amazon,,, AWS CloudFormation CloudFront, Amazon Elastic Compute Cloud (Amazon EC2) CloudWatch AWS CodeArtifact AWS CodeCommit AWS Device Farm, Amazon Evidently, Amazon Forecast,, (IAM),, CloudWatch Amazon MemoryDB, Amazon Pinpoint,,, AWS Ground Station Amazon AWS Identity and Access Management Relational Database Service (Amazon Relational Database Service (Amazon Relational Database Service AWS IoT) Amazon RDS) AWS Network Manager AWS Panorama, Amazon Redshift e Amazon AI. SageMaker

30 de março de 2023

AWSConfigRulesExecutionRole— AWS Config começa a rastrear as alterações dessa política AWS gerenciada

Essa política permite que AWS Lambda as funções acessem a AWS Config API e os snapshots de configuração que são AWS Config entregues periodicamente ao Amazon S3. Esse acesso é exigido por funções que avaliam as alterações de configuração das regras AWS personalizadas do Lambda.

 7 de março de 2023

AWSConfigRoleForOrganizations— AWS Config começa a rastrear as alterações dessa política AWS gerenciada

Essa política permite AWS Config fazer chamadas somente para leitura AWS Organizations APIs.

 7 de março de 2023

AWSConfigRemediationServiceRolePolicy— AWS Config começa a rastrear as alterações dessa política AWS gerenciada

Essa política permite AWS Config remediar NON_COMPLIANT recursos em seu nome.

 7 de março de 2023

AWSConfigServiceRolePolicy: adição de auditmanager:GetAccountStatus

Esta política agora concede permissão para retornar o status de registro de uma conta no AWS Audit Manager.

 3 de março de 2023

AWS_ConfigRole: adição de auditmanager:GetAccountStatus

Esta política agora concede permissão para retornar o status de registro de uma conta no AWS Audit Manager.

 3 de março de 2023

AWSConfigMultiAccountSetupPolicy— AWS Config começa a rastrear as alterações dessa política AWS gerenciada

Essa política permite AWS Config chamar AWS serviços e implantar AWS Config recursos em uma organização com AWS Organizations.

 27 de fevereiro de 2023

AWSConfigServiceRolePolicy: adição de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows para Apache Airflow, Amazon Applications AWS IoT, WorkSpaces Amazon AWS HealthLake Reviewer, CodeGuru Amazon Kinesis Video Streams, Amazon Application Recovery Controller ( AWS Device Farm ARC), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint (IAM), Amazon e AWS Identity and Access Management Amazon Logs. GuardDuty CloudWatch

1° de fevereiro de 2023

AWS_ConfigRole: adição de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows para Apache Airflow, Amazon Applications AWS IoT, WorkSpaces Amazon AWS HealthLake Reviewer, CodeGuru Amazon Kinesis Video Streams, Amazon Application Recovery Controller ( AWS Device Farm ARC), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint (IAM), Amazon e AWS Identity and Access Management Amazon Logs. GuardDuty CloudWatch

1° de fevereiro de 2023

ConfigConformsServiceRolePolicy: atualização de config:DescribeConfigRules

Como uma prática recomendada de segurança, essa política agora remove uma ampla permissão em nível de recurso para config:DescribeConfigRules.

 12 de janeiro de 2023

AWSConfigServiceRolePolicy: adição de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para o Amazon Managed Service for Prometheus AWS Audit Manager,,, () AWS Device Farm AWS Database Migration Service , Amazon Elastic Compute Cloud AWS DMS(Amazon EC2) AWS Directory Service,,, Amazon Lightsail,,, Amazon Quick AWS Glue AWS IoT AWS Resource Access Manager, Amazon Application Recovery Controller (ARC) AWS Elemental MediaPackage AWS Network Manager, Amazon Simple Storage Service (Amazon S3) e Amazon Timen Amazon Timestream.

 15 de dezembro de 2022

AWS_ConfigRole: adição de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para o Amazon Managed Service for Prometheus AWS Audit Manager,,, () AWS Device Farm AWS Database Migration Service , Amazon Elastic Compute Cloud AWS DMS(Amazon EC2) AWS Directory Service,,, Amazon Lightsail,,, Amazon Quick AWS Glue AWS IoT AWS Resource Access Manager, Amazon Application Recovery Controller (ARC) AWS Elemental MediaPackage AWS Network Manager, Amazon Simple Storage Service (Amazon S3) e Amazon Timen Amazon Timestream.

 15 de dezembro de 2022

AWSConfigServiceRolePolicy: adição de cloudformation:ListStackResources and cloudformation:ListStacks

Essa política agora concede permissão para retornar descrições de todos os recursos de uma AWS CloudFormation pilha especificada e retornar as informações resumidas das pilhas cujo status corresponda ao especificado. StackStatusFilter

 7 de novembro de 2022

AWS_ConfigRole: adição de cloudformation:ListStackResources and cloudformation:ListStacks

Essa política agora concede permissão para retornar descrições de todos os recursos de uma AWS CloudFormation pilha especificada e retornar as informações resumidas das pilhas cujo status corresponda ao especificado. StackStatusFilter

 7 de novembro de 2022

AWSConfigServiceRolePolicy: adição de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows for Apache Airflow AWS Certificate Manager,,, AWS AppConfig Amazon Keyspaces, Amazon AWS Amplify, Amazon CloudWatch Connect, Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Detector Fraud, Amazon, Amazon Servers EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon Lex GameLift , FSx Amazon Lightsail, Amazon Pinpoint,,,, Amazon Quick, Amazon Relational Database AWS IoT Service (Amazon OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service (Amazon S3) e. AWS Cloud Map AWS Security Token Service

 19 de outubro de 2022

AWS_ConfigRole: adição de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows for Apache Airflow AWS Certificate Manager,,, AWS AppConfig Amazon Keyspaces, Amazon AWS Amplify, Amazon CloudWatch Connect, Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Detector Fraud, Amazon, Amazon Servers EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon Lex GameLift , FSx Amazon Lightsail, Amazon Pinpoint,,,, Amazon Quick, Amazon Relational Database AWS IoT Service (Amazon OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service (Amazon S3) e. AWS Cloud Map AWS Security Token Service

 19 de outubro de 2022

AWSConfigServiceRolePolicy: adição de Glue::GetTable

Essa política agora concede permissão para recuperar a definição de AWS Glue tabela em um catálogo de dados para uma tabela especificada.

 14 de setembro de 2022

AWS_ConfigRole: adição de Glue::GetTable

Essa política agora concede permissão para recuperar a definição de AWS Glue tabela em um catálogo de dados para uma tabela especificada.

 14 de setembro de 2022

AWSConfigServiceRolePolicy: adição de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector, Amazon Servers EventBridge, EventBridge Amazon Interactive Video Service (Amazon IVS) Amazon FinSpace, Amazon Managed Service para Apache Flink GameLift , EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick, Amazon Application Recovery Controller (ARC), Amazon Simple Amazon Route 53 Resolver Storage Service (Amazon S3), Amazon SimpleDB SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager AWS Resilience Hub, AWS Signer,, AWS Transfer Family e.

 7 de setembro de 2022

AWS_ConfigRole: adição de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector, Amazon Servers EventBridge, EventBridge Amazon Interactive Video Service (Amazon IVS) Amazon FinSpace, Amazon Managed Service para Apache Flink GameLift , EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick, Amazon Application Recovery Controller (ARC), Amazon Simple Amazon Route 53 Resolver Storage Service (Amazon S3), Amazon SimpleDB SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, e AWS Transfer Family

 7 de setembro de 2022
AWSConfigServiceRolePolicy: adição de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows para Apache Airflow, Amazon Applications AWS IoT, WorkSpaces Amazon AWS HealthLake Reviewer, CodeGuru Amazon Kinesis Video Streams, Amazon Application Recovery Controller ( AWS Device Farm ARC), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint (IAM), Amazon e AWS Identity and Access Management Amazon Logs. GuardDuty CloudWatch 1° de fevereiro de 2023

AWS_ConfigRole: adição de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows para Apache Airflow, Amazon Applications AWS IoT, WorkSpaces Amazon AWS HealthLake Reviewer, CodeGuru Amazon Kinesis Video Streams, Amazon Application Recovery Controller ( AWS Device Farm ARC), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint (IAM), Amazon e AWS Identity and Access Management Amazon Logs. GuardDuty CloudWatch

1° de fevereiro de 2023

ConfigConformsServiceRolePolicy: atualização de config:DescribeConfigRules

Como uma prática recomendada de segurança, essa política agora remove uma ampla permissão em nível de recurso para config:DescribeConfigRules.

 12 de janeiro de 2023

AWSConfigServiceRolePolicy: adição de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para o Amazon Managed Service for Prometheus AWS Audit Manager,,, () AWS Device Farm AWS Database Migration Service , Amazon Elastic Compute Cloud AWS DMS(Amazon EC2) AWS Directory Service,,, Amazon Lightsail,,, Amazon Quick AWS Glue AWS IoT AWS Resource Access Manager, Amazon Application Recovery Controller (ARC) AWS Elemental MediaPackage AWS Network Manager, Amazon Simple Storage Service (Amazon S3) e Amazon Timen Amazon Timestream.

 15 de dezembro de 2022

AWS_ConfigRole: adição de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para o Amazon Managed Service for Prometheus AWS Audit Manager,,, () AWS Device Farm AWS Database Migration Service , Amazon Elastic Compute Cloud AWS DMS(Amazon EC2) AWS Directory Service,,, Amazon Lightsail,,, Amazon Quick AWS Glue AWS IoT AWS Resource Access Manager, Amazon Application Recovery Controller (ARC) AWS Elemental MediaPackage AWS Network Manager, Amazon Simple Storage Service (Amazon S3) e Amazon Timen Amazon Timestream.

 15 de dezembro de 2022

AWSConfigServiceRolePolicy: adição de cloudformation:ListStackResources and cloudformation:ListStacks

Essa política agora concede permissão para retornar descrições de todos os recursos de uma AWS CloudFormation pilha especificada e retornar as informações resumidas das pilhas cujo status corresponda ao especificado. StackStatusFilter

 7 de novembro de 2022

AWS_ConfigRole: adição de cloudformation:ListStackResources and cloudformation:ListStacks

Essa política agora concede permissão para retornar descrições de todos os recursos de uma AWS CloudFormation pilha especificada e retornar as informações resumidas das pilhas cujo status corresponda ao especificado. StackStatusFilter

 7 de novembro de 2022

AWSConfigServiceRolePolicy: adição de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows for Apache Airflow AWS Certificate Manager,,, AWS AppConfig Amazon Keyspaces, Amazon AWS Amplify, Amazon CloudWatch Connect, Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Detector Fraud, Amazon, Amazon Servers EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon Lex GameLift , FSx Amazon Lightsail, Amazon Pinpoint,,,, Amazon Quick, Amazon Relational Database AWS IoT Service (Amazon OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service (Amazon S3) e. AWS Cloud Map AWS Security Token Service

 19 de outubro de 2022

AWS_ConfigRole: adição de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Essa política agora oferece suporte a permissões adicionais para Amazon Managed Workflows for Apache Airflow AWS Certificate Manager,,, AWS AppConfig Amazon Keyspaces, Amazon AWS Amplify, Amazon CloudWatch Connect, Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Detector Fraud, Amazon, Amazon Servers EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon Lex GameLift , FSx Amazon Lightsail, Amazon Pinpoint,,,, Amazon Quick, Amazon Relational Database AWS IoT Service (Amazon OpsWorks AWS Panorama AWS Resource Access Manager RDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service (Amazon S3) e. AWS Cloud Map AWS Security Token Service

 19 de outubro de 2022

AWSConfigServiceRolePolicy: adição de Glue::GetTable

Essa política agora concede permissão para recuperar a definição de AWS Glue tabela em um catálogo de dados para uma tabela especificada.

 14 de setembro de 2022

AWS_ConfigRole: adição de Glue::GetTable

Essa política agora concede permissão para recuperar a definição de AWS Glue tabela em um catálogo de dados para uma tabela especificada.

 14 de setembro de 2022

AWSConfigServiceRolePolicy: adição de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector, Amazon Servers EventBridge, EventBridge Amazon Interactive Video Service (Amazon IVS) Amazon FinSpace, Amazon Managed Service para Apache Flink GameLift , EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick, Amazon Application Recovery Controller (ARC), Amazon Simple Amazon Route 53 Resolver Storage Service (Amazon S3), Amazon SimpleDB SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager AWS Resilience Hub, AWS Signer,, AWS Transfer Family e.

 7 de setembro de 2022

AWS_ConfigRole: adição de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Essa política agora oferece suporte a permissões adicionais para Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector, Amazon Servers EventBridge, EventBridge Amazon Interactive Video Service (Amazon IVS) Amazon FinSpace, Amazon Managed Service para Apache Flink GameLift , EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service , Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick, Amazon Application Recovery Controller (ARC), Amazon Simple Amazon Route 53 Resolver Storage Service (Amazon S3), Amazon SimpleDB SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, e AWS Transfer Family

 7 de setembro de 2022

AWSConfigServiceRolePolicy: adição de datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

Essa política agora concede permissão para retornar uma lista de AWS DataSync agentes, locais de DataSync origem e destino e DataSync tarefas em um Conta da AWS; listar informações resumidas sobre os AWS Cloud Map namespaces e serviços associados a um ou mais namespaces especificados em um Conta da AWS; e listar todas as listas de contatos do Amazon Simple Email Service (Amazon SES) disponíveis em. Conta da AWS

 22 de agosto de 2022

AWS_ConfigRole: adição de datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

Essa política agora concede permissão para retornar uma lista de AWS DataSync agentes, locais de DataSync origem e destino e DataSync tarefas em um Conta da AWS; listar informações resumidas sobre os AWS Cloud Map namespaces e serviços associados a um ou mais namespaces especificados em um Conta da AWS; e listar todas as listas de contatos do Amazon Simple Email Service (Amazon SES) disponíveis em. Conta da AWS

 22 de agosto de 2022

ConfigConformsServiceRolePolicy: adição de cloudwatch:PutMetricData

Essa política agora concede permissão para publicar pontos de dados métricos na Amazon CloudWatch.

 25 de julho de 2022

AWSConfigServiceRolePolicy: adição de amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

Essa política agora oferece suporte a permissões adicionais para Amazon Elastic Container Service (Amazon ECS), Amazon, ElastiCache Amazon, EventBridge FSx Amazon Managed Service para Apache Flink, Amazon Location Service, Amazon Managed Streaming para Apache Kafka, Amazon Quick, Amazon Rekognition, Amazon Simple Storage Service ( AWS RoboMaker Amazon S3), Amazon Simple Email AWS Amplify Service AWS AppConfig( AWS AppSync Amazon AWS Glue SES Centro de Identidade do AWS IAM ),,,,,,,, (IAM Identity Center), EC2 Image Builder e AWS Billing Conductor AWS DataSync Elastic Load Balancing. AWS Firewall Manager

 15 de julho de 2022

AWS_ConfigRole: adição de amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

Essa política agora oferece suporte a permissões adicionais para Amazon Elastic Container Service (Amazon ECS), Amazon, ElastiCache Amazon, EventBridge FSx Amazon Managed Service para Apache Flink, Amazon Location Service, Amazon Managed Streaming para Apache Kafka, Amazon Quick, Amazon Rekognition, Amazon Simple Storage Service ( AWS RoboMaker Amazon S3), Amazon Simple Email AWS Amplify Service AWS AppConfig( AWS AppSync Amazon AWS Glue SES Centro de Identidade do AWS IAM ),,,,,,,, (IAM Identity Center), EC2 Image Builder e AWS Billing Conductor AWS DataSync Elastic Load Balancing. AWS Firewall Manager

 15 de julho de 2022

AWSConfigServiceRolePolicy: adição de athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

Essa política agora concede permissão para obter um catálogo de dados específico do Amazon Athena, listar os catálogos de dados do Athena em um e listar as tags associadas a um Conta da AWS grupo de trabalho ou recurso do catálogo de dados do Athena; para obter uma lista dos gráficos de comportamento do Amazon Detective e as tags de um gráfico de comportamento do Detective; obter uma lista de metadados de recursos para uma determinada lista de nomes de endpoints de desenvolvimento, obter informações sobre um determinado endpoint AWS Glue de desenvolvimento, obtenha todos os endpoints de desenvolvimento em um, recupere uma segurança AWS Glue especificada AWS Glue Conta da AWS AWS Glue configuração, obtenha todas as configurações de AWS Glue segurança, obtenha uma lista de tags associadas a um AWS Glue recurso, obtenha informações sobre um AWS Glue grupo de trabalho com o nome especificado, recupere os nomes de todos os recursos do AWS Glue rastreador em uma AWS conta, obtenha os nomes de todos os recursos em uma, liste os nomes de todos os AWS Glue DevEndpoint recursos de AWS Glue trabalho em uma Conta da AWS, obtenha detalhes sobre contas de AWS Glue membros Conta da AWS, liste nomes de AWS Glue fluxos de trabalho criados em uma conta e liste grupos de trabalho disponíveis para uma conta; AWS Glue para recuperar detalhes sobre um GuardDuty filtro da Amazon, recuperar um GuardDuty IPSet, recuperar contas de GuardDuty membros GuardDutyThreatIntelSet, obter uma lista de GuardDuty filtros, obter o do GuardDuty serviço, recuperar as tags IPSets do Serviço e obter o do GuardDuty serviço; para obter o status atual e as definições ThreatIntelSets de configuração de uma conta do Amazon Macie; para recuperar o recurso e as associações principais para AWS Resource Access Manager ()AWS RAM compartilhamentos de recursos e recuperar detalhes sobre recursos GuardDuty AWS RAM compartilhamentos; para obter informações sobre um conjunto de configurações existente do Amazon Simple Email Service (Amazon SES), obter uma lista de destinos de eventos associados a um conjunto de configurações do Amazon SES e listar todos os conjuntos de configurações associados a uma conta do Amazon SES; e para obter uma lista dos atributos do diretório do Identity Center, obtenha os detalhes de Centro de Identidade do AWS IAM um conjunto de permissões, obtenha a política gerenciada do IAM que está anexada a uma permissão específica do IAM Identity Center defina, obtenha as permissões definidas para uma instância do IAM Identity Center e obtenha tags para o IAM Identity Recursos do centro.

 31 de maio de 2022

AWS_ConfigRole: adição de athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

Essa política agora concede permissão para obter um catálogo de dados específico do Amazon Athena, listar os catálogos de dados do Athena em um e listar as tags associadas a um Conta da AWS grupo de trabalho ou recurso do catálogo de dados do Athena; para obter uma lista dos gráficos de comportamento do Amazon Detective e as tags de um gráfico de comportamento do Detective; obter uma lista de metadados de recursos para uma determinada lista de nomes de endpoints de desenvolvimento, obter informações sobre um determinado endpoint AWS Glue de desenvolvimento, obtenha todos os endpoints de desenvolvimento em um, recupere uma segurança AWS Glue especificada AWS Glue Conta da AWS AWS Glue configuração, obtenha todas as configurações de AWS Glue segurança, obtenha uma lista de tags associadas a um AWS Glue recurso, obtenha informações sobre um AWS Glue grupo de trabalho com o nome especificado, recupere os nomes de todos os recursos do AWS Glue rastreador em uma AWS conta, obtenha os nomes de todos os recursos em uma, liste os nomes de todos os AWS Glue DevEndpoint recursos de AWS Glue trabalho em uma Conta da AWS, obtenha detalhes sobre contas de AWS Glue membros Conta da AWS, liste nomes de AWS Glue fluxos de trabalho criados em uma conta e liste grupos de trabalho disponíveis para uma conta; AWS Glue para recuperar detalhes sobre um GuardDuty filtro da Amazon, recuperar um GuardDuty IPSet, recuperar contas de GuardDuty membros GuardDutyThreatIntelSet, obter uma lista de GuardDuty filtros, obter o do GuardDuty serviço, recuperar as tags IPSets do Serviço e obter o do GuardDuty serviço; para obter o status atual e as definições ThreatIntelSets de configuração de uma conta do Amazon Macie; para recuperar o recurso e as associações principais para AWS Resource Access Manager ()AWS RAM compartilhamentos de recursos e recuperar detalhes sobre recursos GuardDuty AWS RAM compartilhamentos; para obter informações sobre um conjunto de configurações existente do Amazon Simple Email Service (Amazon SES), obter uma lista de destinos de eventos associados a um conjunto de configurações do Amazon SES e listar todos os conjuntos de configurações associados a uma conta do Amazon SES; e para obter uma lista dos atributos do diretório do Identity Center, obtenha os detalhes de Centro de Identidade do AWS IAM um conjunto de permissões, obtenha a política gerenciada do IAM que está anexada a uma permissão específica do IAM Identity Center defina, obtenha as permissões definidas para uma instância do IAM Identity Center e obtenha tags para o IAM Identity Recursos do centro.

 31 de maio de 2022

AWSConfigServiceRolePolicy: adição de cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

Essa política agora concede permissão para obter informações sobre todo ou um armazenamento de dados de AWS CloudTrail eventos (EDS) específico, obter informações sobre todo ou um AWS CloudFormation recurso específico, obter uma lista de um grupo de parâmetros ou grupo de sub-rede do DynamoDB Accelerator (DAX), obter informações AWS Database Migration Service sobre AWS DMS() tarefas de replicação para sua conta na região atual que está sendo acessada e obter uma lista de todas as políticas de um tipo específico. AWS Organizations

7 de abril de 2022

AWS_ConfigRole: adição de cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

Essa política agora concede permissão para obter informações sobre todo ou um armazenamento de dados de AWS CloudTrail eventos (EDS) específico, obter informações sobre todo ou um AWS CloudFormation recurso específico, obter uma lista de um grupo de parâmetros ou grupo de sub-rede do DynamoDB Accelerator (DAX), obter informações AWS Database Migration Service sobre AWS DMS() tarefas de replicação para sua conta na região atual que está sendo acessada e obter uma lista de todas as políticas de um tipo específico. AWS Organizations

7 de abril de 2022

AWSConfigServiceRolePolicy: adição de backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

Essa política agora oferece suporte a permissões adicionais para AWS Backup, AWS Batch, DynamoDB Accelerator, Amazon DynamoDB, AWS Database Migration Service Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon,,,, Amazon Relational Database Service, V2 e Amazon. FSx GuardDuty AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces

 14 de março de 2022

AWS_ConfigRole: adição de backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

Essa política agora oferece suporte a permissões adicionais para AWS Backup, AWS Batch, DynamoDB Accelerator, Amazon DynamoDB, AWS Database Migration Service Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon,,,, Amazon Relational Database Service, V2 e Amazon. FSx GuardDuty AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces

 14 de março de 2022

AWSConfigServiceRolePolicy: adição de elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

Essa política agora concede permissão para obter detalhes sobre os ambientes do Elastic Beanstalk e uma descrição das configurações do conjunto de configurações especificado do Elastic Beanstalk, obter um mapa das versões do Elasticsearch, descrever os grupos de opções disponíveis OpenSearch do Amazon RDS para um banco de dados e obter informações sobre uma configuração de implantação. CodeDeploy Agora, essa política também concede permissão para recuperar o contato alternativo especificado anexado a uma Conta da AWS, recuperar informações sobre uma AWS Organizations política, recuperar uma política de repositório do Amazon ECR, recuperar informações sobre uma regra arquivada AWS Config , recuperar uma lista de famílias de definição de tarefas do Amazon ECS, listar as unidades organizacionais raiz ou principal (OUs) da OU ou conta secundária especificada e listar as políticas anexadas à raiz, unidade organizacional ou conta de destino especificada.

10 de fevereiro de 2022

AWS_ConfigRole: adição de elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

Essa política agora concede permissão para obter detalhes sobre os ambientes do Elastic Beanstalk e uma descrição das configurações do conjunto de configurações especificado do Elastic Beanstalk, obter um mapa das versões do Elasticsearch, descrever os grupos de opções disponíveis OpenSearch do Amazon RDS para um banco de dados e obter informações sobre uma configuração de implantação. CodeDeploy Agora, essa política também concede permissão para recuperar o contato alternativo especificado anexado a uma Conta da AWS, recuperar informações sobre uma AWS Organizations política, recuperar uma política de repositório do Amazon ECR, recuperar informações sobre uma regra arquivada AWS Config , recuperar uma lista de famílias de definição de tarefas do Amazon ECS, listar as unidades organizacionais raiz ou principal (OUs) da OU ou conta secundária especificada e listar as políticas anexadas à raiz, unidade organizacional ou conta de destino especificada.

 10 de fevereiro de 2022

AWSConfigServiceRolePolicy: adição de logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

Essa política agora concede permissão para criar grupos e fluxos de CloudWatch log da Amazon e para gravar registros em fluxos de log criados.

 15 de dezembro de 2021

AWS_ConfigRole: adição de logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

Essa política agora concede permissão para criar grupos e fluxos de CloudWatch log da Amazon e para gravar registros em fluxos de log criados.

 15 de dezembro de 2021

AWSConfigServiceRolePolicy: adição de es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

Essa política agora concede permissão para obter detalhes sobre um Amazon OpenSearch Service (OpenSearch Service) domain/domains e obter uma lista detalhada de parâmetros para um determinado grupo de parâmetros de banco de dados Amazon Relational Database Service (Amazon RDS). Essa política também concede permissão para obter detalhes sobre os ElastiCache snapshots da Amazon.

 8 de setembro de 2021

AWS_ConfigRole: adição de es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

Essa política agora concede permissão para obter detalhes sobre um Amazon OpenSearch Service (OpenSearch Service) domain/domains e obter uma lista detalhada de parâmetros para um determinado grupo de parâmetros de banco de dados Amazon Relational Database Service (Amazon RDS). Essa política também concede permissão para obter detalhes sobre os ElastiCache snapshots da Amazon.

 8 de setembro de 2021

AWSConfigServiceRolePolicy— Adicionar logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine e permissões adicionais para tipos AWS de recursos

Esta política agora concede permissão para listar as tags de um grupo de logs, listar as tags de uma máquina de estado e listar todas as máquinas de estado. Essa política agora concede permissão para obter detalhes sobre uma máquina de estado. Agora, essa política também oferece suporte a permissões adicionais para Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon AI, Amazon Simple Notification Serviço,, e. SageMaker AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway

 28 de julho de 2021

AWS_ConfigRole— Adicione l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine e permissões adicionais para tipos AWS de recursos

Esta política agora concede permissão para listar as tags de um grupo de logs, listar as tags de uma máquina de estado e listar todas as máquinas de estado. Essa política agora concede permissão para obter detalhes sobre uma máquina de estado. Agora, essa política também oferece suporte a permissões adicionais para Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon AI, Amazon Simple Notification Serviço,, e. SageMaker AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway

 28 de julho de 2021

AWSConfigServiceRolePolicy— Adicionar ssm:DescribeDocumentPermission e adicionar permissões adicionais para tipos de AWS recursos

Esta política agora concede permissão para visualizar as permissões de documentos e informações do AWS Systems Manager sobre o IAM Access Analyzer. Essa política agora oferece suporte a tipos de AWS recursos adicionais para Amazon Kinesis, Amazon, ElastiCache Amazon EMR, Amazon Route 53 e AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Essas alterações de permissão permitem AWS Config invocar o recurso somente de leitura APIs necessário para oferecer suporte a esses tipos de recursos. Agora, essa política também oferece suporte à filtragem de funções do Lambda @Edge para lambda-inside-vpc AWS Config a regra gerenciada.

 8 de junho de 2021

AWS_ConfigRole— Adicionar ssm:DescribeDocumentPermission e adicionar permissões adicionais para tipos de AWS recursos

Esta política agora concede permissão para visualizar as permissões de documentos e informações do AWS Systems Manager sobre o IAM Access Analyzer. Essa política agora oferece suporte a tipos de AWS recursos adicionais para Amazon Kinesis, Amazon, ElastiCache Amazon EMR, Amazon Route 53 e AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Essas alterações de permissão permitem AWS Config invocar o recurso somente de leitura APIs necessário para oferecer suporte a esses tipos de recursos. Agora, essa política também oferece suporte à filtragem de funções do Lambda @Edge para lambda-inside-vpc AWS Config a regra gerenciada.

 8 de junho de 2021

AWSConfigServiceRolePolicy— Adicione apigateway:GET permissão para fazer chamadas GET somente para leitura para o API Gateway e s3:GetAccessPointPolicy permissão e s3:GetAccessPointPolicyStatus permissão para invocar o Amazon S3 somente para leitura APIs

Essa política agora concede permissões que permitem fazer chamadas GET somente AWS Config para leitura para o API Gateway para dar suporte a uma AWS Config regra para o API Gateway. A política também adiciona permissões que permitem AWS Config invocar o Amazon Simple Storage Service (Amazon S3) somente para leitura APIs, que são necessárias para suportar o novo tipo de recurso. AWS::S3::AccessPoint

10 de maio de 2021

AWS_CInfigRole — Adicione apigateway:GET permissão para fazer chamadas GET somente para leitura para o API Gateway e s3:GetAccessPointPolicy permissão e s3:GetAccessPointPolicyStatus permissão para invocar o Amazon S3 somente para leitura APIs

Essa política agora concede permissões que permitem fazer chamadas GET somente AWS Config para leitura para o API Gateway para dar suporte a um AWS Config para o API Gateway. A política também adiciona permissões que permitem AWS Config invocar o Amazon Simple Storage Service (Amazon S3) somente para leitura APIs, que são necessárias para suportar o novo tipo de recurso. AWS::S3::AccessPoint

10 de maio de 2021

AWSConfigServiceRolePolicy— Adicionar ssm:ListDocuments permissão e permissões adicionais para tipos AWS de recursos

Esta política agora concede permissão para exibir informações sobre documentos especificados do AWS Systems Manager . Agora AWS Backup, essa política também oferece suporte a tipos de AWS recursos adicionais para Amazon Elastic File System ElastiCache, Amazon, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis SageMaker , Amazon AI e Amazon Route 53. AWS Database Migration Service Essas alterações de permissão permitem AWS Config invocar o recurso somente de leitura APIs necessário para oferecer suporte a esses tipos de recursos.

1.º de abril de 2021

AWS_ConfigRole— Adicionar ssm:ListDocuments permissão e permissões adicionais para tipos AWS de recursos

Esta política agora concede permissão para exibir informações sobre documentos especificados do AWS Systems Manager . Agora AWS Backup, essa política também oferece suporte a tipos de AWS recursos adicionais para Amazon Elastic File System ElastiCache, Amazon, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis SageMaker , Amazon AI e Amazon Route 53. AWS Database Migration Service Essas alterações de permissão permitem AWS Config invocar o recurso somente de leitura APIs necessário para oferecer suporte a esses tipos de recursos.

1.º de abril de 2021

AWSConfigRole está obsoleto

AWSConfigRole está obsoleto. A política de substituição é AWS_ConfigRole.

 1.º de abril de 2021

AWS Config começou a rastrear as alterações

AWS Config começou a rastrear as mudanças em suas políticas AWS gerenciadas.

 1.º de abril de 2021