AWS适用于 的 托管式策略AWS Config
AWS 托管式策略是由 AWS 创建和管理的独立策略。AWS 托管式策略旨在为许多常见使用场景提供权限,以便您可以开始为用户、组和角色分配权限。
请记住,AWS 托管策略可能不会为您的特定使用场景授予最低权限,因为它们可供所有 AWS 客户使用。我们建议通过定义特定于您的使用场景的客户管理型策略来进一步减少权限。
您无法更改 AWS 托管策略中定义的权限。如果 AWS 更新在 AWS 托管策略中定义的权限,则更新会影响该策略所附加到的所有主体身份(用户、组和角色)。当新的 AWS 服务 启动或新的 API 操作可用于现有服务时,AWS 最有可能更新 AWS 托管策略。
有关更多信息,请参阅《IAM 用户指南》中的 AWS 托管式策略。
AWS 托管式策略:AWSConfigServiceRolePolicy
AWS Config 使用名为 AWSServiceRoleForConfig 的服务相关角色代表您调用其他 AWS 服务。使用 AWS 管理控制台 设置 AWS Config 时,如果您选择使用 AWS Config SLR 而不是您自己的 AWS Identity and Access Management(IAM)服务角色的选项,AWS Config 会自动创建此 SLR。
AWSServiceRoleForConfig SLR 包含托管策略。AWSConfigServiceRolePolicy此托管策略包含对 AWS Config 资源的只读和只写权限,以及对 AWS Config 支持的其他服务中资源的只读权限。有关更多信息,请参阅AWS Config 支持的资源类型和对 AWS Config 使用服务相关角色。
查看策略:AWSConfigServiceRolePolicy。
推荐:使用服务相关角色
除非您有特定的使用案例,否则建议您使用服务相关角色。服务相关角色可添加 AWS Config 按预期运行所需的所有必要权限。某些功能(例如服务相关配置记录器)要求您使用服务相关角色。
AWS 托管式策略:AWS_ConfigRole
为了记录您的 AWS 资源配置,AWS Config 需要 IAM 权限才能获取有关您的资源的配置详细信息。如果要为 AWS Config 创建 IAM 角色,可以使用管理型策略 AWS_ConfigRole 并将其附加到 IAM 角色。
每次 AWS Config 添加对 AWS 资源类型的支持时,都会更新此 IAM 策略。这意味着,只要 AWS_ConfigRole 角色附加了此托管策略,AWS Config 就会继续拥有记录受支持资源类型的配置数据所需的权限。有关更多信息,请参阅AWS Config 支持的资源类型和分配给 AWS Config 的 IAM 角色的权限。
查看策略:AWS_ConfigRole。
AWS 托管式策略:AWSConfigUserAccess
此 IAM 策略提供使用 AWS Config 的访问权限,包括按资源上的标签进行搜索,以及读取所有标签。这不提供配置 AWS Config 的权限(这需要管理权限)。
查看策略:AWSConfigUserAccess。
AWS 托管式策略:ConfigConformsServiceRolePolicy
要部署和管理合规包,AWS Config 需要 IAM 权限和来自其他 AWS 服务的特定权限。这些权限允许您部署和管理具有完整功能的合规包,并且每次 AWS Config 为合规包添加新功能时,都会更新这些权限。有关合规包的更多信息,请参阅合规包。
查看策略:ConfigConformsServiceRolePolicy。
AWS 托管式策略:AWSConfigRulesExecutionRole
要部署 AWS 自定义 Lambda 规则,AWS Config 需要 IAM 权限和来自其他 AWS 服务的特定权限。这些权限允许 AWS Lambda 函数访问 AWS Config 定期发送到 Amazon S3 的 AWS Config API 和配置快照。评估 AWS 自定义 Lambda 规则配置更改的函数需要此访问权限,并且每次 AWS Config 添加新功能时都会更新此访问权限。有关 AWS 自定义 Lambda 规则的更多信息,请参阅创建 AWS Config 自定义 Lambda 规则。有关配置快照的更多信息,请参阅概念 | 配置快照。有关传输配置快照的更多信息,请参阅管理传输通道。
查看策略:AWSConfigRulesExecutionRole。
AWS 托管式策略:AWSConfigMultiAccountSetupPolicy
要在 AWS Organizations 中的组织中的成员账户中集中部署、更新和删除 AWS Config 规则和合规包,AWS Config 需要 IAM 权限和来自其他 AWS 服务的特定权限。每次 AWS Config 为多账户设置添加新功能时,都会更新此托管策略。有关更多信息,请参阅管理组织内所有账户的 AWS Config 规则和管理组织内所有账户的合规包。
查看策略:AWSConfigMultiAccountSetupPolicy。
AWS 托管式策略:AWSConfigRoleForOrganizations
要允许 AWS Config 调用只读 AWS Organizations API,AWS Config 需要 IAM 权限和来自其他 AWS 服务的特定权限。每次 AWS Config 为多账户设置添加新功能时,都会更新此托管策略。有关更多信息,请参阅管理组织内所有账户的 AWS Config 规则和管理组织内所有账户的合规包。
查看策略:AWSConfigRoleForOrganizations。
AWS 托管式策略:AWSConfigRemediationServiceRolePolicy
要允许 AWS Config 代表您修复 NON_COMPLIANT 资源,AWS Config 需要 IAM 权限和来自其他 AWS 服务的特定权限。每次 AWS Config 添加新的修复功能时,都会更新此托管策略。有关修复的更多信息,请参阅使用 AWS Config 规则修复不合规的资源。有关启动可能的 AWS Config 评估结果的条件的更多信息,请参阅概念 | AWS Config 规则。
查看策略:AWSConfigRemediationServiceRolePolicy。
AWS Config 更新了 AWS 托管式策略
查看有关 AWS Config 的 AWS 托管式策略更新的详细信息(从该服务开始跟踪这些更改开始)。有关此页面更改的自动提示,请订阅AWS Config 文档历史记录页面上的 RSS 信息源。
| 更改 | 描述 | 日期 |
|---|---|---|
|
AWS_ConfigRole – 添加“amplify:GetDomainAssociation”、“amplify:ListDomainAssociations”、“amplify:ListTagsForResource”、“appsync:GetSourceApiAssociation”、“appsync:ListSourceApiAssociations”、“bedrock:GetFlow”、“bedrock:ListAgentCollaborators”、“bedrock:ListFlows”、“bedrock:ListPrompts”、“cloudTrail:GetResourcePolicy”、“cloudformation:DescribePublisher”、“codeartifact:DescribePackageGroup”、“codeartifact:ListAllowedRepositoriesForGroup”、“codeartifact:ListPackageGroups”、“codepipeline:ListActionTypes”、“codepipeline:ListTagsForResource”、“codepipeline:ListWebhooks”、“connect:DescribeTrafficDistributionGroup”、“connect:ListTrafficDistributionGroups”、“deadline:ListFarms”、“ec2:GetTransitGatewayRouteTablePropagations”、“ec2:SearchLocalGatewayRoutes”、“ec2:SearchTransitGatewayMulticastGroups”、“entityresolution:GetMatchingWorkflow”、“entityresolution:ListMatchingWorkflows”、“iotsitewise:ListAssetModelCompositeModels”、“iotsitewise:ListAssetModelProperties”、“iotsitewise:ListAssetProperties”、“iotsitewise:ListAssociatedAssets”、“ivs:ListPublicKeys”、“lambda:GetProvisionedConcurrencyConfig”、“lambda:GetRuntimeManagementConfig”、“lambda:ListFunctionEventInvokeConfigs”、“lambda:ListFunctionUrlConfigs”、“pipes:DescribePipe”、“pipes:ListPipes”、“quicksight:DescribeRefreshSchedule”、“quicksight:ListRefreshSchedules”、“redshift-serverless:ListSnapshotCopyConfigurations”、“redshift:GetResourcePolicy”、“rolesanywhere:GetCrl”、“rolesanywhere:ListCrls”、“sagemaker:DescribeApp”、“sagemaker:DescribeUserProfile”、“sagemaker:ListApps”、“sagemaker:ListModelPackages”、“sagemaker:ListUserProfiles”、“secretsmanager:GetResourcePolicy”、“securitylake:ListSubscribers”、“securitylake:ListTagsForResource”、“servicecatalog:DescribeServiceAction”、“servicecatalog:ListApplications”、“servicecatalog:ListAssociatedResources”、“shield:ListProtectionGroups”、“shield:ListTagsForResource”、“ssm-incidents:GetReplicationSet”、“ssm-incidents:ListReplicationSets”、“ssm:DescribeAssociation”、“ssm:DescribePatchBaselines”、“ssm:GetDefaultPatchBaseline”、“ssm:GetPatchBaseline”、“ssm:GetResourcePolicies”、“ssm:ListAssociations”ssm:ListResourceDataSync”、“wafv2:ListLoggingConfigurations”、“bedrock-agentcore:ListCodeInterpreters”、“bedrock-agentcore:GetCodeInterpreter”、“bedrock-agentcore:ListBrowsers”、“bedrock-agentcore:GetBrowser”、“bedrock-agentcore:ListAgentRuntimes”、“bedrock-agentcore:GetAgentRuntime”、“bedrock-agentcore:ListAgentRuntimeEndpoints”、“bedrock-agentcore:GetAgentRuntimeEndpoint” |
此策略现在支持以下各项的更多权限:AWS Amplify、AWS AppSync、Amazon Bedrock、AWS CloudTrail、CloudFormation、AWS CodeArtifact、AWS CodePipeline、Amazon Connect、AWS Deadline Cloud、Amazon EC2、AWS Entity Resolution 数据匹配服务、AWS IoT SiteWise、Amazon IVS、AWS Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、AWS Identity and Access Management Roles Anywhere、Amazon SageMaker、AWS Secrets Manager、Amazon Security Lake、AWS Service Catalog、AWS Shield、Amazon EC2 Systems Manager 和 AWS WAFV2 |
2025 年 10 月 1 日 |
|
AWSConfigServiceRolePolicy – 添加“amplify:GetDomainAssociation”、“amplify:ListDomainAssociations”、“amplify:ListTagsForResource”、“appsync:GetSourceApiAssociation”、“appsync:ListSourceApiAssociations”、“bedrock:GetFlow”、“bedrock:ListAgentCollaborators”、“bedrock:ListFlows”、“bedrock:ListPrompts”、“cloudTrail:GetResourcePolicy”、“cloudformation:DescribePublisher”、“codeartifact:DescribePackageGroup”、“codeartifact:ListAllowedRepositoriesForGroup”、“codeartifact:ListPackageGroups”、“codepipeline:ListActionTypes”、“codepipeline:ListTagsForResource”、“codepipeline:ListWebhooks”、“connect:DescribeTrafficDistributionGroup”、“connect:ListTrafficDistributionGroups”、“deadline:ListFarms”、“ec2:GetTransitGatewayRouteTablePropagations”、“ec2:SearchLocalGatewayRoutes”、“ec2:SearchTransitGatewayMulticastGroups”、“entityresolution:GetMatchingWorkflow”、“entityresolution:ListMatchingWorkflows”、“iotsitewise:ListAssetModelCompositeModels”、“iotsitewise:ListAssetModelProperties”、“iotsitewise:ListAssetProperties”、“iotsitewise:ListAssociatedAssets”、“ivs:ListPublicKeys”、“lambda:GetProvisionedConcurrencyConfig”、“lambda:GetRuntimeManagementConfig”、“lambda:ListFunctionEventInvokeConfigs”、“lambda:ListFunctionUrlConfigs”、“pipes:DescribePipe”、“pipes:ListPipes”、“quicksight:DescribeRefreshSchedule”、“quicksight:ListRefreshSchedules”、“redshift-serverless:ListSnapshotCopyConfigurations”、“redshift:GetResourcePolicy”、“rolesanywhere:GetCrl”、“rolesanywhere:ListCrls”、“sagemaker:DescribeApp”、“sagemaker:DescribeUserProfile”、“sagemaker:ListApps”、“sagemaker:ListModelPackages”、“sagemaker:ListUserProfiles”、“secretsmanager:GetResourcePolicy”、“securitylake:ListSubscribers”、“securitylake:ListTagsForResource”、“servicecatalog:DescribeServiceAction”、“servicecatalog:ListApplications”、“servicecatalog:ListAssociatedResources”、“shield:ListProtectionGroups”、“shield:ListTagsForResource”、“ssm-incidents:GetReplicationSet”、“ssm-incidents:ListReplicationSets”、“ssm:DescribeAssociation”、“ssm:DescribePatchBaselines”、“ssm:GetDefaultPatchBaseline”、“ssm:GetPatchBaseline”、“ssm:GetResourcePolicies”、“ssm:ListAssociations”ssm:ListResourceDataSync”、“wafv2:ListLoggingConfigurations”、“bedrock-agentcore:ListCodeInterpreters”、“bedrock-agentcore:GetCodeInterpreter”、“bedrock-agentcore:ListBrowsers”、“bedrock-agentcore:GetBrowser”、“bedrock-agentcore:ListAgentRuntimes”、“bedrock-agentcore:GetAgentRuntime”、“bedrock-agentcore:ListAgentRuntimeEndpoints”、“bedrock-agentcore:GetAgentRuntimeEndpoint” |
此策略现在支持以下各项的更多权限:AWS Amplify、AWS AppSync、Amazon Bedrock、AWS CloudTrail、CloudFormation、AWS CodeArtifact、AWS CodePipeline、Amazon Connect、AWS Deadline Cloud、Amazon EC2、AWS Entity Resolution 数据匹配服务、AWS IoT SiteWise、Amazon IVS、AWS Lambda、Amazon EventBridge、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless、AWS Identity and Access Management Roles Anywhere、Amazon SageMaker、AWS Secrets Manager、Amazon Security Lake、AWS Service Catalog、AWS Shield、Amazon EC2 Systems Manager 和 AWS WAFV2 |
2025 年 10 月 1 日 |
|
AWS_ConfigRole – 添加“arc-zonal-shift:GetAutoshiftObserverNotificationStatus”、“bedrock:GetModelInvocationLoggingConfiguration”、“cloudtrail:GetEventConfiguration”、“codeartifact:DescribeDomain”、“codeartifact:GetDomainPermissionsPolicy”、“deadline:GetFleet”、“deadline:GetQueueFleetAssociation”、“deadline:ListFleets”、“deadline:ListQueueFleetAssociations”、“deadline:ListTagsForResource”、“dms:DescribeDataMigrations”、“dms:ListMigrationProjects”、“glue:GetDataCatalogEncryptionSettings”、“kafkaconnect:DescribeCustomPlugin”、“kafkaconnect:DescribeWorkerConfiguration”、“kafkaconnect:ListCustomPlugins”、“kafkaconnect:ListTagsForResource”、“kafkaconnect:ListWorkerConfigurations”、“lakeformation:DescribeLakeFormationIdentityCenterConfiguration”、“medialive:DescribeMultiplexProgram”、“medialive:ListMultiplexPrograms”、“mediapackagev2:GetChannelGroup”、“mediapackagev2:ListChannelGroups”、“rds:DescribeEngineDefaultParameters”、“rolesanywhere:GetProfile”、“rolesanywhere:GetTrustAnchor”、“rolesanywhere:ListProfiles”、“rolesanywhere:ListTagsForResource”、“rolesanywhere:ListTrustAnchors”、“s3:GetAccessGrant”、“s3:ListAccessGrants”、“secretsmanager:DescribeSecret”、“securitylake:ListDataLakeExceptions”、“securitylake:ListDataLakes”、“securitylake:ListLogSources”、“servicecatalog:GetAttributeGroup”、“servicecatalog:ListAttributeGroups”、“servicecatalog:ListServiceActions”、“servicecatalog:ListServiceActionsForProvisioningArtifact”、“ses:GetTrafficPolicy”、“ses:ListTagsForResource”、“ses:ListTrafficPolicies”、“xray:GetGroup”、“xray:GetGroups”、“xray:GetSamplingRules”、“xray:ListResourcePolicies”、“xray:ListTagsForResource” |
此策略现在支持以下各项的更多权限:AWS ARC - Zonal Shift、Amazon Bedrock、AWS CloudTrail、AWS CodeArtifact、AWS Deadline Cloud、AWS Database Migration Service、AWS Glue、AWS Identity and Access Management、Amazon Managed Streaming for Apache Kafka、AWS Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、AWS Secrets Manager、Amazon Security Lake、AWS Service Catalog、Amazon Simple Email Service 和 AWS X-Ray |
2025 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 添加 “arc-zonal-shift:GetAutoshiftObserverNotificationStatus”、“bedrock:GetModelInvocationLoggingConfiguration”、“cloudtrail:GetEventConfiguration”、“codeartifact:DescribeDomain”、“codeartifact:GetDomainPermissionsPolicy”、“deadline:GetFleet”、“deadline:GetQueueFleetAssociation”、“deadline:ListFleets”、“deadline:ListQueueFleetAssociations”、“deadline:ListTagsForResource”、“dms:DescribeDataMigrations”、“dms:ListMigrationProjects”、“glue:GetDataCatalogEncryptionSettings”、“iam:ListPolicies”、“kafkaconnect:DescribeCustomPlugin”、“kafkaconnect:DescribeWorkerConfiguration”、“kafkaconnect:ListCustomPlugins”、“kafkaconnect:ListTagsForResource”、“kafkaconnect:ListWorkerConfigurations”、“lakeformation:DescribeLakeFormationIdentityCenterConfiguration”、“logs:DescribeIndexPolicies”、“logs:ListTagsForResource”、“medialive:DescribeMultiplexProgram”、“medialive:ListMultiplexPrograms”、“mediapackagev2:GetChannelGroup”、“mediapackagev2:ListChannelGroups”、“rds:DescribeEngineDefaultParameters”、“rolesanywhere:GetProfile”、“rolesanywhere:GetTrustAnchor”、“rolesanywhere:ListProfiles”、“rolesanywhere:ListTagsForResource”、“rolesanywhere:ListTrustAnchors”、“s3:GetAccessGrant”、“s3:ListAccessGrants”、“secretsmanager:DescribeSecret”、“securitylake:ListDataLakeExceptions”、“securitylake:ListDataLakes”、“securitylake:ListLogSources”、“servicecatalog:GetAttributeGroup”、“servicecatalog:ListAttributeGroups”、“servicecatalog:ListServiceActions”、“servicecatalog:ListServiceActionsForProvisioningArtifact”、“ses:GetTrafficPolicy”、“ses:ListTagsForResource”、“ses:ListTrafficPolicies”、“xray:GetGroup”、“xray:GetGroups”、“xray:GetSamplingRules”、“xray:ListResourcePolicies”、“xray:ListTagsForResource”、“arn:aws:apigateway:::/account”、“arn:aws:apigateway:::/usageplans”、“arn:aws:apigateway:::/usageplans/”。 |
此策略现在支持为以下各项授予更多权限:AWS ARC - Zonal Shift、Amazon Bedrock、AWS CloudTrail、AWS CodeArtifact、AWS Deadline Cloud、AWS Database Migration Service、AWS Glue、AWS Identity and Access Management、Amazon Managed Streaming for Apache Kafka、AWS Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLive、AWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service、AWS Secrets Manager、Amazon Security Lake、AWS Service Catalog、Amazon Simple Email Service、AWS X-Ray 和 Amazon API Gateway。 |
2025 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 添加“backup-gateway:GetHypervisor”、“backup-gateway:ListHypervisors”、“bcm-data-exports:GetExport”、“bcm-data-exports:ListExports”、“bcm-data-exports:ListTagsForResource”、“bedrock:GetAgent”、“bedrock:GetAgentActionGroup”、“bedrock:GetAgentKnowledgeBase”、“bedrock:GetDataSource”、“bedrock:GetFlowAlias”、“bedrock:GetFlowVersion”、“bedrock:ListAgentActionGroups”、“bedrock:ListAgentKnowledgeBases”、“bedrock:ListDataSources”、“bedrock:ListFlowAliases”、“bedrock:ListFlowVersions”、“cloudformation:BatchDescribeTypeConfigurations”、“cloudformation:DescribeStackInstance”、“cloudformation:DescribeStackSet”、“cloudformation:ListStackInstances”、“cloudformation:ListStackSets”、“cloudfront:GetPublicKey”、“cloudfront:GetRealtimeLogConfig”、“cloudfront:ListPublicKeys”、“cloudfront:ListRealtimeLogConfigs”、“entityresolution:GetIdMappingWorkflow”、“entityresolution:GetSchemaMapping”、“entityresolution:ListIdMappingWorkflows”、“entityresolution:ListSchemaMappings”、“entityresolution:ListTagsForResource”、“iotdeviceadvisor:GetSuiteDefinition”、“iotdeviceadvisor:ListSuiteDefinitions”、“lambda:GetEventSourceMapping”、“lambda:ListEventSourceMappings”、“mediapackagev2:GetChannel”、“mediapackagev2:ListChannels”、“networkmanager:GetTransitGatewayPeering”、“networkmanager:ListPeerings”、“pca-connector-ad:GetDirectoryRegistration”、“pca-connector-ad:ListDirectoryRegistrations”、“pca-connector-ad:ListTagsForResource”、“rds:DescribeDBShardGroups”、“rds:DescribeIntegrations”、“redshift:DescribeIntegrations”、“s3tables:GetTableBucket”、“s3tables:GetTableBucketEncryption”、“s3tables:GetTableBucketMaintenanceConfiguration”、“s3tables:ListTableBuckets”、“ssm-quicksetup:GetConfigurationManager”、“ssm-quicksetup:ListConfigurationManagers” |
此策略现在支持为以下各项授予更多权限:AWS Backup gateway、AWS 账单与成本管理、Amazon Bedrock、AWS CloudFormation、Amazon CloudFront、AWS Entity Resolution 数据匹配服务、AWS IoT Core Device Advisor、AWS Lambda、AWS Network Manager、AWS 私有证书颁发机构、Amazon Relational Database Service、Amazon Redshift、Amazon S3 表类数据存储服务、AWS Systems Manager 快速设置功能。 |
2025 年 6 月 18 日 |
AWS_ConfigRole – 添加“backup-gateway:GetHypervisor”、“backup-gateway:ListHypervisors”、“bcm-data-exports:GetExport”、“bcm-data-exports:ListExports”、“bcm-data-exports:ListTagsForResource”、“bedrock:GetAgent”、“bedrock:GetAgentActionGroup”、“bedrock:GetAgentKnowledgeBase”、“bedrock:GetDataSource”、“bedrock:GetFlowAlias”、“bedrock:GetFlowVersion”、“bedrock:ListAgentActionGroups”、“bedrock:ListAgentKnowledgeBases”、“bedrock:ListDataSources”、“bedrock:ListFlowAliases”、“bedrock:ListFlowVersions”、“cloudformation:BatchDescribeTypeConfigurations”、“cloudformation:DescribeStackInstance”、“cloudformation:DescribeStackSet”、“cloudformation:ListStackInstances”、“cloudformation:ListStackSets”、“cloudfront:GetPublicKey”、“cloudfront:GetRealtimeLogConfig”、“cloudfront:ListPublicKeys”、“cloudfront:ListRealtimeLogConfigs”、“entityresolution:GetIdMappingWorkflow”、“entityresolution:GetSchemaMapping”、“entityresolution:ListIdMappingWorkflows”、“entityresolution:ListSchemaMappings”、“entityresolution:ListTagsForResource”、“iotdeviceadvisor:GetSuiteDefinition”、“iotdeviceadvisor:ListSuiteDefinitions”、“lambda:GetEventSourceMapping”、“lambda:ListEventSourceMappings”、“networkmanager:GetTransitGatewayPeering”、“networkmanager:ListPeerings”、“pca-connector-ad:GetDirectoryRegistration”、“pca-connector-ad:ListDirectoryRegistrations”、“pca-connector-ad:ListTagsForResource”、“rds:DescribeDBShardGroups”、“rds:DescribeIntegrations”、“redshift:DescribeIntegrations”、“s3tables:GetTableBucket”、“s3tables:GetTableBucketEncryption”、“s3tables:GetTableBucketMaintenanceConfiguration”、“s3tables:ListTableBuckets”、“ssm-quicksetup:GetConfigurationManager”、“ssm-quicksetup:ListConfigurationManagers” |
此策略现在支持为以下各项授予更多权限:AWS Backup gateway、AWS 账单与成本管理、Amazon Bedrock、AWS CloudFormation、Amazon CloudFront、AWS Entity Resolution 数据匹配服务、AWS IoT Core Device Advisor、AWS Lambda、AWS Network Manager、AWS 私有证书颁发机构、Amazon Relational Database Service、Amazon Redshift、Amazon S3 表类数据存储服务、AWS Systems Manager 快速设置功能。 |
2025 年 6 月 18 日 |
|
AWS_ConfigRole – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" |
此策略现在支持为 Amazon Bedrock 授予更多权限。 |
2025 年 5 月 27 日 |
|
AWSConfigServiceRolePolicy – 添加 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource" |
此策略现在支持为 Amazon Bedrock 授予更多权限。 |
2025 年 5 月 27 日 |
|
AWS_ConfigRole – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" |
此策略现在支持为以下各项授予更多权限:AWS B2B Data Interchange、Amazon Bedrock、AWS Clean Rooms、AWS CodeConnections、AWS Direct Connect、AWS Database Migration Service(AWS DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI、AWS Security Hub CSPM、AWS Systems Manager Incident Manager、AWS Systems Manager Incident Manager 联系人和。AWS Systems Manager |
2025 年 4 月 8 日 |
|
AWSConfigServiceRolePolicy – 添加 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation" |
此策略现在支持为以下各项授予更多权限:AWS B2B Data Interchange、Amazon Bedrock、AWS Clean Rooms、AWS CodeConnections、AWS Direct Connect、AWS Database Migration Service(AWS DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI、AWS Security Hub CSPM、AWS Systems Manager Incident Manager、AWS Systems Manager Incident Manager 联系人和。AWS Systems Manager此策略现在还支持通过包含资源模式“ |
2025 年 4 月 8 日 |
|
AWS_ConfigRole – 添加 "ec2:GetAllowedImagesSettings" |
此策略现在支持为 Amazon Elastic Compute Cloud(Amazon EC2)授予更多权限。 |
2025 年 3 月 4 日 |
|
AWSConfigServiceRolePolicy – 添加 "ec2:GetAllowedImagesSettings" |
此策略现在支持为 Amazon Elastic Compute Cloud(Amazon EC2)授予更多权限。 |
2025 年 3 月 4 日 |
|
AWS_ConfigRole – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" |
此策略现在支持为以下各项授予更多权限:AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud(Amazon EC2)、AWS HealthOmics、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Email Service(Amazon SES)。 |
2025 年 1 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools" |
此策略现在支持为以下各项授予更多权限:AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud(Amazon EC2)、AWS HealthOmics、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Email Service(Amazon SES)。 |
2025 年 1 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "organizations:ListAWSServiceAccessForOrganization" |
此策略现在支持为 AWS Organizations 授予更多权限。 |
2024 年 12 月 18 日 |
|
AWS_ConfigRole – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
此策略现在支持为以下各项授予更多权限:AWS AppConfig、AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOps Guru、AWS Glue、Identity Store、AWS IoT、AWS IoT FleetWise、AWS IoT Wireless、Amazon Interactive Video Service(Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service(Amazon S3)、Amazon EventBridge 调度器、AWS Systems Manager 和 Amazon VPC Lattice。 |
2024 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
此策略现在支持为以下各项授予更多权限:AWS AppConfig、AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOps Guru、AWS Glue、Identity Store、AWS IoT、AWS IoT FleetWise、AWS IoT Wireless、Amazon Interactive Video Service(Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service(Amazon S3)、Amazon EventBridge 调度器、AWS Systems Manager 和 Amazon VPC Lattice。 |
2024 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此策略现在支持为以下各项授予更多权限:Amazon OpenSearch Service Severless、Amazon AppStream、AWS Backup、AWS CloudTrail、AWS Glue、EC2 Image Builder、AWS IoT、Amazon Interactive Video Service(Amazon IVS)、AWS Elemental MediaConnect、AWS Elemental MediaTailor、AWS HealthOmics 和 Amazon EventBridge 调度器。 |
2024 年 9 月 16 日 |
|
AWSConfigServiceRolePolicy – 添加 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
此策略现在支持为以下各项授予更多权限:Amazon OpenSearch Service Severless、Amazon AppStream、AWS Backup、AWS CloudTrail、AWS Glue、EC2 Image Builder、AWS IoT、Amazon Interactive Video Service(Amazon IVS)、AWS Elemental MediaConnect、AWS Elemental MediaTailor、AWS HealthOmics 和 Amazon EventBridge 调度器。 |
2024 年 9 月 16 日 |
|
AWS_ConfigRole – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此策略现在支持 Amazon Elastic File System(Amazon EFS)、Amazon Redshift 和 适用于 SAP 的 AWS Systems Manager 的更多权限。 |
2024 年 6 月 17 日 |
|
AWSConfigServiceRolePolicy – 添加 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
此策略现在支持 Amazon Elastic File System(Amazon EFS)、Amazon Redshift 和 适用于 SAP 的 AWS Systems Manager 的更多权限。 |
2024 年 6 月 17 日 |
| AWS_ConfigRole – 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)、AWS Lambda、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service(Amazon SNS)。 |
2024 年 2 月 22 日 |
| AWSConfigServiceRolePolicy – 添加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)、AWS Lambda、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service(Amazon SNS)。 |
2024 年 2 月 22 日 |
|
AWSConfigUserAccess – AWS Config 开始跟踪此 AWS 托管策略的更改 |
此策略提供使用 AWS Config 的访问权限,包括按资源上的标签进行搜索,以及读取所有标签。这不提供配置 AWS Config 的权限(这需要管理权限)。 |
2024 年 2 月 22 日 |
| AWS_ConfigRole – 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此策略现在支持以下各项的额外权限:AWS AppConfig、Amazon Managed Service for Prometheus、AWS Database Migration Service(AWS DMS)、(AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon CloudWatch Logs、AWS Organizations 和 Amazon Simple Storage Service(Amazon S3)。 |
2023 年 12 月 5 日 |
| AWSConfigServiceRolePolicy – 添加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
此策略现在支持以下各项的额外权限:AWS AppConfig、Amazon Managed Service for Prometheus、AWS Database Migration Service(AWS DMS)、(AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon CloudWatch Logs、AWS Organizations 和 Amazon Simple Storage Service(Amazon S3)。 |
2023 年 12 月 5 日 |
| AWS_ConfigRole – 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此策略现在支持为以下各项授予更多权限:Amazon Cognito、Amazon Connect、Amazon EMR、AWS Ground Station、AWS Mainframe Modernization、Amazon MemoryDB、AWS Organizations、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift、Amazon Route 53、AWS Service Catalog 和 AWS Transfer Family |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 添加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
此策略现在支持为以下各项授予更多权限:Amazon Cognito、Amazon Connect、Amazon EMR、AWS Ground Station、AWS Mainframe Modernization、Amazon MemoryDB、AWS Organizations、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift、Amazon Route 53、AWS Service Catalog 和 AWS Transfer Family |
2023 年 11 月 17 日 |
| AWSConfigServiceRolePolicy – 添加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
此策略现在为 |
2023 年 11 月 17 日 |
| AWS_ConfigRole – 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此策略现在支持为以下各项授予更多权限:AWS 私有 CA、AWS App Mesh、Amazon Connect、Amazon Elastic Container Service(Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、AWS IoT、AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、AWS Lambda、AWS Network Manager、AWS Organizations 和 Amazon SageMaker AI。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 添加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
此策略现在支持为以下各项授予更多权限:AWS 私有 CA、AWS App Mesh、Amazon Connect、Amazon Elastic Container Service(Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、AWS IoT、AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、AWS Lambda、AWS Network Manager、AWS Organizations 和 Amazon SageMaker AI。 |
2023 年 10 月 4 日 |
| AWSConfigServiceRolePolicy – 移除 "ssm:GetParameter" |
此策略现在会移除 AWS Systems Manager(Systems Manager)的权限。 |
2023 年 9 月 6 日 |
| AWS_ConfigRole – 添加 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
此策略现在支持、AWS App MeshAWS CloudFormation、Amazon CloudFront、AWS CodeArtifactAWS CodeBuild、Amazon Connect、AWS Glue、Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector、AWS IoT、AWS IoT TwinMaker、AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnect、AWS Network Manager、AWS Organizations、AWS 资源探索器、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)和 Amazon Simple Notification Service(Amazon SNS)的更多权限。 |
2023 年 7 月 28 日 |
| AWSConfigServiceRolePolicy – 添加 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
此策略现在支持、AWS App MeshAmazon AppStream 2.0、AWS CloudFormation、Amazon CloudFront、AWS CodeArtifact、AWS CodeBuild、Amazon Connect、AWS Glue、Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector、AWS IoT、AWS IoT TwinMaker、AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnect、AWS Network Manager、AWS Organizations、AWS 资源探索器、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Notification Service(Amazon SNS)和 Amazon EC2 Systems Manager(SSM)的更多权限。 |
2023 年 7 月 28 日 |
| AWS_ConfigRole – 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此策略现在支持为以下各项授予更多权限:AWS Amplify、Amazon Connect、AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena、AWS Batch、AWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、Amazon CodeGuru、AWS Directory Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、AWS Organizations、Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lightsail、Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon Pinpoint、Amazon Virtual Private Cloud(Amazon VPC)、Amazon Personalize、Amazon Quick Suite、AWS Migration Hub Refactor Spaces、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI 和 AWS Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
此策略现在支持为以下各项授予更多权限:AWS Amplify、Amazon Connect、AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena、AWS Batch、AWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、Amazon CodeGuru、AWS Directory Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、AWS Organizations、Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Lightsail、Amazon CloudWatch Logs、AWS Elemental MediaConnect、AWS Elemental MediaTailor、Amazon Pinpoint、Amazon Virtual Private Cloud(Amazon VPC)、Amazon Personalize、Amazon Quick Suite、AWS Migration Hub Refactor Spaces、Amazon Simple Storage Service(Amazon S3)、Amazon SageMaker AI 和 AWS Transfer Family |
2023 年 6 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for、AWS AmplifyAWS App Mesh、AWS App Runner、Amazon CloudFront、AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、AWS Transfer Family、Amazon Pinpoint、AWS Migration Hub、AWS 韧性监测中心、Amazon CloudWatch、AWS Directory Service 和 AWS WAF |
2023 年 4 月 13 日 |
| AWS_ConfigRole – 添加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for、AWS AmplifyAWS App Mesh、AWS App Runner、Amazon CloudFront、AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、AWS Transfer Family、Amazon Pinpoint、AWS Migration Hub、AWS 韧性监测中心、Amazon CloudWatch、AWS Directory Service 和 AWS WAF |
2023 年 4 月 13 日 |
| AWSConfigServiceRolePolicy – 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for Amazon AppFlow、AWS App Runner、Amazon AppStream 2.0、Amazon CloudFront、Amazon CloudWatch、AWS CodeArtifact、AWS CodeCommit、AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、AWS Ground Station、AWS Identity and Access Management(IAM)、AWS IoT、Amazon MemoryDB、Amazon Pinpoint、AWS Network Manager、AWS Panorama、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI。 |
2023 年 3 月 30 日 |
| AWS_ConfigRole – 添加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
此策略现在支持为以下各项授予更多权限:Amazon Managed Workflows for Amazon AppFlow、AWS App Runner、Amazon AppStream 2.0、AWS CloudFormation、Amazon CloudFront、Amazon CloudWatch、AWS CodeArtifact、AWS CodeCommit、AWS Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast、AWS Ground Station、AWS Identity and Access Management(IAM)、AWS IoT、Amazon MemoryDB、Amazon Pinpoint、AWS Network Manager、AWS Panorama、Amazon Relational Database Service(Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI。 |
2023 年 3 月 30 日 |
|
AWSConfigRulesExecutionRole – AWS Config 开始跟踪此 AWS 托管策略的更改 |
此策略允许 AWS Lambda 函数访问 AWS Config 定期发送到 Amazon S3 的 AWS Config API 和配置快照。对 AWS 自定义 Lambda 规则的配置更改执行评估的函数需要此访问权限。 |
2023 年 3 月 7 日 |
|
AWSConfigRoleForOrganizations – AWS Config 开始跟踪此 AWS 托管策略的更改 |
此策略允许 AWS Config 调用只读 AWS Organizations API。 |
2023 年 3 月 7 日 |
|
AWSConfigRemediationServiceRolePolicy – AWS Config 开始跟踪此 AWS 托管策略的更改 |
此策略允许 AWS Config 代表您修复 |
2023 年 3 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 AWS Audit Manager 中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
|
AWS_ConfigRole – 添加 auditmanager:GetAccountStatus |
此策略现在授予返回 AWS Audit Manager 中的账户注册状态的权限。 |
2023 年 3 月 3 日 |
|
AWSConfigMultiAccountSetupPolicy – AWS Config 开始跟踪此 AWS 托管策略的更改 |
此策略允许 AWS Config 使用 AWS Organizations 调用 AWS 服务并在整个组织中部署 AWS Config 资源。 |
2023 年 2 月 27 日 |
|
AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、AWS Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、AWS Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)、AWS Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、AWS Network Manager、Amazon Quick Suite、AWS Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)、AWS Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、AWS Network Manager、Amazon Quick Suite、AWS Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 AWS CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 AWS CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、AWS Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、AWS IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、OpsWorks、AWS Panorama、AWS Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、AWS RoboMaker、AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、AWS Cloud Map 和 AWS Security Token Service |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、AWS Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、AWS IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、OpsWorks、AWS Panorama、AWS Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、AWS RoboMaker、AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、AWS Cloud Map 和 AWS Security Token Service |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 AWS Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 AWS Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、AWS AppConfig、AWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9、AWS Directory Service、AWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT Events、AWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、AWS Resilience Hub、AWS Signer 和 AWS Transfer Family |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、AWS AppConfig、AWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9、AWS Directory Service、AWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT Events、AWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、AWS Resilience Hub、AWS Signer 和 AWS Transfer Family |
2022 年 9 月 7 日 |
| AWSConfigServiceRolePolicy – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | 此策略现在支持 Amazon Managed Workflows for Apache Airflow、AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、AWS Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 | 2023 年 2 月 1 日 |
|
AWS_ConfigRole – 添加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
此策略现在支持 Amazon Managed Workflows for Apache Airflow、AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller(ARC)、AWS Device Farm、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的更多权限。 |
2023 年 2 月 1 日 |
|
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
作为安全最佳实践,此策略现在取消了对 |
2023 年 1 月 12 日 |
|
AWSConfigServiceRolePolicy – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)、AWS Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、AWS Network Manager、Amazon Quick Suite、AWS Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)、AWS Directory Service、Amazon Elastic Compute Cloud(Amazon EC2)、AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackage、AWS Network Manager、Amazon Quick Suite、AWS Resource Access Manager、Amazon Application Recovery Controller(ARC)、Amazon Simple Storage Service(Amazon S3)和 Amazon Timestream。 |
2022 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 AWS CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:ListStackResources and cloudformation:ListStacks |
此策略现在授予返回指定 AWS CloudFormation 堆栈的所有资源的描述的权限,并返回状态与指定 StackStatusFilter 匹配的堆栈的摘要信息。 |
2022 年 11 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、AWS Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、AWS IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、OpsWorks、AWS Panorama、AWS Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、AWS RoboMaker、AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、AWS Cloud Map 和 AWS Security Token Service |
2022 年 10 月 19 日 |
|
AWS_ConfigRole – 添加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
此策略现在支持为以下各项授予更多权限:AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect、AWS Glue DataBrew、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service(Amazon EKS)、Amazon EventBridge、AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift Servers、Amazon Location Service、AWS IoT、Amazon Lex、Amazon Lightsail、Amazon Pinpoint、OpsWorks、AWS Panorama、AWS Resource Access Manager、Amazon Quick Suite、Amazon Relational Database Service(Amazon RDS)、Amazon Rekognition、AWS RoboMaker、AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service(Amazon S3)、AWS Cloud Map 和 AWS Security Token Service |
2022 年 10 月 19 日 |
|
AWSConfigServiceRolePolicy – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 AWS Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWS_ConfigRole – 添加 Glue::GetTable |
现在,此策略授予在 Data Catalog 中检索指定表的 AWS Glue 表定义的权限。 |
2022 年 9 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、AWS AppConfig、AWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9、AWS Directory Service、AWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT Events、AWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、AWS Resilience Hub、AWS Signer 和 AWS Transfer Family |
2022 年 9 月 7 日 |
|
AWS_ConfigRole – 添加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
此策略现在支持为以下各项授予更多权限:Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOps Guru、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、Amazon EventBridge、Amazon EventBridge Schemas、Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift Servers、Amazon Interactive Video Service(Amazon IVS)、适用于 Apache Flink 的亚马逊托管服务、EC2 Image Builder、Amazon Lex、Amazon Lightsail、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon Quick Suite、Amazon Application Recovery Controller(ARC)、Amazon Route 53 Resolver、Amazon Simple Storage Service(Amazon S3)、Amazon SimpleDB、Amazon Simple Email Service(Amazon SES)、Amazon Timestream、AWS AppConfig、AWS AppSync、AWS Auto Scaling、AWS Backup、AWS Budgets、AWS Cost Explorer、AWS Cloud9、AWS Directory Service、AWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoT、AWS IoT Analytics、AWS IoT Events、AWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、AWS Resilience Hub、AWS Signer 和 AWS Transfer Family |
2022 年 9 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此策略现在授予以下权限:返回 AWS 账户中的 AWS DataSync 代理、DataSync 源和目标位置,以及 DataSync 任务的列表;列出与 AWS 账户中一个或多个指定命名空间关联的 AWS Cloud Map 命名空间和服务的摘要信息;以及列出 AWS 账户中所有可用的 Amazon Simple Email Service(Amazon SES)联系人列表。 |
2022 年 8 月 22 日 |
|
AWS_ConfigRole – 添加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
此策略现在授予以下权限:返回 AWS 账户中的 AWS DataSync 代理、DataSync 源和目标位置,以及 DataSync 任务的列表;列出与 AWS 账户中一个或多个指定命名空间关联的 AWS Cloud Map 命名空间和服务的摘要信息;以及列出 AWS 账户中所有可用的 Amazon Simple Email Service(Amazon SES)联系人列表。 |
2022 年 8 月 22 日 |
|
ConfigConformsServiceRolePolicy – 添加 cloudwatch:PutMetricData |
此策略现在授予将指标数据点发布到 Amazon CloudWatch 的权限。 |
2022 年 7 月 25 日 |
|
AWSConfigServiceRolePolicy – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此策略现在支持为以下各项授予更多权限:Amazon Elastic Container Service(Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、适用于 Apache Flink 的亚马逊托管服务、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、AWS RoboMaker、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Email Service(Amazon SES)、AWS Amplify、AWS AppConfig、AWS AppSync、AWS Billing Conductor、AWS DataSync、AWS Firewall Manager、AWS Glue、AWS IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
|
AWS_ConfigRole – 添加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
此策略现在支持为以下各项授予更多权限:Amazon Elastic Container Service(Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、适用于 Apache Flink 的亚马逊托管服务、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition、AWS RoboMaker、Amazon Simple Storage Service(Amazon S3)、Amazon Simple Email Service(Amazon SES)、AWS Amplify、AWS AppConfig、AWS AppSync、AWS Billing Conductor、AWS DataSync、AWS Firewall Manager、AWS Glue、AWS IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing。 |
2022 年 7 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此策略现在授予以下权限:获取指定的 Amazon Athena 数据目录,列出 AWS 账户中的 Athena 数据目录,以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图形列表,列出侦查行为图形的标签;获取给定 AWS Glue 开发端点名称列表的资源元数据列表,获取有关指定 AWS Glue 开发端点的信息,获取 AWS 账户中的所有 AWS Glue 开发端点,检索指定的 AWS Glue 安全配置,获取所有 AWS Glue 安全配置,获取与 AWS Glue 资源关联的标签列表,获取有关具有指定名称的 AWS Glue 工作组的信息,检索 AWS中所有 AWS Glue 爬网程序资源的名称,获取 AWS 账户中所有 AWS Glue |
2022 年 5 月 31 日 |
|
AWS_ConfigRole – 添加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
此策略现在授予以下权限:获取指定的 Amazon Athena 数据目录,列出 AWS 账户中的 Athena 数据目录,以及列出与 Athena 工作组或数据目录资源关联的标签;获取 Amazon Detective 行为图形列表,列出侦查行为图形的标签;获取给定 AWS Glue 开发端点名称列表的资源元数据列表,获取有关指定 AWS Glue 开发端点的信息,获取 AWS 账户中的所有 AWS Glue 开发端点,检索指定的 AWS Glue 安全配置,获取所有 AWS Glue 安全配置,获取与 AWS Glue 资源关联的标签列表,获取有关具有指定名称的 AWS Glue 工作组的信息,检索 AWS中所有 AWS Glue 爬网程序资源的名称,获取 AWS 账户中所有 AWS Glue |
2022 年 5 月 31 日 |
|
AWSConfigServiceRolePolicy – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此策略现在授予以下权限:获取有关所有或指定 AWS CloudTrail 事件数据存储(EDS)的信息,获取有关全部或指定 AWS CloudFormation 资源的信息,获取 DynamoDB Accelerator(DAX)参数组或子网组的列表,获取有关当前正在访问的区域中您的账户的 AWS Database Migration Service(AWS DMS)复制任务的信息,以及获取指定类型 AWS Organizations 的所有策略列表。 |
2022 年 4 月 7 日 |
|
AWS_ConfigRole – 添加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
此策略现在授予以下权限:获取有关所有或指定 AWS CloudTrail 事件数据存储(EDS)的信息,获取有关全部或指定 AWS CloudFormation 资源的信息,获取 DynamoDB Accelerator(DAX)参数组或子网组的列表,获取有关当前正在访问的区域中您的账户的 AWS Database Migration Service(AWS DMS)复制任务的信息,以及获取指定类型 AWS Organizations 的所有策略列表。 |
2022 年 4 月 7 日 |
|
AWSConfigServiceRolePolicy – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此策略现在支持、AWS BackupAWS Batch、DynamoDB Accelerator、AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、AWS Key Management Service、AWS OpsWorks、Amazon Relational Database Service、AWS WAFV2 和 Amazon WorkSpaces 的更多权限。 |
2022 年 3 月 14 日 |
|
AWS_ConfigRole – 添加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
此策略现在支持、AWS BackupAWS Batch、DynamoDB Accelerator、AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、AWS Key Management Service、AWS OpsWorks、Amazon Relational Database Service、AWS WAFV2 和 Amazon WorkSpaces 的更多权限。 |
2022 年 3 月 14 日 |
|
AWSConfigServiceRolePolicy – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此策略现在授予以下权限:获取有关 Elastic Beanstalk 环境的详细信息,以及指定 Elastic Beanstalk 配置集的设置说明;获取 OpenSearch 或 Elasticsearch 版本地图,描述数据库的可用 Amazon RDS 选项组,以及获取有关 CodeDeploy 部署配置的信息。此策略现在还授予以下权限:检索附加到 AWS 账户的指定备用联系人,检索有关 AWS Organizations 策略的信息,检索 Amazon ECR 存储库策略,检索有关存档的 AWS Config 规则的信息,检索 Amazon ECS 任务定义系列的列表,列出指定子 OU 或账户的根或父级组织单位(OU),以及列出附加到指定目标根目录、组织单位或账户的策略。 |
2022 年 2 月 10 日 |
|
AWS_ConfigRole – 添加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
此策略现在授予以下权限:获取有关 Elastic Beanstalk 环境的详细信息,以及指定 Elastic Beanstalk 配置集的设置说明;获取 OpenSearch 或 Elasticsearch 版本地图,描述数据库的可用 Amazon RDS 选项组,以及获取有关 CodeDeploy 部署配置的信息。此策略现在还授予以下权限:检索附加到 AWS 账户的指定备用联系人,检索有关 AWS Organizations 策略的信息,检索 Amazon ECR 存储库策略,检索有关存档的 AWS Config 规则的信息,检索 Amazon ECS 任务定义系列的列表,列出指定子 OU 或账户的根或父级组织单位(OU),以及列出附加到指定目标根目录、组织单位或账户的策略。 |
2022 年 2 月 10 日 |
|
AWSConfigServiceRolePolicy – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此策略现在授予创建 Amazon CloudWatch logs 组和流,以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
|
AWS_ConfigRole – 添加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
此策略现在授予创建 Amazon CloudWatch logs 组和流,以及向已创建的日志流写入日志的权限。 |
2021 年 12 月 15 日 |
|
AWSConfigServiceRolePolicy – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此策略现在授予以下权限:获取有关 Amazon OpenSearch Service(OpenSearch Service)域/域的详细信息,以及获取特定 Amazon Relational Database Service(Amazon RDS)数据库参数组的详细参数列表。此策略还授予获取有关 Amazon ElastiCache 快照的详细信息的权限。 |
2021 年 9 月 8 日 |
|
AWS_ConfigRole – 添加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
此策略现在授予以下权限:获取有关 Amazon OpenSearch Service(OpenSearch Service)域/域的详细信息,以及获取特定 Amazon Relational Database Service(Amazon RDS)数据库参数组的详细参数列表。此策略还授予获取有关 Amazon ElastiCache 快照的详细信息的权限。 |
2021 年 9 月 8 日 |
|
AWSConfigServiceRolePolicy – 为 AWS 资源类型添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 和其他权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。此策略现在支持为以下各项授予更多权限:Amazon EC2 Systems Manager(SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Relational Database Service(Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、AWS Database Migration Service、AWS Global Accelerator 和 AWS Storage Gateway |
2021 年 7 月 28 日 |
|
AWS_ConfigRole – 为 AWS 资源类型添加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 和其他权限 |
此策略现在授予列出日志组的标签,列出状态机的标签,以及列出所有状态机的权限。此策略现在授予获取有关状态机的详细信息的权限。此策略现在支持为以下各项授予更多权限:Amazon EC2 Systems Manager(SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka(Amazon MSK)、Amazon Relational Database Service(Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、AWS Database Migration Service、AWS Global Accelerator 和 AWS Storage Gateway |
2021 年 7 月 28 日 |
|
AWSConfigServiceRolePolicy – 为 AWS 资源类型添加 ssm:DescribeDocumentPermission 和其他权限 |
此策略现在授予查看有关 IAM Access Analyzer 的 AWS Systems Manager 文档和信息的权限。此策略现在支持 Amazon Kinesis、Amazon ElastiCache、Amazon EMR、AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service(Amazon RDS)的更多 AWS 资源类型。这些权限更改允许 AWS Config 调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 lambda-inside-vpc AWS Config 托管规则的 Lambda@Edge 函数。 |
2021 年 6 月 8 日 |
|
AWS_ConfigRole – 为 AWS 资源类型添加 ssm:DescribeDocumentPermission 和其他权限 |
此策略现在授予查看有关 IAM Access Analyzer 的 AWS Systems Manager 文档和信息的权限。此策略现在支持 Amazon Kinesis、Amazon ElastiCache、Amazon EMR、AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service(Amazon RDS)的更多 AWS 资源类型。这些权限更改允许 AWS Config 调用支持这些资源类型所需的只读 API。此策略现在还支持筛选 lambda-inside-vpc AWS Config 托管规则的 Lambda@Edge 函数。 |
2021 年 6 月 8 日 |
|
AWSConfigServiceRolePolicy – 添加 apigateway:GET 权限,以对 API Gateway 进行只读 GET 调用,添加 s3:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus 权限,以调用 Amazon S3 只读 API |
此策略现在授予权限,以允许 AWS Config 对 API Gateway 进行只读 GET 调用,以支持 API Gateway 的 AWS Config 规则。此策略还添加了权限,允许 AWS Config 调用 Amazon Simple Storage Service(Amazon S3)只读 API,支持新 |
2021 年 5 月 10 日 |
|
AWS_ConfigRole – 添加 apigateway:GET 权限,以对 API Gateway 进行只读 GET 调用,添加 s3:GetAccessPointPolicy 权限和 s3:GetAccessPointPolicyStatus 权限,以调用 Amazon S3 只读 API |
此策略现在授予权限,以允许 AWS Config 对 API Gateway 进行只读 GET 调用,以支持 API Gateway 的。AWS Config此策略还添加了权限,允许 AWS Config 调用 Amazon Simple Storage Service(Amazon S3)只读 API,支持新 |
2021 年 5 月 10 日 |
|
AWSConfigServiceRolePolicy – 为 AWS 资源类型添加 ssm:ListDocuments 权限和其他权限 |
此策略现在授予查看有关 AWS Systems Manager 指定文档信息的权限 此策略现在还支持以下各项的更多 AWS 资源类型:AWS Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service(Amazon S3)、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI、AWS Database Migration Service 和 Amazon Route 53。这些权限更改允许 AWS Config 调用支持这些资源类型所需的只读 API。 |
2021 年 4 月 1 日 |
|
AWS_ConfigRole – 为 AWS 资源类型添加 ssm:ListDocuments 权限和其他权限 |
此策略现在授予查看有关 AWS Systems Manager 指定文档信息的权限 此策略现在还支持以下各项的更多 AWS 资源类型:AWS Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service(Amazon S3)、Amazon Elastic Compute Cloud(Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI、AWS Database Migration Service 和 Amazon Route 53。这些权限更改允许 AWS Config 调用支持这些资源类型所需的只读 API。 |
2021 年 4 月 1 日 |
|
|
|
2021 年 4 月 1 日 |
|
AWS Config 开启了跟踪更改 |
AWS Config 为其 AWS 托管式策略开启了跟踪更改。 |
2021 年 4 月 1 日 |
