本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 管理 IAM 政策
IAM 提供您建立並管理所有 IAM 政策類型的工具 (受管政策與內嵌政策)。若要新增許可到 IAM 身分 (IAM 使用者、群組或角色),您可以建立政策、驗證政策,然後將政策連接至身分。您可以將多個政策連接到身分,而每個政策可以包含多個許可。
**Topics**
+ [其他資源](#access_policies_manage-additional-resources)
+ [使用客戶管理政策定義自訂 IAM 許可](access_policies_create.md)
+ [IAM 政策驗證](access_policies_policy-validator.md)
+ [使用 IAM 政策模擬器測試 IAM 政策](access_policies_testing-policies.md)
+ [新增和移除 IAM 身分許可](access_policies_manage-attach-detach.md)
+ [版本控制 IAM 政策](access_policies_managed-versioning.md)
+ [編輯 IAM 政策](access_policies_manage-edit.md)
+ [刪除 IAM 政策](access_policies_manage-delete.md)
+ [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)
## 其他資源
下列資源可協助您進一步了解 AWS 政策。
+ 如需有關不同 IAM 類型的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)。
+ 如需在 IAM 中使用政策的一般資訊,請參閱 [AWS 資源的存取管理](access.md)。
+ 如需如何使用 IAM Access Analyzer 產生以實體存取活動為基礎之 IAM 政策的詳細資訊,請參閱[產生 IAM Access Analyzer 政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html)。
+ 如需了解當指定 IAM 身分有多個有效政策時的許可評估方式,請參閱 [政策評估邏輯](reference_policies_evaluation-logic.md)。
+ AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
# 使用客戶管理政策定義自訂 IAM 許可
[政策](access_policies.md)會定義 中身分或資源的許可 AWS。您可以使用 AWS 管理主控台 AWS CLI或 AWS API 在 IAM 中建立*客戶受管政策*。客戶管理政策是獨立的政策,在您自己的 AWS 帳戶中進行管理。然後,您可以將政策連接到 中的身分 (使用者、群組和角色) AWS 帳戶。
*身分型政策*是 IAM 中連接到身分的政策。身分型政策可以包含 AWS 受管政策、客戶受管政策和內嵌政策。受 AWS 管政策是由 建立和管理 AWS,您可以使用它們,但無法管理它們。內嵌政策是您建立並接內嵌至 IAM 使用者群組、使用者或角色的政策。內嵌政策無法在其他身分上重複使用,或在其存在的身分之外進行管理。如需詳細資訊,請參閱[新增和移除 IAM 身分許可](access_policies_manage-attach-detach.md)。
一般而言,最好使用客戶受管政策,而不是內嵌政策或 AWS 受管政策。 AWS 受管政策通常提供廣泛的管理或唯讀許可。為了達到最高安全性,應[授予最低權限](best-practices.md#grant-least-privilege),這表示僅授予執行特定任務工作所需的許可。
當您建立或編輯 IAM 政策時, AWS 可以自動執行政策驗證,以協助您建立最低權限的有效政策。在 中 AWS 管理主控台,IAM 識別 JSON 語法錯誤,而 IAM Access Analyzer 提供額外的政策檢查與建議,以協助您進一步精簡政策。若要進一步了解政策驗證的資訊,請參閱 [IAM 政策驗證](access_policies_policy-validator.md)。若要進一步了解 IAM Access Analyzer 政策檢查和可動作的建議,請參閱 [IAM Access Analyzer 政策驗證](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html)。
您可以使用 AWS 管理主控台 AWS CLI或 AWS API 在 IAM 中建立客戶受管政策。如需使用 CloudFormation 範本新增或更新政策的詳細資訊,請參閱*CloudFormation 《 使用者指南*》中的[AWS Identity and Access Management 資源類型參考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html)。
**Topics**
+ [建立 IAM 政策 (主控台)](access_policies_create-console.md)
+ [建立 IAM 政策 (AWS CLI)](access_policies_create-cli.md)
+ [建立 IAM 政策 (AWS API)](access_policies_create-api.md)
# 建立 IAM 政策 (主控台)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS 管理主控台 在 IAM 中建立*客戶受管政策*。客戶管理政策是獨立的政策,在您自己的 AWS 帳戶進行管理。然後,您可以將政策連接到 中的身分 (使用者、群組和角色) AWS 帳戶。
AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
**Topics**
+ [建立 IAM 政策](#access_policies_create-start)
+ [正在使用 JSON 編輯器建立政策](#access_policies_create-json-editor)
+ [使用視覺化編輯器來建立政策](#access_policies_create-visual-editor)
+ [匯入現有的受管政策](#access_policies_create-copy)
## 建立 IAM 政策
您可以使用下列 AWS 管理主控台 其中一種方法,在 中建立客戶受管政策:
+ **[JSON](#access_policies_create-json-editor)** — 貼上並自訂已發布的[以身分為基礎的政策範例](access_policies_examples.md)。
+ **[視覺編輯工具](#access_policies_create-visual-editor)** — 在視覺編輯工具中從零開始建構一個新的政策。若您使用視覺化編輯器,您便無需了解 JSON 語法。
+ **[匯入](#access_policies_create-copy)** — 從帳戶中匯入並自訂受管政策。您可以匯入先前建立的 AWS 受管政策或客戶受管政策。
AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
## 正在使用 JSON 編輯器建立政策
您可以選擇 **JSON** 選項以在 JSON 中輸入或貼上政策。此方法對於複製要在帳戶中使用的[範例政策](access_policies_examples.md)很有幫助。或者,您可以在 JSON 編輯器中輸入自己的 JSON 政策文件。您也可以使用 **JSON** 選項,來在視覺化編輯器與 JSON 之間切換,以比較視圖。
當您建立或編輯 JSON 編輯器中的政策時,IAM 會執行政策驗證以協助您建立有效的政策。IAM 識別 JSON 語法錯誤,而 IAM Access Analyzer 會提供額外的政策檢查及可操作的建議,協助您進一步改良政策。
JSON [政策](access_policies.md) 文件為包含一或多個陳述式。每個陳述式應包含具有相同效果 (`Allow` 或 `Deny`) 並支援相同資源和條件的所有操作。如果一個動作要求指定所有資源 (`"*"`),而另一個動作支援特定資源的 Amazon Resource Name (ARN),則它們必須位於兩個單獨的 JSON 陳述式中。如需關於 ARN 格式的詳細資料,請參閱 *AWS 一般參考 指南*中的 [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)。如需有關 IAM 政策的一般資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)。如需有關 IAM 政策語言的資訊,請參閱 [IAM JSON 政策參考](reference_policies.md)。
**若要使用 JSON 政策編輯器來建立政策**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在左側的導覽窗格中,選擇 **Policies (政策)**。
1. 選擇**建立政策**。
1. 在**政策編輯器**中,選擇 **JSON** 選項。
1. 輸入或貼上 JSON 政策文件。如需有關 IAM 政策語言的詳細資訊,請參閱 [IAM JSON 政策參考](reference_policies.md)。
1. 解決[政策驗證](access_policies_policy-validator.md)期間產生的任何安全性警告、錯誤或一般性警告,然後選擇 **Next** (下一步)。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. (選用) 當您在 中建立或編輯政策時 AWS 管理主控台,您可以產生可在 範本中使用的 JSON 或 YAML 政策 CloudFormation 範本。
若要執行此動作,請在**政策編輯器**中選擇**動作**,然後選擇**產生 CloudFormation 範本**。若要進一步了解, CloudFormation 請參閱 AWS CloudFormation 《 使用者指南》中的[AWS Identity and Access Management 資源類型參考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html)。
1. 將許可新增至政策後,請選擇**下一步**。
1. 在**檢視與建立**頁面上,為您正在建立的政策輸入**政策名稱**與**描述** (選用)。檢視**此政策中定義的許可**,來查看您的政策所授予的許可。
1. (選用) 藉由連接標籤作為鍵值組,將中繼資料新增至政策。如需有關在 IAM 中使用標籤的詳細資訊,請參閱 [AWS Identity and Access Management 資源的標籤](id_tags.md)。
1. 選擇 **Create policy** (建立政策) 儲存您的新政策。
在建立政策之後,即可將它連接至您的群組、使用者或角色。如需詳細資訊,請參閱 [新增和移除 IAM 身分許可](access_policies_manage-attach-detach.md)。
## 使用視覺化編輯器來建立政策
IAM 主控台中的視覺化編輯器將引導您建立政策,而無需編寫 JSON 語法。若要檢視使用視覺化編輯器建立政策的範例,請參閱 [控制對身分的存取](access_controlling.md#access_controlling-identities)。
**若要使用視覺化編輯器來建立政策**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在左側的導覽窗格中,選擇 **Policies (政策)**。
1. 選擇**建立政策**。
1. 在**政策編輯器**區段中,尋找**選取服務**區段,然後選擇 AWS 服務。您可用上方的搜尋框來限制服務清單中的結果。您僅可以選擇一項視覺化編輯器許可區塊中的服務。若要授予存取一個以上服務的許可,請選擇**新增更多許可**,來新增多個許可區塊。
1. 在**動作**中,選擇要新增至政策的動作。您可採用以下方式來選擇動作:
+ 選取所有動作的核取方塊。
+ 選擇 **add actions (新增動作)** 來輸入特定動作的名稱。您可以使用萬用字元 (`*`) 來指定多個動作。
+ 選取其中一個 **Access level (存取層級)** 群組,以選擇存取層級的所有動作 (例如,**Read (讀取)**、**Write (寫入)** 或 **List (列出)**)。
+ 展開各個 **Access level** (存取級別) 群組來選擇個別動作。
預設情況下,您建立的政策允許執行選擇的操作。若要拒絕選擇的動作,請選擇 **Switch to deny permissions (切換為拒絕許可)**。由於 [IAM 會根據預設拒絕](reference_policies_evaluation-logic.md),作為安全最佳實務,我們建議您僅允許使用者所需的操作和資源的許可。只有在要覆蓋其他語句或政策單獨允許的許可時,才應建立 JSON 陳述式來拒絕許可。我們建議您將拒絕許可數限制為最低,因為它們可能會增加解決許可問題的難度。
1. 對於 **Resources (資源)**,如果您在先前步驟中選取的服務和動作不支援選擇[特定資源](access_controlling.md#access_controlling-resources),則會允許所有資源,而且您無法編輯此區段。
如果選擇一或多個支援[資源等級許可](access_controlling.md#access_controlling-resources)的動作,視覺化編輯器將列出這些資源。然後,您可以展開 **Resources (資源)** 來為您的政策指定資源。
您可採用以下方式來指定資源:
+ 選擇**新增 ARN**,可根據它們的 Amazon Resource Name (ARN) 來指定資源。您可以使用視覺化 ARN 編輯器或手動列出 ARN。如需 ARN 語法的詳細資訊,請參閱 *AWS 一般參考 指南*中的 [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)。如需使用政策之 `Resource` 元素中 ARN 的詳細資訊,請參閱[IAM JSON 政策元素:Resource](reference_policies_elements_resource.md)。
+ 選擇資源旁的**此帳戶中的任何**,將許可授予該類型的任何資源。
+ 選擇**所有**,可為服務選擇所有資源。
1. (選用) 選擇**請求條件 - *(選用*)**,為您正在建立的政策新增條件。條件可限制 JSON 政策陳述式的效果。例如,您可以指定只有在使用者的請求於特定時間範圍內發生時,使用者才能對資源執行動作。您也可以使用常用的條件,限制使用者必須使用多重要素驗證 (MFA) 裝置進行身分驗證。或者,您可以要求請求必須源自於特定 IP 地址範圍。如需可在政策條件中使用的所有內容金鑰清單,請參閱*《服務授權參考*》中的 [AWS 服務的動作、資源和條件金鑰](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)。
您可採用以下方式來選擇條件:
+ 使用核取方塊來選擇常用條件。
+ 選擇**新增另一個條件**,可指定其他條件。選擇條件的 **Condition Key** (條件金鑰)、**Qualifier** (函式) 以及 **Operator** (運算子),然後輸入一個 **Value** (值)。若要新增超過一個值,請選擇**新增**。您可以將這些值視為藉由邏輯「OR」運算子相連。完成時,請選擇**新增條件**。
若要新增超過一個條件,請再次選擇**新增另一個條件**。視需要重複執行。每項條件僅適用於這一個視覺化編輯器許可區塊。所有條件的許可區塊皆須為 true 才會被視為符合。換句話說,可以將這些條件視為藉由邏輯「AND」運算子相連。
如需有關 **Condition** (條件) 元素的詳細資訊,請參閱 [IAM JSON 政策參考](reference_policies.md) 中的 [IAM JSON 政策元素:Condition](reference_policies_elements_condition.md)。
1. 若要新增更多許可區塊,請選擇**新增更多許可**。針對每個區塊皆重複步驟 2 到 5。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. (選用) 當您在 中建立或編輯政策時 AWS 管理主控台,您可以產生可在 範本中使用的 JSON 或 YAML 政策 CloudFormation 範本。
若要執行此動作,請在**政策編輯器**中選擇**動作**,然後選擇**產生 CloudFormation 範本**。若要進一步了解, CloudFormation 請參閱 AWS CloudFormation 《 使用者指南》中的[AWS Identity and Access Management 資源類型參考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html)。
1. 將許可新增至政策後,請選擇**下一步**。
1. 在**檢視與建立**頁面上,為您正在建立的政策輸入**政策名稱**與**描述** (選用)。檢視**此政策中定義的許可**,可確認您已授予想要的許可。
1. (選用) 藉由連接標籤作為鍵值組,將中繼資料新增至政策。如需有關在 IAM 中使用標籤的詳細資訊,請參閱 [AWS Identity and Access Management 資源的標籤](id_tags.md)。
1. 選擇 **Create policy** (建立政策) 儲存您的新政策。
在建立政策之後,即可將它連接至您的群組、使用者或角色。如需詳細資訊,請參閱 [新增和移除 IAM 身分許可](access_policies_manage-attach-detach.md)。
## 匯入現有的受管政策
若要建立新的政策,有一種簡單的方法是在您的帳戶中導入至少具有一部分所需許可權的現有受管政策。接著便可以自訂該政策,使其符合您的新要求。
您無法匯入內嵌政策。若要了解受管與內嵌政策之間的差異,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
**若要在視覺化編輯器中匯入現有的受管政策**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在左側的導覽窗格中,選擇 **Policies (政策)**。
1. 選擇**建立政策**。
1. 在**政策編輯器中**,選擇**視覺化**,然後在頁面右側選擇**動作**,再選擇**匯入政策**。
1. 在**匯入政策**視窗中,選擇最符合您想要放入新政策之政策內容的受管政策。您可用上方的搜尋框來限制政策清單中的結果。
1. 選擇**匯入政策**。
匯入的政策新增於政策底部的新許可區塊中。
1. 使用 **Visual editor** (視覺編輯工具) 或選擇 **JSON** 來自訂您的政策。然後選擇**下一步**。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. 在**檢視與建立**頁面上,為您正在建立的政策輸入**政策名稱**與**描述** (選用)。您之後便無法編輯這些設定。檢視**此政策中定義的許可**,然後選擇**建立政策**來儲存您的工作。
**若要在 **JSON** 編輯器中匯入現有的受管政策**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在左側的導覽窗格中,選擇 **Policies (政策)**。
1. 選擇**建立政策**。
1. 在**政策編輯器**區段中,選擇 **JSON** 選項,然後在頁面右側選擇**動作**,再選擇**匯入政策**。
1. 在**匯入政策**視窗中,選擇最符合您想要放入新政策之政策內容的受管政策。您可用上方的搜尋框來限制政策清單中的結果。
1. 選擇**匯入政策**。
來自匯入政策的陳述式新增於 JSON 政策底部。
1. 在 JSON 中自訂您的政策。解決[政策驗證](access_policies_policy-validator.md)期間產生的任何安全性警告、錯誤或一般性警告,然後選擇 **Next** (下一步)。或者在 **Visual editor** (視覺編輯工具) 中自訂您的政策。然後選擇**下一步**。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. 在**檢視與建立**頁面上,為您正在建立的政策輸入**政策名稱**與**描述** (選用)。您之後便無法編輯這些內容。檢視政策**此政策中定義的許可**,然後選擇**建立政策**來儲存您的工作。
在建立政策之後,即可將它連接至您的群組、使用者或角色。如需詳細資訊,請參閱[新增和移除 IAM 身分許可](access_policies_manage-attach-detach.md)。
# 建立 IAM 政策 (AWS CLI)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS CLI 在 IAM 中建立*客戶受管政策*。客戶管理政策是獨立的政策,在您自己的 AWS 帳戶進行管理。作為[最佳實務](best-practices.md),我們會建議使用您 IAM Access Analyzer 驗證 IAM 政策,確保許可安全且可正常運作。透過[驗證政策](access_policies_policy-validator.md),您可以先處理任何錯誤或建議,再將政策連接到您 AWS 帳戶的身分 (使用者、群組及角色)。
AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
## 建立 IAM 政策 (AWS CLI)
您可以使用 AWS Command Line Interface (AWS CLI) 來建立 IAM 客戶受管政策或者內嵌政策。
**若要建立客戶受管政策 (AWS CLI)**
使用下列命令:
+ [: create-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html)
**為 IAM 身分 (群組、使用者或角色) 建立內嵌政策 (AWS CLI)**
請使用以下其中一個命令:
+ [put-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-group-policy.html)
+ [put-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-role-policy.html)
+ [put-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-user-policy.html)
**注意**
您無法使用 IAM 為*[服務連結角色](id_roles.md#iam-term-service-linked-role)*嵌入內嵌政策。
**驗證客戶受管政策 (AWS CLI)**
使用下列 IAM Access Analyzer 指令:
+ [validate-policy](https://docs.aws.amazon.com/cli/latest/reference/accessanalyzer/validate-policy.html)
# 建立 IAM 政策 (AWS API)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS API 在 IAM 中建立*客戶受管政策*。客戶管理政策是獨立的政策,在您自己的 AWS 帳戶進行管理。作為[最佳實務](best-practices.md),我們會建議使用您 IAM Access Analyzer 驗證 IAM 政策,確保許可安全且可正常運作。透過[驗證政策](access_policies_policy-validator.md),您可以先處理任何錯誤或建議,再將政策連接到您 AWS 帳戶的身分 (使用者、群組及角色)。
AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
## 建立 IAM 政策 (AWS API)
您可以使用 AWS API 來建立 IAM 客戶受管政策或者內嵌政策。
**建立客戶受管政策 (AWS API)**
呼叫以下操作:
+ [CreatePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
**為 IAM 身分 (群組、使用者或角色) 建立內嵌政策 (AWS API)**
呼叫以下其中一項操作:
+ [PutGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html)
+ [PutRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html)
+ [PutUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html)
**注意**
您無法使用 IAM 為*[服務連結角色](id_roles.md#iam-term-service-linked-role)*嵌入內嵌政策。
**驗證客戶受管政策 (AWS API)**
呼叫下列 IAM Access Analyzer 操作:
+ [ValidatePolicy](https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ValidatePolicy.html)
# IAM 政策驗證
[政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html)是一種使用 [IAM 政策文法](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-grammar.html)的 JSON 文件。當您將政策連接到 IAM 實體 (例如使用者、群組或角色) 時,該政策會對該實體授予許可。
當您使用 建立或編輯 IAM 存取控制政策時 AWS 管理主控台, AWS 會自動檢查它們,以確保它們符合 IAM 政策文法。如果 AWS 判斷政策不符合文法,則會提示您修復政策。
IAM Access Analyzer 會提供額外的政策檢查及建議,協助您進一步改良政策。若要進一步了解 IAM Access Analyzer 政策檢查和可動作的建議,請參閱 [IAM Access Analyzer 政策驗證](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html)。若要檢視 IAM Access Analyzer 傳回的警告、錯誤和建議清單,請參閱 [IAM Access Analyzer 政策檢查參考](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html)。
**驗證範圍**
AWS 會檢查 JSON 政策語法和文法。同時還會驗證您的 ARN 格式是否適當,以及動作名稱和條件索引鍵是否正確。
**存取政策驗證**
在 AWS 管理主控台中建立 JSON 政策或編輯現有政策時,會自動驗證政策。如果政策語法無效,您將收到通知,並且必須先解決問題,然後才能繼續。 AWS 管理主控台 如果您有 的許可,IAM Access Analyzer 政策驗證的結果會自動在 中傳回`access-analyzer:ValidatePolicy`。您也可以使用 API AWS 或 驗證政策 AWS CLI。
**現有政策**
您可能有無效的現有政策,因為這些政策是在政策引擎的最新更新之前建立或上次儲存的政策。作為[最佳實務](best-practices.md),我們會建議使用您 IAM Access Analyzer 驗證 IAM 政策,確保許可安全且可正常運作。建議您開啟現有政策,並檢閱所產生的政策驗證結果。如果不修復任何政策語法錯誤,則無法編輯和儲存現有政策。
# 使用 IAM 政策模擬器測試 IAM 政策
如需有關如何以及為什麼要使用 IAM 政策的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)。
**您可前往 [https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/) 存取 IAM 政策模擬器主控台**
**重要**
政策模擬器結果可能與您的即時 AWS 環境不同。我們建議您在使用政策模擬器進行測試後,針對即時 AWS 環境檢查您的政策,以確認您擁有所需的結果。如需詳細資訊,請參閱[IAM 政策模擬器的運作方式](#policies_policy-simulator-how-it-works)。
使用 IAM 政策模擬器,您可以測試和疑難排解身分型政策和 IAM 許可界限。以下是您可以使用政策模擬器執行的一些常見作業:
+ 測試連接到您 AWS 帳戶中 IAM 使用者、IAM 群組或角色的身分型政策。如果將多個政策連接到使用者、使用者群組或角色,則可以測試所有政策,或選擇個別政策來測試。您可以測試特定資源選擇的政策所允許或拒絕的動作。
+ 測試和疑難排解[許可界限](access_policies_boundaries.md)對 IAM 實體的效果。您一次只能模擬一個許可界限。
+ 測試連接至 AWS 資源 (例如 Amazon S3 儲存貯體、Amazon SQS 佇列、Amazon SNS 主題或 Amazon Glacier 保存庫) 的 IAM 使用者資源型政策的效果。若要在政策模擬器中為 IAM 使用者使用資源型政策,您必須將資源併入模擬中。您還必須選取核取方塊,以將該資源的政策併入模擬中。
**注意**
IAM 角色不支援資源型政策的模擬。
+ 如果您的 AWS 帳戶 是 中組織的成員[AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/),則可以測試服務控制政策 (SCPs) 對身分型政策的影響。
**注意**
政策模擬器不會評估有任何條件的 SCP。
+ 透過輸入或將其複製到政策模擬器中來測試尚未連接到使用者、使用者群組或角色的新身分型政策。這些只用於模擬,不會儲存。您無法將資源型政策輸入或複製到政策模擬器中。
+ 使用選取的服務、動作和資源來測試身分型政策。例如,您可以測試以確保您的政策可讓實體在特定儲存貯體上執行 Amazon S3 服務中的 `ListAllMyBuckets`、`CreateBucket` 和 `DeleteBucket` 動作。
+ 透過提供內容索引鍵來模擬真實世界,這些內容索引鍵包含在測試政策中的 `Condition` 元素,例如 IP 地址或日期。
**注意**
若模擬中的身分型政策沒有會明確檢查標籤的 `Condition` 元素,則政策模擬器不會模擬提供做為輸入的標籤。
+ 識別身分型政策中的特定陳述式導致允許或拒絕存取特定資源或動作。
**Topics**
+ [IAM 政策模擬器的運作方式](#policies_policy-simulator-how-it-works)
+ [使用 IAM 政策模擬器所需的許可](#permissions-required_policy-simulator)
+ [使用 IAM 政策模擬器 (主控台)](#policies_policy-simulator-using)
+ [使用 IAM 政策模擬器 (AWS CLI 和 AWS API)](#policies-simulator-using-api)
## IAM 政策模擬器的運作方式
政策模擬器會評估身分型政策中的陳述式,以及您在模擬期間提供的輸入。政策模擬器的結果可能與您的即時 AWS 環境不同。我們建議您在使用政策模擬器進行測試後,針對即時 AWS 環境檢查您的政策,以確認您擁有所需的結果。
政策模擬器在下列方面與即時 AWS 環境不同:
+ 政策模擬器不會提出實際 AWS 的服務請求,因此您可以安全地測試可能會對即時 AWS 環境進行不必要的變更的請求。政策模擬器不會考慮生產中的真實內容索引鍵值。
+ 由於政策模擬器不會模擬執行中所選動作,因此無法向模擬請求報告任何回應。所請求的動作無論是被允許或是拒絕,只會傳回的唯一結果。
+ 如果您在政策模擬器內編輯政策,這些變更只會影響政策模擬器。中對應的政策 AWS 帳戶 保持不變。
+ 您無法測試具有任何條件的服務控制政策 (SCP)。
+ 政策模擬器不支援資源控制政策 (RCP) 的模擬。
+ 政策模擬器不支援 IAM 角色和跨帳戶存取權使用者的模擬。
**注意**
IAM 政策模擬器不會判定哪些服務支援用於授權的[全域條件索引鍵](reference_policies_condition-keys.md)。例如,政策模擬器不會辨別不支援 [`aws:TagKeys`](reference_policies_condition-keys.md#condition-keys-tagkeys) 的服務。
## 使用 IAM 政策模擬器所需的許可
您可以使用政策模擬器主控台或政策模擬器 API 來測試政策。根據預設,主控台使用者可以透過在政策模擬器中輸入或複製這些政策來測試尚未連接到使用者、使用者群組或角色的政策。這些政策僅用於模擬,不會揭露敏感資訊。API 使用者必須具有測試未連接政策的許可。您可以允許主控台或 API 使用者測試連接到 AWS 帳戶中 IAM 使用者、IAM 群組或角色的政策。若要執行此動作,您必須提供擷取這些政策的許可。為了測試以資源為基礎的政策,使用者必須有擷取資源政策的許可。
有關允許使用者模擬政策的主控台和 API 政策的範例,請參閱[範例政策: AWS Identity and Access Management (IAM)](access_policies_examples.md#policy_library_IAM)。
### 使用政策模擬器主控台所需的許可
您可以允許使用者測試連接到 AWS 帳戶中 IAM 使用者、IAM 群組或角色的政策。若要執行此動作,您必須為使用者提供擷取這些政策的許可。為了測試以資源為基礎的政策,使用者必須有擷取資源政策的許可。
若要查看允許將政策模擬器主控台用於連接至使用者、使用者群組或角色的政策的範例政策,請參閱 [IAM:存取政策模擬器主控台](reference_policies_examples_iam_policy-sim-console.md)。
若要查看僅允許具有特定路徑的使用者使用政策模擬器主控台的範例政策,請參閱 [IAM:根據使用者路徑存取政策模擬器主控台](reference_policies_examples_iam_policy-sim-path-console.md)。
若要建立一個政策,只允許一個類型的實體使用政策模擬器主控台,請使用下列程序。
**若要允許主控台使用者模擬使用者的政策**
在您的政策中包含以下動作:
+ `iam:GetGroupPolicy`
+ `iam:GetPolicy`
+ `iam:GetPolicyVersion`
+ `iam:GetUser`
+ `iam:GetUserPolicy`
+ `iam:ListAttachedUserPolicies`
+ `iam:ListGroupsForUser`
+ `iam:ListGroupPolicies`
+ `iam:ListUserPolicies`
+ `iam:ListUsers`
**若要允許主控台使用者模擬 IAM 群組的政策**
在您的政策中包含以下動作:
+ `iam:GetGroup`
+ `iam:GetGroupPolicy`
+ `iam:GetPolicy`
+ `iam:GetPolicyVersion`
+ `iam:ListAttachedGroupPolicies`
+ `iam:ListGroupPolicies`
+ `iam:ListGroups`
**若要允許主控台使用者模擬角色的政策**
在您的政策中包含以下動作:
+ `iam:GetPolicy`
+ `iam:GetPolicyVersion`
+ `iam:GetRole`
+ `iam:GetRolePolicy`
+ `iam:ListAttachedRolePolicies`
+ `iam:ListRolePolicies`
+ `iam:ListRoles`
若要測試以資源為基礎的政策,使用者必須有擷取資源政策的許可。
**若要允許主控台使用者在 Amazon S3 儲存貯體中測試以資源為基礎的政策**
在您的政策中包含以下動作:
+ `s3:GetBucketPolicy`
例如,以下政策使用這些動作,以允許主控台使用者在特定 Amazon S3 儲存貯體中模擬以資源為基礎的政策。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetBucketPolicy",
"Resource":"arn:aws:s3:::bucket-name/*"
}
]
}
```
------
### 使用政策模擬器 API 所需的許可
政策模擬器 API 操作 [GetContextKeyForCustomPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeyForCustomPolicy.html) 和 [SimulateCustomPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html) 可允許您測試尚未連接至使用者、使用者群組或角色的政策。若要測試這類政策,您可以將政策當作字串傳遞至 API。這些政策僅用於模擬,不會揭露敏感資訊。您也可以使用 API,來測試連接到 AWS 帳戶中 IAM 使用者、IAM 群組或角色的政策。若要這麼做,您必須為使用者提供呼叫 [GetContextKeyForPrincipalPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeyForPrincipalPolicy.html) 和 [SimulatePrincipalPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html) 的許可。
若要檢視允許將政策模擬器 API 用於目前中已連接和未連接政策的範例政策 AWS 帳戶,請參閱 [IAM:存取政策模擬器 API](reference_policies_examples_iam_policy-sim.md)。
若要建立一個政策,只允許一個類型的政策使用政策模擬器 API,請使用下列程序。
**若要允許 API 使用者去模擬直接以字串傳遞給 API 的政策**
在您的政策中包含以下動作:
+ `iam:GetContextKeysForCustomPolicy`
+ `iam:SimulateCustomPolicy`
**若要允許 API 使用者模擬連接到 IAM 使用者、IAM 群組、角色、或資源的政策**
在您的政策中包含以下動作:
+ `iam:GetContextKeysForPrincipalPolicy`
+ `iam:SimulatePrincipalPolicy`
例如,要授予名為 Bob 的使用者模擬指派給名為 Alice 的使用者的政策的許可,請授予 Bob 存取以下資源的許可:`arn:aws:iam::777788889999:user/alice`。
若要查看僅允許具有特定路徑的使用者使用政策模擬器 API 的範例政策,請參閱 [IAM:根據使用者路徑存取政策模擬器 API](reference_policies_examples_iam_policy-sim-path.md)。
## 使用 IAM 政策模擬器 (主控台)
根據預設,使用者可以透過在政策模擬器主控台中輸入或複製這些政策來測試尚未連接到使用者、使用者群組或角色的政策。這些政策僅用於模擬,不會揭露敏感資訊。
**測試未連接至使用者、使用者群組或角色的政策 (主控台)**
1. 請前往 [https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/) 開啟 IAM 政策模擬器主控台。
1. 在頁面頂端的 **Mode:** (模式:) 選單中,選擇 **New Policy** (新政策)。
1. 在 **Policy Sandbox (政策沙盒)** 中,選擇 **Create New Policy (建立新的政策)**。
1. 將政策輸入或複製到政策模擬器,接著使用政策模擬器,如以下步驟所述。
在您擁有使用 IAM 政策模擬器主控台的許可之後,您可以使用政策模擬器來測試 IAM 使用者、使用者群組、角色或資源政策。
**測試連接至使用者、使用者群組或角色的政策 (主控台)**
1. 請前往 [ https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/) 開啟 IAM 政策模擬器主控台。
**注意**
若要以 IAM 使用者的身分登入政策模擬器,請使用唯一的登入 URL 來登入 AWS 管理主控台。然後前往 [https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)。如需有關以 IAM 使用者身分登入的詳細資訊,請參閱 [IAM 使用者如何登入 AWS](id_users_sign-in.md)。
政策模擬器以 **Existing Policies** (現有政策) 模式開啟,並在 **Users, Groups, and Roles** (使用者、群組和角色) 下列出您帳戶中的 IAM 使用者。
1. 選擇適合您的任務的選項:
****
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/access_policies_testing-policies.html)
**秘訣**
若要測試連接到使用者群組的政策,可以直接從 [IAM 主控台](https://console.aws.amazon.com/iam/)啟動 IAM 政策模擬器:在導覽窗格中選擇 **User groups** (使用者群組)。選擇您想要測試政策的群組的名稱,然後選擇 **Permissions (許可)** 標籤。選擇 **Simulate** (模擬)。
若要測試連接到使用者的客戶受管政策:在導覽窗格中,選擇 **Users (使用者)**。選擇要測試政策的使用者的名稱。然後選擇 **Permissions (許可)** 標籤並展開您想要測試的政策。在最右側,選擇 **Simulate policy (模擬政策)**。**IAM Policy Simulator** (IAM 政策模擬器) 將在新視窗中開啟,並在 **Policies** (政策) 窗格中顯示選取的政策。
1. (選用) 如果您的帳戶是 [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/) 中組織的成員,則請勾選 **AWS Organizations SCP** 旁的核取方塊,以在您的模擬評估中包含 SCP。SCP 是一種 JSON 政策,負責指定組織或組織單位 (OU) 的最大許可。SCP 會限制成員帳戶中實體的許可。如果 SCP 封鎖服務或動作,則該帳戶中的任何實體都不能存取該服務或執行該動作。即使管理員透過 IAM 或資源政策明確授予對該服務或動作的許可,也是如此。
如果您的帳戶不是組織的成員,則不會出現核取方塊。
1. (選用) 您可以測試設定為[許可界限](access_policies_boundaries.md)的政策,適用於 IAM 實體 (使用者或角色),但不適用於 IAM 群組。如果目前針對實體設定了許可界限政策,則它會出現在 **Policies (政策)** 窗格中。您只能針對一個實體設定一個許可界限。若要測試不同的許可界限,您可以建立自訂許可界限。若要執行此操作,請選擇 **Create New Policy** (建立新政策)。新的 **Policies (政策)** 窗格隨即開啟。在選單中,選擇 **Custom IAM Permissions Boundary Policy** (自訂 IAM 許可界限政策)。輸入新政策的名稱,然後在下方空格中輸入或複製政策。選擇 **Apply (套用)** 以儲存政策。接下來,選擇 **Back (上一步)** 返回原始 **Policies (政策)** 窗格。然後,選取您要用於模擬之許可界限旁邊的核取方塊。
1. (選用) 您只能測試連接至使用者、使用者群組或角色的政策子集。若要這樣做,請在**政策**窗格中清除所要排除之每個政策旁邊的核取方塊。
1. 在 **Policy Simulator (政策模擬器)** 中,選擇 **Select service (選取服務)**,然後選擇該服務來測試。然後選擇 **Select actions (選取動作)** 並選取一或多個動作來測試。雖然選單一次只顯示一項服務的可用選項,但您選取的所有服務和動作都會出現在 **Action Settings and Results** (動作設定和結果) 中。
1. (選用) 如果您在 [Step 2](#polsimstep-selectid) 和 [Step 5](#polsimstep-polsubset) 中選擇的任何政策包含帶有 [AWS* 全域條件索引鍵*](reference_policies_condition-keys.md)的條件,則為這些索引鍵提供值。您可以透過展開 **Global Settings (全域設定)** 部分並為其中顯示的金鑰名稱輸入值來完成此動作。
**警告**
如果將條件索引鍵的值保留為空,則在模擬期間將忽略該索引鍵。在某些情況下,這會產生錯誤,並且無法執行模擬。在其他情況下,模擬會執行,但結果可能不可靠。在這些情況下,模擬不符合包含條件索引鍵或變數的真實世界條件。
1. (選用) 在您實際執行模擬之前,每個選取的動作都會顯示在 **Action Settings and Results (動作設定和結果)** 清單中,**Not simulated (不模擬)** 顯示在 **Permission (許可)** 欄位中。在執行模擬之前,您可以使用資源設定每個動作。若要為特定案例設定個別動作,請選擇箭頭以展開動作的資料列。如果動作支援資源級許可,則可以輸入要測試其存取權的特定資源 [Amazon Resource Name (ARN)](reference_identifiers.md#identifiers-arns)。在預設情況下,每個資源設為萬用字元 (\$1)。您也可以為任何[條件內容金鑰](reference_policies_actions-resources-contextkeys.html)指定值。如前所述,具有空白值的索引鍵被忽略,這可能會導致模擬失敗或不可靠的結果。
1. 選擇動作名稱旁的箭頭可展開每一列,並設定在您的案例中準確模擬動作所需的任何其他資訊。如果動作需要任何資源級許可,則可以輸入要模擬存取的特定資源 [Amazon Resource Name (ARN)](reference_identifiers.md#identifiers-arns)。在預設情況下,每個資源設為萬用字元 (\$1)。
1. 如果動作支援資源級許可,但不需要它們,則可以選擇 **Add Resource (新增資源)** 來選取要新增至模擬中的資源類型。
1. 如果任何選取的政策包含參考此動作服務的內容索引鍵的 `Condition` 元素,則該索引鍵名稱將顯示在該動作下。您可以指定適用於模擬指定資源動作時所需使用的值。
**需要不同資源類型群組的動作**
在不同的情況下,某些動作需要不同的資源類型。每一組資源類型都與一個案例相關聯。如果其中一個適用於您的模擬,請選擇它,並且政策模擬器需要適用於該案例的資源類型。下表顯示每個支援案例選項,以及執行模擬時必須定義的資源。
下列每個 Amazon EC2 案例都需要您指定 `instance`、`image` 和 `security-group` 資源。如果您的案例包含 EBS 磁碟區,則必須將該 `volume` 指定為資源。如果 Amazon EC2 案例包含 Virtual Private Cloud (VPC),則必須提供 `network-interface` 資源。如果包含 IP 子網路,則必須指定 `subnet` 資源。如需有關 Amazon EC2 案例選項的詳細資訊,請參閱《Amazon C2 使用者指南》**中的[支援的平台](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html)。
+ **EC2-VPC-InstanceStore**
執行個體、影像、安全群組、網路介面
+ **EC2-VPC-InstanceStore-Subnet**
執行個體、影像、安全群組、網路介面、子網路
+ **EC2-VPC-EBS**
執行個體、影像、安全群組、網路介面、磁碟區
+ **EC2-VPC-EBS-Subnet**
執行個體、影像、安全群組、網路介面、子網路、磁碟區
1. (選用) 如果要在模擬中包含以資源為基礎的政策,則必須先在 [Step 6](#polsimstep-service) 中選擇要在該資源上模擬的動作。展開所選動作的資料列,然後使用您想要模擬的政策來輸入資源 ARN。然後選擇 **ARN** 文字方塊旁的 **Include Resource Policy** (包括資源政策)。IAM 政策模擬器目前僅支援下列服務的資源型政策:Amazon S3 (僅限資源型政策;目前不支援 ACL)、Amazon SQS、Amazon SNS 和未鎖定的 Amazon Glacier 保存庫 (目前不支援鎖定的保存庫)。
1. 選擇右上角的 **Run Simulation (執行模擬)**。
**Action Settings and Results (動作設定和結果)** 每行中的 **Permission (許可)** 欄顯示在指定資源上模擬該動作的結果。
1. 若要查看政策中哪些陳述式明確允許或拒絕動作,請選擇 **Permissions** (許可) 欄中的 ***N* matching statement(s)** (相符陳述式) 連結以展開該資料列。然後選擇 **Show statement (顯示陳述式)** 連結。**Policies (政策)** 窗格顯示了相關的政策,並凸顯影響模擬結果的陳述式。
**注意**
如果動作是*隱含*的拒絕 (動作因為沒有明確允許而被拒絕),則不會顯示 **List** (清單) 和 **Show statement** (顯示陳述式) 選項。
### IAM 政策模擬器主控台訊息故障診斷
下表列出使用 IAM 政策模擬器時可能遇到的資訊和警告訊息。該表也提供了解決問題的步驟。
****
| Message | 解決的步驟 |
| --- | --- |
| 已編輯此政策。變更將不會儲存到您的帳戶。 | **不需要採取行動。** 此訊息是資訊性的。如果您在 IAM 政策模擬器中編輯現有政策,則變更不會影響您的 AWS 帳戶。政策模擬器允許您變更僅用於測試的政策。 |
| 無法取得資源政策。原因:詳細的錯誤訊息 | 政策模擬器無法存取所請求的資源型政策。確保指定的資源 ARN 是正確的,並且執行模擬的使用者擁有讀取資源政策的許可。 |
| 一個或多個政策需要模擬設定中的值。如果沒有這些值,模擬可能會失敗。 | 如果您正在測試的政策包含條件金鑰或變數,但您尚未在 **Simulation Settings (模擬設定)** 中為這些金鑰或變數提供任何值,則會顯示此訊息。 若要關閉此訊息,請選擇 **Simulation Settings (模擬設定)**,然後為每個條件金鑰或變數輸入一個值。 |
| 您已變更政策。這些結果不再有效。 | 如果在 **Results (結果)** 窗格中顯示結果時變更了所選政策,則會顯示此訊息。在 **Results (結果)** 窗格中顯示的結果不會動態更新。 若要關閉此訊息,請再次選擇 **Run Simulation (執行模擬)** 以根據在 **Policies (政策)** 窗格中所做的變更顯示新的模擬結果。 |
| 您為此模擬輸入的資源不符合這項服務。 | 如果您在 **Simulation Settings (模擬設定)** 窗格中輸入的 Amazon Resource Name (ARN) 不符合您為目前模擬選擇的服務,則會顯示此訊息。例如,如果您為 Amazon DynamoDB 資源指定了 ARN,但您選擇了 Amazon Redshift 作為要模擬的服務,則會顯示此訊息。 若要關閉此訊息,請執行下列項目之一: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/access_policies_testing-policies.html) |
| 除了資源型政策 (例如 Amazon S3 ACL 或 Amazon Glacier 保存庫鎖定政策) 之外,此動作還屬於支援特殊存取控制機制的服務。政策模擬器不支援這些機制,因此結果可能與您的生產環境不同。 | **不需要採取行動。** 此訊息是資訊性的。在目前版本中,政策模擬器評估連接至使用者和 IAM 群組的政策,並且可以評估 Amazon S3、Amazon SQS、Amazon SNS 和 Amazon Glacier 的資源型政策。政策模擬器不支援其他 AWS 服務所支援的所有存取控制機制。 |
| 目前不支援 DynamoDB FGAC。 | **不需要採取行動。** 此資訊訊息是指*精細存取控制*。精細存取控制可讓您使用 IAM 政策條件,決定誰可以存取 DynamoDB 資料表和索引中的個別資料項目和屬性。它也指可對這些資料表和索引執行的動作。目前版本的 IAM 政策模擬器不支援這種類型的政策條件。如需有關 DynamoDB 精細存取控制的詳細資訊,請參閱[適用於 DynamoDB 的精細存取控制](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/FGAC_DDB.html)。 |
| 您的政策不遵守政策的語法。您可以使用政策驗證程式來檢閱對政策的建議更新。 | 如果您的政策不遵守 IAM 政策語法,則此訊息顯示在政策清單的上方。為了模擬這些政策,請檢閱位於 [IAM 政策驗證](access_policies_policy-validator.md) 的政策驗證選項來識別並修正這些政策。 |
| 此政策必須更新,以遵守最新的政策語法規則。 | 如果您的政策不遵守 IAM 政策語法,則會顯示此訊息。為了模擬這些政策,請檢閱位於 [IAM 政策驗證](access_policies_policy-validator.md) 的政策驗證選項來識別並修正這些政策。 |
## 使用 IAM 政策模擬器 (AWS CLI 和 AWS API)
政策模擬器命令通常需要呼叫 API 操作來執行兩個項目:
1. 評估政策並傳回他們所參考的內容索引鍵清單。您需要知道會參考哪些內容索引鍵,以便在下一步驟中將其提供值。
1. 模擬政策,提供在模擬過程中使用的動作、資源和內容索引鍵的清單。
基於安全考量,API 操作已分成兩組:
+ 只模擬政策的API 操作會被直接以字串傳遞給 API。該組包含 [GetContextKeysForCustomPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html) 和 [SimulateCustomPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html)。
+ API 操作模擬連接到指定 IAM 使用者、使用者群組、角色或資源的政策。由於這些 API 操作可以顯示指派給其他 IAM 實體的許可的詳細資訊,因此您應該考慮限制對這些 API 操作的存取。該組包含 [GetContextKeysForPrincipalPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html) 和 [SimulatePrincipalPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html)。如需有關限制存取 API 操作的詳細資訊,請參閱 [範例政策: AWS Identity and Access Management (IAM)](access_policies_examples.md#policy_library_IAM)。
在這兩種情況下,API 操作都會在行動和資源清單上模擬一個或多個政策的效能。每個動作會與每個資源搭配使用,並且模擬會判斷政策是否允許或拒絕該資源的動作。您還可以為政策參考的任何內容鍵索引鍵提供值。您可以透過第一個呼叫 [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html) 或 [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html) 取得政策參考的內容金鑰清單。如果未提供值給內容索引鍵,則該模擬仍會執行。但是,結果可能是不可靠的,因為政策模擬器不能在評估中包含該內容索引鍵。
**取得內容索引鍵清單 (AWS CLI, AWS API)**
使用以下內容評估政策清單,並傳回政策中所使用的內容索引鍵清單。
+ AWS CLI:[https://docs.aws.amazon.com/cli/latest/reference/iam/get-context-keys-for-custom-policy.html](https://docs.aws.amazon.com/cli/latest/reference/iam/get-context-keys-for-custom-policy.html) 與 [https://docs.aws.amazon.com/cli/latest/reference/iam/get-context-keys-for-principal-policy.html](https://docs.aws.amazon.com/cli/latest/reference/iam/get-context-keys-for-principal-policy.html)
+ AWS API: [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html)和 [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html)
**模擬 IAM 政策 (AWS CLI, AWS API)**
使用以下方法模擬 IAM 政策以判斷使用者的有效許可。
+ AWS CLI:[https://docs.aws.amazon.com/cli/latest/reference/iam/simulate-custom-policy.html](https://docs.aws.amazon.com/cli/latest/reference/iam/simulate-custom-policy.html) 與 [https://docs.aws.amazon.com/cli/latest/reference/iam/simulate-principal-policy.html](https://docs.aws.amazon.com/cli/latest/reference/iam/simulate-principal-policy.html)
+ AWS API: [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html)和 [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html)
# 新增和移除 IAM 身分許可
您可以使用政策來定義身分 (使用者、使用者群組或角色) 的許可。您可以使用 AWS 管理主控台、 AWS Command Line Interface (AWS CLI) 或 AWS API 來連接和分離身分的 IAM 政策,以新增和移除許可。您也可以使用相同的方法,利用政策來設定僅適用於實體 (使用者或角色) 的[許可界限](access_policies_boundaries.md)。許可界限是一項進階 AWS 功能,可控制實體可擁有的最大許可。
**Topics**
+ [術語](#attach-detach-etc-terminology)
+ [檢視身分活動](#attach-detach_prerequisites)
+ [新增 IAM 身分許可 (主控台)](#add-policies-console)
+ [移除 IAM 身分許可 (主控台)](#remove-policies-console)
+ [新增 IAM 政策 (AWS CLI)](#add-policy-cli)
+ [移除 IAM 政策 (AWS CLI)](#remove-policy-cli)
+ [新增 IAM 政策 (AWS API)](#add-policy-api)
+ [移除 IAM 政策 (AWS API)](#remove-policy-api)
## 術語
當您將許可政策與身分 (IAM 使用者、IAM 群組和 IAM 角色) 相關聯時,術語和程序會有所不同,具體取決於您使用的是受管政策或內嵌政策:
+ **連接** – 與受管政策一起使用。您將受管政策連接到身分 (使用者、使用者群組或角色)。將在政策中套用許可的政策連接到身分。
+ **Detach** (分開) – 與受管政策一起使用。您從 IAM 身分 (使用者、使用者群組或角色) 分開受管政策。分開政策會從身分中移除其許可。
+ **嵌入** – 與內嵌政策一起使用。在身分中嵌入內嵌政策 (使用者、使用者群組或角色)。將在政策中套用許可的政策嵌入到身分。因為內嵌政策儲存在身分中,所以它是嵌入的而不是連接的,儘管結果是相似的。
**注意**
您只能將*[服務相關角色](id_roles.md#iam-term-service-linked-role)*的內嵌政策嵌入依賴該角色的服務。請參閱服務的 [AWS 文件](https://docs.aws.amazon.com/),確認是否支援此功能。
+ **刪除** – 與內嵌政策一起使用。您從 IAM 身分 (使用者、使用者群組或角色) 刪除內嵌政策。刪除政策會從身分中移除其許可。
**注意**
您只能在依賴於角色的服務中刪除*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的內嵌政策。請參閱服務的 [AWS 文件](https://docs.aws.amazon.com/),確認是否支援此功能。
您可以使用 主控台 AWS CLI或 AWS API 來執行任何這些動作。
### 其他資訊
+ 如需有關受管與內嵌政策之間的差異的詳細資訊,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
+ 如需有關許可界限的詳細資訊,請參閱 [IAM 實體的許可界限](access_policies_boundaries.md)。
+ 如需有關 IAM 政策的一般資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)。
+ 如需有關驗證 IAM 政策的資訊,請參閱 [IAM 政策驗證](access_policies_policy-validator.md)。
+ AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
## 檢視身分活動
變更身分 (使用者、使用者群組或角色) 的許可之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 新增 IAM 身分許可 (主控台)
您可以使用 AWS 管理主控台 將許可新增至身分 (使用者、使用者群組或角色)。若要執行此操作,連接可控制許可的受管政策,或指定可做為[許可界限](access_policies_boundaries.md)的政策。您也可以嵌入內嵌政策。
**將受管政策當做身分的許可政策來使用 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇**政策**。
1. 在政策清單中,選取要連接的政策名稱旁的選項按鈕。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **Actions** (動作),然後選擇 **Attach** (連接)。
1. 選取一或多個身分以將政策連接到。您可使用搜尋方塊來篩選主體實體清單。在選取身分後,選擇 **Attach policy (連接政策)**。
**使用受管政策設定許可界限 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要設定的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 在政策詳細資訊頁面上,選擇**連接的實體**索引標籤,然後在必要時,開啟**作為許可界限連接**區段,然後選擇**將該政策設定為許可界限**。
1. 選擇一或多個要套用許可界限政策的使用者或角色。您可使用搜尋方塊來篩選主體實體清單。選取主體之後,選擇**設定許可界限**。
**為使用者或角色嵌入內嵌政策 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在服務導覽窗格中,選擇 **Users (使用者)** 或者 **Roles (角色)**。
1. 在清單中,選擇要內嵌政策的使用者或角色的名稱。
1. 選擇**許可**索引標籤標籤。
1. 選擇**新增許可**,然後選擇**建立內嵌政策**。
**注意**
您不能在 IAM 中的*[服務連結的角色](id_roles.md#iam-term-service-linked-role)*中嵌入內嵌政策。由於連結服務定義您是否可以修改角色的許可,因此您可以從服務主控台、API 或 AWS CLI新增額外的政策。若要查看服務的服務連結角色文件,請參閱 [AWS 使用 IAM 的 服務](reference_aws-services-that-work-with-iam.md) 並在服務的 **服務連結角色**欄位中選擇 **Yes (是)**。
1. 選擇下列其中一種方法來檢視建立政策所需的步驟:
+ [匯入現有的受管政策](access_policies_create-console.md#access_policies_create-copy) – 您可以將受管政策匯入帳戶內,然後編輯該政策以依據您的特定要求自訂內容。受管政策可以是您先前建立的 AWS 受管政策或客戶受管政策。
+ [使用視覺化編輯器來建立政策](access_policies_create-console.md#access_policies_create-visual-editor) – 您可以在視覺編輯工具中從零開始建構一個新的政策。若您使用視覺化編輯器,您便無需了解 JSON 語法。
+ [正在使用 JSON 編輯器建立政策](access_policies_create-console.md#access_policies_create-json-editor) – 在 **JSON** 編輯器選項中,您可以使用 JSON 語法來建立政策。您可以輸入新的 JSON 政策文件或者貼上[範例政策](access_policies_examples.md)。
1. 在您建立內嵌政策後,它會自動嵌入您的使用者或角色中。
**為使用者群組嵌入內嵌政策 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇 **User groups** (使用者群組)。
1. 在清單中,選擇要內嵌政策的使用者群組名稱。
1. 選擇 **Permissions** (許可) 標籤,選擇 **Add permissions** (新增許可),然後選擇 **Attach policy** (連接政策)。
1. 執行以下任意一項:
+ 選擇**視覺化**選項,可建立政策。如需詳細資訊,請參閱[使用視覺化編輯器來建立政策](access_policies_create-console.md#access_policies_create-visual-editor)。
+ 選擇 **JSON** 選項,可建立政策。如需詳細資訊,請參閱[正在使用 JSON 編輯器建立政策](access_policies_create-console.md#access_policies_create-json-editor)。
1. 當您滿意時,選擇 **建立政策**。
**變更一或多個實體的許可界限 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要設定的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 在政策詳細資訊頁面上,選擇**連接的實體**索引標籤,然後在必要時,開啟**作為許可界限連接**區段。選取您想要變更其界限的使用者或角色旁的核取方塊,然後選擇**變更**。
1. 選取用於許可界限新政策。您可以使用搜尋方塊來篩選政策清單。在選取政策後,選擇**設定許可界限**。
## 移除 IAM 身分許可 (主控台)
您可以使用 從身分 (使用者、使用者群組或角色) AWS 管理主控台 移除許可。若要執行此操作,請分開可控制許可的受管政策,或移除可做為[許可界限](access_policies_boundaries.md)的政策。您也可以刪除內嵌政策。
**中斷連結當做許可政策來使用的受管政策 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇**政策**。
1. 在政策清單中,選取要分開的政策名稱旁的選項按鈕。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **Actions** (動作),然後選擇 **Detach** (分開)。
1. 選取要從中分開政策的身分。您可以使用搜尋方塊來篩選身分清單。在選取身分後,選擇 **Detach policy (分開政策)**。
**移除許可界限 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要設定的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 在政策摘要頁面上,選擇**連接的實體**索引標籤,然後在必要時,開啟**作為許可界限連接**區段,接著選擇要從中移除許可界限的實體。然後選擇**移除界限**。
1. 確認您想要移除界限,然後選擇**移除界限**。
**刪除內嵌政策 (主控台)**
1. 登入 AWS 管理主控台 並開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在服務導覽窗格中,選擇 **User groups** (使用者群組)、**Users** (使用者) 或者 **Roles** (角色)。
1. 在清單中,選擇包含要刪除的政策的使用者群組、使用者、或角色的名稱。
1. 選擇 **Permissions (許可)** 標籤。
1. 選取政策旁的核取方塊,然後選擇**移除**。
1. 在確認方塊中,選擇**移除**。
## 新增 IAM 政策 (AWS CLI)
您可以使用 AWS CLI 將許可新增至身分 (使用者、使用者群組或角色)。若要執行此操作,連接可控制許可的受管政策,或指定可做為[許可界限](access_policies_boundaries.md)的政策。您也可以嵌入內嵌政策。
**將受管政策當做實體的許可政策來使用 (AWS CLI)**
1. (選用) 若要檢視受管政策的相關資訊,請執行下列命令:
+ 列出受管政策:[aws iam list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. 若要將受管政策連接到身分 (使用者、使用者群組或角色),請使用下列其中一項命令:
+ [aws iam attach-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/attach-user-policy.html)
+ [aws iam attach-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/attach-group-policy.html)
+ [aws iam attach-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/attach-role-policy.html)
**使用受管政策設定許可界限 (AWS CLI)**
1. (選用) 若要檢視受管政策的相關資訊,請執行下列命令:
+ 列出受管政策:[aws iam list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[aws iam get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. 若要使用受管政策來為實體 (使用者或角色) 設定許可界限,請使用下列其中一個命令:
+ [aws iam put-user-permissions-boundary](https://docs.aws.amazon.com/cli/latest/reference/iam/put-user-permissions-boundary.html)
+ [aws iam put-role-permissions-boundary](https://docs.aws.amazon.com/cli/latest/reference/iam/put-role-permissions-boundary.html)
**嵌入內嵌政策 (AWS CLI)**
若要將內嵌政策嵌入到身分 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請使用下列命令:
+ [aws iam put-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-user-policy.html)
+ [aws iam put-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-group-policy.html)
+ [aws iam put-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-role-policy.html)
## 移除 IAM 政策 (AWS CLI)
您可以使用 AWS CLI 分離控制許可的受管政策,或移除做為[許可界限](access_policies_boundaries.md)的政策。您也可以刪除內嵌政策。
**中斷連結當做許可政策來使用的受管政策 (AWS CLI)**
1. (選用) 若要檢視關於政策的資訊,請執行下列命令:
+ 列出受管政策:[aws iam list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[aws iam get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請執行下列命令:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色):
+ [aws iam list-entities-for-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/list-entities-for-policy.html)
+ 若要列出連接到身分的受管政策 (使用者、使用者群組或角色),請使用下列其中一項命令:
+ [aws iam list-attached-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-user-policies.html)
+ [aws iam list-attached-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-group-policies.html)
+ [aws iam list-attached-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-role-policies.html)
1. 若要從身分中分開受管政策 (使用者、使用者群組或角色),請使用下列其中一項命令:
+ [aws iam detach-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/detach-user-policy.html)
+ [aws iam detach-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/detach-group-policy.html)
+ [aws iam detach-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/detach-role-policy.html)
**移除許可界限 (AWS CLI)**
1. (選用) 若要檢視目前使用哪個受管政策來為使用者或角色設定許可界限,請執行下列命令:
+ [aws iam get-user](https://docs.aws.amazon.com/cli/latest/reference/iam/get-user.html)
+ [aws iam get-role](https://docs.aws.amazon.com/cli/latest/reference/iam/get-role.html)
1. (選用) 若要檢視目前在哪些使用者或角色使用受管政策的許可界限,請執行下列命令:
+ [aws iam list-entities-for-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/list-entities-for-policy.html)
1. (選用) 若要檢視受管政策的相關資訊,請執行下列命令:
+ 列出受管政策:[aws iam list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[aws iam get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. 若要從使用者或角色移除許可界限,請使用下列其中一個命令:
+ [aws iam delete-user-permissions-boundary](https://docs.aws.amazon.com/cli/latest/reference/iam/detach-user-policy.html)
+ [aws iam delete-role-permissions-boundary](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-role-permissions-boundary.html)
**若要刪除內嵌政策 (AWS CLI)**
1. (選用) 若要列出連接到身分 (使用者、使用者群組或角色) 的所有內嵌政策,請使用下列其中一項命令:
+ [aws iam list-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-user-policies.html)
+ [aws iam list-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-group-policies.html)
+ [aws iam list-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-role-policies.html)
1. (選用) 若要擷取嵌入到身分 (使用者、使用者群組或角色) 中的內嵌政策文件,請使用下列其中一項命令:
+ [aws iam get-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-user-policy.html)
+ [aws iam get-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-group-policy.html)
+ [aws iam get-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-role-policy.html)
1. 若要從身分中刪除內嵌政策 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請使用下列命令:
+ [aws iam delete-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-user-policy.html)
+ [aws iam delete-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-group-policy.html)
+ [aws iam delete-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-role-policy.html)
## 新增 IAM 政策 (AWS API)
您可以使用 AWS API 連接控制許可的受管政策,或指定做為[許可界限](access_policies_boundaries.md)的政策。您也可以嵌入內嵌政策。
**使用受管政策做為實體的許可政策 (AWS API)**
1. (選用) 若要檢視關於政策的資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. 若要將受管政策連接到身分 (使用者、使用者群組或角色),請呼叫下列其中一項操作:
+ [AttachUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html)
+ [AttachGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html)
+ [AttachRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html)
**使用受管政策來設定許可界限 (AWS API)**
1. (選用) 若要檢視受管政策的相關資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. 若要使用受管政策來為實體 (使用者或角色) 設定許可界限,請呼叫下列其中一個操作:
+ [PutUserPermissionsBoundary](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html)
+ [PutRolePermissionsBoundary](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html)
**內嵌內嵌政策 (AWS API)**
若要將內嵌政策嵌入在身分 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請呼叫下列操作:
+ [PutUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html)
+ [PutGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html)
+ [PutRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html)
## 移除 IAM 政策 (AWS API)
您可以使用 AWS API 分離控制許可的受管政策,或移除做為[許可界限](access_policies_boundaries.md)的政策。您也可以刪除內嵌政策。
**分離用作許可政策 (AWS API) 的受管政策**
1. (選用) 若要檢視關於政策的資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請呼叫下列操作:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色):
+ [ListEntitiesForPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html)
+ 若要列出連接到身分的受管政策 (使用者、使用者群組或角色),請呼叫下列其中一項操作:
+ [ListAttachedUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html)
+ [ListAttachedGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html)
+ [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
1. 若要從身分中分開受管政策 (使用者、使用者群組或角色),請呼叫下列其中一項操作:
+ [DetachUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html)
+ [DetachGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html)
+ [DetachRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html)
**移除許可界限 (AWS API)**
1. (選用) 若要檢視目前使用哪個受管政策來為使用者或角色設定許可界限,請呼叫下列操作:
+ [GetUser](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html)
+ [GetRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html)
1. (選用) 若要檢視目前在哪些使用者或角色使用受管政策的許可界限,請呼叫下列操作:
+ [ListEntitiesForPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html)
1. (選用) 若要檢視受管政策的相關資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. 若要從使用者或角色移除許可界限,請呼叫下列其中一個操作:
+ [DeleteUserPermissionsBoundary](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html)
+ [DeleteRolePermissionsBoundary](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html)
**刪除內嵌政策 (AWS API)**
1. (選用) 若要列出連接到身分 (使用者、使用者群組或角色) 的所有內嵌政策,請呼叫下列其中一項操作:
+ [ListUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html)
+ [ListGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html)
+ [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html)
1. (選用) 若要擷取嵌入到身分 (使用者、使用者群組或角色) 中的內嵌政策文件,請呼叫下列其中一項操作:
+ [GetUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html)
+ [GetGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html)
+ [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html)
1. 若要從身分中刪除內嵌政策 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請呼叫下列操作:
+ [DeleteUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html)
+ [DeleteGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html)
+ [DeleteRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html)
# 版本控制 IAM 政策
當您變更 IAM 客戶受管政策,以及 AWS 變更 AWS 受管政策時,變更的政策不會覆寫現有的政策。IAM 反而會建立新*版本*的受管政策。IAM 最多可以儲存五個版本的客戶受管政策。IAM 不支援內嵌政策版本控制。
下圖說明客戶受管政策的版本控制。在此範例中,版本 1-4 會進行儲存。您最多可以儲存五個受管政策版本到 IAM。當您編輯建立第六個儲存版本的政策時,您可以選擇任一不再儲存的舊版本。您可以隨時恢復到其他四個儲存版本中的任何一個。
![\[變更受管政策時會變成新版本的政策\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-managed-policies-versions-overview.diagram.png)
政策版本與 `Version` 政策元素不同。`Version` 政策元素是在政策內使用,並定義政策語言的版本。若要進一步了解 `Version` 政策元素,請參閱 [IAM JSON 政策元素:Version](reference_policies_elements_version.md)。
您可以使用版本來追蹤受管政策的變更。例如,您可以變更受管政策,然後發現該變更有各種意外影響。在這種情況下,您可以復原至舊版的受管政策,做法是將舊版本設定為*預設*版本。
以下各主題說明如何使用受管政策的版本控制。
**Topics**
+ [版本限制](#version-limits)
+ [使用版本復原變更](#versions-roll-back)
+ [用於設定預設政策版本的許可](#policy-version-permissions)
+ [設定客戶受管政策的預設版本](#default-version)
## 版本限制
受管政策至多可有 5 個版本。如果您需要從 AWS Command Line Interface或 AWS API 變更超過五個版本的受管政策,您必須先刪除一或多個現有版本。如果您使用 AWS 管理主控台,則不需要在編輯政策之前刪除版本。當您儲存第六個版本,會出現一個對話方塊,提示您刪除一或多個非預設的政策版本。您可以檢視每個版本的 JSON 政策文件,以協助您做決定。如需此對話方塊的詳細資訊,請參閱[編輯 IAM 政策](access_policies_manage-edit.md)。
您可以刪除任何想要的受管政策的版本,除了預設版本以外。當您刪除某個版本,剩餘版本的版本識別碼不會變更。因此,版本識別碼可能不會序列化。例如,若刪除受管政策的版本 v2 和 v4,並新增兩個新版本,剩餘的版本識別碼可能為 v1、v3、v5、v6 和 v7。
## 使用版本復原變更
您可以設定客戶受管政策的預設版本來復原您的變更。例如,考量以下情境:
您建立客戶受管政策,讓使用者能夠使用 AWS 管理主控台管理特定 Amazon S3 儲存貯體。建立後,您的客戶受管政策只有一個版本 (識別為 v1),所以該版本會自動設定為預設值。該政策按預期運作。
之後,您更新政策來新增許可,以管理第二個 Amazon S3 儲存貯體。IAM 建立新版本的政策 (識別為 v2),其中包含您的變更。您設定版本 v2 為預設值,不久後您的使用者報告他們沒有獲得使用 Amazon S3 主控台的許可。在這種情況下,您可以復原到版本 v1 的政策,就是您所知按預期運作的版本。為了這樣做,您設定版本 v1 為預設版本。您的使用者現在可以使用 Amazon S3 主控台來管理原始儲存貯體。
之後,在您判斷出政策的版本 v2 錯誤後,您再次更新政策來新增許可,以管理第二個 Amazon S3 儲存貯體。IAM 建立另一個新版本的政策,識別為 v3。您設定版本 v3 為預設值,而此版本按預期運作。此時,您刪除政策的版本 v2。
## 用於設定預設政策版本的許可
設定預設政策版本所需的許可,對應於任務的 AWS API 操作。您可以使用 `CreatePolicyVersion` 或 `SetDefaultPolicyVersion` API 操作來設定政策的預設版本。若要讓某人設定現有政策的預設政策版本,您可以允許存取 `iam:CreatePolicyVersion` 動作或 `iam:SetDefaultPolicyVersion` 動作。這個 `iam:CreatePolicyVersion` 動作可讓他們建立新版本的政策,並設定該版本為預設值。這個 `iam:SetDefaultPolicyVersion` 動作可讓他們將任何現有的政策版本設定為預設值。
**重要**
若要防止使用者變更政策的預設版本,您必須同時拒絕 `iam:CreatePolicyVersion` 和 `iam:SetDefaultPolicyVersion`。
您可以使用以下政策來拒絕使用者存取變更現有客戶的受管政策:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"iam:CreatePolicyVersion",
"iam:SetDefaultPolicyVersion"
],
"Resource": "arn:aws:iam::*:policy/POLICY-NAME"
}
]
}
```
------
## 設定客戶受管政策的預設版本
其中一個受管政策版本是設定為*預設*版本。政策的預設版本是生效版本,也就是受管政策所連接的所有主體實體的 (IAM 使用者、IAM 使用者群組和 IAM 角色) 的生效版本。
當您建立客戶受管政策,政策從單一版本 (識別為 v1) 開始。對於只有單一版本的受管政策,該版本會自動設定為預設值。對於具有多個版本的客戶受管政策,您可以選擇將哪個版本設定為預設值。對於 AWS 受管政策,預設版本由 設定 AWS。下圖說明了此概念。
![\[具單一版本的受管政策,其為預設版本\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-managed-policies-versions-default-one.diagram.png)
![\[客戶受管政策使用三種版本,其中版本 v2 是預設版本。\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-managed-policies-versions-default-multiple.diagram.png)
您可以設定預設的客戶受管政策版本,以套用該版本到政策連接的每個 IAM 身分 (使用者、使用者群組和角色)。您無法設定 AWS 受管政策或內嵌政策的預設版本。
**設定客戶受管政策的預設版本 (主控台)**
1. 登入 AWS 管理主控台 並開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要設定預設版本的政策的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **Policy versions (政策版本)** 標籤。選取要設定為預設版本的版本旁的核取方塊,然後選擇 **Set as default (設定為預設)**。
若要了解如何從 AWS Command Line Interface 或 AWS API 設定客戶受管政策的預設版本,請參閱 [編輯 IAM 政策 (AWS CLI)](access_policies_manage-edit-cli.md)。
# 編輯 IAM 政策
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。政策會以 JSON 文件 AWS 形式存放在 中,並以*身分型政策*的形式連接到 IAM 中的委託人。您可以將以身分為基礎的政策連接到主體 (或身分),例如 IAM 使用者群組、使用者或角色。身分型政策包括 AWS 受管政策、客戶受管政策和[內嵌政策](access_policies_managed-vs-inline.md)。您可以在 IAM.managed 政策中編輯客戶 AWS 受管政策和內嵌政策無法編輯。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
一般而言,最好使用客戶受管政策,而不是內嵌政策或 AWS 受管政策。 AWS 受管政策通常提供廣泛的管理或唯讀許可。內嵌政策無法在其他身分上重複使用,或在其存在的身分之外進行管理。為了達到最高安全性,應[授予最低權限](best-practices.md#grant-least-privilege),這表示僅授予執行特定任務工作所需的許可。
當您建立或編輯 IAM 政策時, AWS 可以自動執行政策驗證,以協助您建立最低權限的有效政策。在 中 AWS 管理主控台,IAM 識別 JSON 語法錯誤,而 IAM Access Analyzer 提供額外的政策檢查與建議,以協助您進一步精簡政策。若要進一步了解政策驗證的資訊,請參閱 [IAM 政策驗證](access_policies_policy-validator.md)。若要進一步了解 IAM Access Analyzer 政策檢查和可動作的建議,請參閱 [IAM Access Analyzer 政策驗證](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html)。
您可以使用 AWS CLI AWS 管理主控台或 AWS API 在 IAM 中編輯客戶受管政策和內嵌政策。如需使用 CloudFormation 範本新增或更新政策的詳細資訊,請參閱*CloudFormation 《 使用者指南*》中的[AWS Identity and Access Management 資源類型參考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_IAM.html)。
**Topics**
+ [編輯 IAM 政策 (主控台)](access_policies_manage-edit-console.md)
+ [編輯 IAM 政策 (AWS CLI)](access_policies_manage-edit-cli.md)
+ [編輯 IAM 政策 (AWS API)](access_policies_manage-edit-api.md)
# 編輯 IAM 政策 (主控台)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS 管理主控台 編輯*客戶受管政策和* IAM. AWS managed *政策中的內嵌*政策無法編輯。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
如需有關政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md) 和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
## 先決條件
變更政策的許可之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 編輯客戶受管政策 (主控台)
您可以透過 AWS 管理主控台來編輯客戶管理政策,以變更政策中定義的許可。客戶受管政策至多可有 5 個版本。這很重要,因為如果您變更受管政策超過 5 個版本,則 AWS 管理主控台 會提示您決定要刪除的版本。您還可以在編輯之前變更預設版本或或刪除政策版本,以避免出現提示。若要進一步了解版本,請參閱 [版本控制 IAM 政策](access_policies_managed-versioning.md)。
------
#### [ Console ]
**編輯客戶管理政策**
1. 登入 AWS 管理主控台 並開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要編輯的政策的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 選擇**許可**索引標籤,然後選擇**編輯**。
1. 執行以下任意一項:
+ 選擇**視覺化**選項可變更政策,且無需了解 JSON 語法。您可以變更政策中每個許可區塊的服務、動作、資源或可選條件。您也可以匯入政策以在政策底部新增其他許可。完成變更後,選擇**下一步**以繼續。
+ 選擇 **JSON** 選項,可透過在 JSON 文字方塊中輸入或貼上文字來修改政策。您也可以匯入政策以在政策底部新增其他許可。解決[政策驗證](access_policies_policy-validator.md)期間產生的任何安全性警告、錯誤或一般性警告,然後選擇 **Next** (下一步)。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. 在**檢視與儲存**頁面上,檢視**此政策中定義的許可**,然後選擇**儲存變更**以儲存工作。
1. 如果受管政策有最多五個版本,選擇**儲存變更**可顯示一個對話方塊。若要儲存新版本,該政策的最舊非預設版本會遭到移除,並以此新版本取代之。您也可以將新版本設定為預設的政策版本。
選擇**儲存變更**,可儲存新的政策版本。
------
## 設定客戶管理政策的預設版本 (主控台)
您可以從 設定客戶受管政策的預設版本 AWS 管理主控台。您可以使用此政策為整個組織中的許可建立一致的基準組態。此政策的所有新附件都會使用此標準化許可集。
------
#### [ Console ]
**設定客戶受管政策的預設版本 (主控台)**
1. 登入 AWS 管理主控台 並開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 在政策清單中,選擇要設定預設版本的政策的政策名稱。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **Policy versions (政策版本)** 標籤。選取要設定為預設版本的版本旁的核取方塊,然後選擇 **Set as default (設定為預設)**。
------
## 刪除客戶管理政策的版本 (主控台)
您可能需要刪除客戶管理政策的某個版本,以移除不再需要或存在潛在安全風險的過時或不正確的許可。透過僅維護必要的政策版本,可以協助確保受管政策版本保持在限制的五個以內,為未來的更新和改進留出空間。您可以透過 AWS 管理主控台刪除客戶管理政策的版本。
------
#### [ Console ]
**刪除客戶管理政策的版本**
1. 登入 AWS 管理主控台 並開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格中,選擇 **Policies** (政策)。
1. 選擇具有要刪除的版本的客戶受管政策的名稱。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **Policy versions (政策版本)** 標籤。選取要刪除的版本旁的核取方塊。然後選擇 **Delete (刪除)**。
1. 確認您要刪除該版本,然後選擇 **Delete (刪除)**。
------
## 編輯內嵌政策 (主控台)
您可能需要編輯客戶管理政策來更新或精簡授予的許可,確保這些許可符合組織不斷變化的安全需求和存取控制需求。您可以透過對政策進行編輯來調整政策的 JSON 文件,以及新增、修改或移除特定動作、資源或條件,以維護最低權限原則,並適應環境或程序中的變更。您可以從 AWS 管理主控台主控台中編輯內嵌政策。
------
#### [ Console ]
**編輯使用者、使用者群組或角色的內嵌政策**
1. 在服務導覽窗格中,選擇 **User** (使用者)、**Users groups** (使用者群組) 或者 **Roles** (角色)。
1. 選擇您要修改的政策的使用者、 使用者群組或角色的名稱。然後選擇 **Permissions (許可)** 標籤並展開政策。
1. 若要編輯內嵌政策,請選擇 **Edit Policy (編輯政策)**。
1. 執行以下任意一項:
+ 選擇**視覺化**選項可變更政策,且無需了解 JSON 語法。您可以變更政策中每個許可區塊的服務、動作、資源或可選條件。您也可以匯入政策以在政策底部新增其他許可。完成變更後,選擇**下一步**以繼續。
+ 選擇 **JSON** 選項,可透過在 JSON 文字方塊中輸入或貼上文字來修改政策。您也可以匯入政策以在政策底部新增其他許可。解決[政策驗證](access_policies_policy-validator.md)期間產生的任何安全性警告、錯誤或一般性警告,然後選擇 **Next** (下一步)。若要儲存變更而不影響目前連接的實體,請清除 **Save as default version (儲存為預設版本)** 的核取方塊。
**注意**
您可以隨時切換**視覺化**與 **JSON** 編輯器選項。不過,如果您進行變更或在**視覺化**編輯器中選擇**下一步**,IAM 就可能會調整您的政策結構,以便針對視覺化編輯器進行最佳化。如需詳細資訊,請參閱[政策結構調整](troubleshoot_policies.md#troubleshoot_viseditor-restructure)。
1. 在**檢視**頁面上,查看政策摘要,然後選擇**儲存變更**以儲存您的工作。
------
# 編輯 IAM 政策 (AWS CLI)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS Command Line Interface (AWS CLI) 編輯*客戶受管政策*,且無法編輯 IAM. AWS managed *政策中的內嵌*政策。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
如需有關政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md) 和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
## 先決條件
變更政策的許可之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 編輯客戶受管政策 (AWS CLI)
您可以從 編輯客戶受管政策 AWS CLI。
**注意**
受管政策至多可有 5 個版本。如果您需要變更五個版本以上的客戶受管政策,則必須先刪除一個或多個現有版本。
**若要編輯客戶受管政策 (AWS CLI)**
1. (選用) 若要檢視關於政策的資訊,請執行下列命令:
+ 列出受管政策:[list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請執行下列命令:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色):
+ [list-entities-for-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/list-entities-for-policy.html)
+ 列出連接到身分的受管政策 (使用者、使用者群組或角色):
+ [list-attached-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-user-policies.html)
+ [list-attached-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-group-policies.html)
+ [list-attached-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-role-policies.html)
1. 若要編輯客戶受管政策,請執行下列命令:
+ [create-policy-version](https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy-version.html)
1. (選用) 若要驗證客戶受管政策,請執行下列 IAM Access Analyzer 命令:
+ [validate-policy](https://docs.aws.amazon.com/cli/latest/reference/accessanalyzer/validate-policy.html)
## 設定客戶管理政策的預設版本 (AWS CLI)
您可以從 設定客戶受管政策的預設版本 AWS CLI。
**若要設定客戶受管政策的預設版本 (AWS CLI)**
1. (選用) 若要列出受管政策,請執行下列命令:
+ [: list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
1. 若要設定客戶受管政策的預設版本,請執行下列命令:
+ [set-default-policy-version](https://docs.aws.amazon.com/cli/latest/reference/iam/set-default-policy-version.html)
## 刪除客戶管理政策的版本 (AWS CLI)
您可以透過 AWS CLI刪除客戶管理政策的版本。
**若要刪除客戶受管政策的版本 (AWS CLI)**
1. (選用) 若要列出受管政策,請執行下列命令:
+ [: list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
1. 若要刪除客戶受管政策,請執行下列命令:
+ [delete-policy-version](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-policy-version.html)
## 編輯內嵌政策 (AWS CLI)
您可以從 AWS CLI主控台中編輯內嵌政策。
**若要編輯內嵌政策 (AWS CLI)**
1. (選用) 若要檢視關於政策的資訊,請執行下列命令:
+ 若要列出與身分 (使用者、使用者群組或角色) 相關聯的內嵌政策:
+ [list-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-user-policies.html)
+ [list-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-role-policies.html)
+ [list-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-group-policies.html)
+ 若要取得關於內嵌政策的詳細資訊:
+ [get-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-user-policy.html)
+ [get-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-role-policy.html)
+ [get-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-group-policy.html)
1. 若要編輯內嵌政策,請執行下列命令:
+ [put-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-user-policy.html)
+ [put-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-role-policy.html)
+ [put-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/put-group-policy.html)
1. (選用) 若要驗證內嵌政策,請執行下列 IAM Access Analyzer 命令:
+ [validate-policy](https://docs.aws.amazon.com/cli/latest/reference/accessanalyzer/validate-policy.html)
# 編輯 IAM 政策 (AWS API)
[政策](access_policies.md)為一個實體,可定義其所連接的身分或資源的許可。您可以使用 AWS API 編輯*客戶受管政策*,且無法編輯 IAM. AWS managed *政策中的內嵌*政策。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
如需有關政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md) 和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
## 先決條件
變更政策的許可之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 編輯客戶受管政策 (AWS API)
您可以使用 AWS API 編輯客戶受管政策。
**注意**
受管政策至多可有 5 個版本。如果您需要變更五個版本以上的客戶受管政策,則必須先刪除一個或多個現有版本。
**編輯客戶受管政策 (AWS API)**
1. (選用) 若要檢視關於政策的資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請呼叫下列操作:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色):
+ [ListEntitiesForPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html)
+ 列出連接到身分的受管政策 (使用者、使用者群組或角色):
+ [ListAttachedUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html)
+ [ListAttachedGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html)
+ [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
1. 若要編輯客戶受管政策,請呼叫下列操作:
+ [CreatePolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html)
1. (選用) 若要驗證客戶受管政策,請呼叫下列 IAM Access Analyzer 操作:
+ [ValidatePolicy](https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ValidatePolicy.html)
## 設定客戶受管政策 (AWS API) 的預設版本
您可以從 AWS API 設定客戶受管政策的預設版本。
**設定客戶受管政策 (AWS API) 的預設版本**
1. (選用) 若要列出受管政策,請呼叫下列操作:
+ [ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
1. 若要設定客戶受管政策的預設版本,請呼叫下列操作:
+ [SetDefaultPolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html)
## 刪除客戶受管政策 (AWS API) 的版本
您可以從 AWS API 刪除客戶受管政策的版本。
**刪除客戶受管政策 (AWS API) 的版本**
1. (選用) 若要列出受管政策,請呼叫下列操作:
+ [ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
1. 若要刪除客戶受管政策,請呼叫下列操作:
+ [DeletePolicyVersion](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html)
## 編輯內嵌政策 (AWS API)
您可以從 AWS API 編輯內嵌政策。
**編輯內嵌政策 (AWS API)**
1. (選用) 若要檢視關於內嵌政策的資訊,請執行下列操作:
+ 若要列出與身分 (使用者、使用者群組或角色) 相關聯的內嵌政策:
+ [ListUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html)
+ [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html)
+ [ListGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html)
+ 若要取得關於內嵌政策的詳細資訊:
+ [GetUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html)
+ [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html)
+ [GetGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html)
1. 若要編輯內嵌政策,請執行下列操作:
+ [PutUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html)
+ [PutRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html)
+ [PutGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html)
1. (選用) 若要驗證內嵌政策,請執行下列 IAM Access Analyzer 操作:
+ [ValidatePolicy](https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ValidatePolicy.html)
# 刪除 IAM 政策
您可以使用 AWS 管理主控台、 AWS Command Line Interface (AWS CLI) 或 API 刪除 IAM AWS 政策。
**注意**
刪除 IAM 政策的動作具有永久性。刪除政策後,將無法復原。
如需有關 IAM 政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
如需有關受管與內嵌政策之間的差異的詳細資訊,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
**Topics**
+ [刪除 IAM 政策 (主控台)](access_policies_manage-delete-console.md)
+ [刪除 IAM 政策 (AWS CLI)](access_policies_manage-delete-cli.md)
+ [刪除 IAM 政策 (AWS API)](access_policies_manage-delete-api.md)
# 刪除 IAM 政策 (主控台)
您可以使用 AWS 管理主控台 刪除 IAM 中的*客戶受管政策和**內嵌政策*。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
**注意**
刪除 IAM 政策的動作具有永久性。刪除政策後,將無法復原。
如需有關 IAM 政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
如需有關受管與內嵌政策之間的差異的詳細資訊,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
## 先決條件
刪除政策之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 刪除 IAM 政策 (主控台)
當客戶管理政策已過時或不再符合組織的安全需求和存取控制需求時,您可能需要將其刪除。刪除不必要的政策可以降低與過時或未使用政策相關聯的潛在安全風險。您可以從 AWS 帳戶移除客戶管理政策。您無法刪除 AWS 受管政策。
------
#### [ Console ]
**刪除客戶管理政策**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇**政策**。
1. 選擇您要刪除的客戶管理政策旁的選項按鈕。您可以使用搜尋方塊來篩選政策清單。
1. 選擇 **動作**,然後選擇 **刪除**。
1. 遵循說明以確認您要刪除政策,然後選擇**刪除**。
------
## 刪除內嵌政策 (主控台)
當與某個內嵌政策直接連接的 IAM 使用者、群組或角色不再需要其授予的特定許可時,您可能需要刪除該內嵌政策。刪除不必要的內嵌政策有助於降低意外存取的風險,尤其是出於內嵌政策無法像受管政策那樣重複使用或跨多個身分共用的原因時。您可以刪除內嵌政策,將其從 中移除 AWS 帳戶。您無法刪除 AWS 受管政策。
------
#### [ Console ]
**刪除 IAM 使用者、群組或角色的內嵌政策**
1. 在服務導覽窗格中,選擇 **User groups** (使用者群組)、**Users** (使用者) 或者 **Roles** (角色)。
1. 選擇您要透過政策來刪除的使用者群組、使用者、或角色的名稱。然後選擇 **許可** 標籤。
1. 選取要刪除的政策旁的核取方塊,然後選擇**移除**。然後,在確認對話方塊中,確認移除和刪除該政策。
+ 若要刪除**使用者**或**角色**中的內嵌原則,請選擇**移除**以確認刪除。
+ 如果您要刪除 **使用者群組** 中的單一內嵌政策,請輸入政策的名稱,然後選擇 **刪除** 。如果您要刪除 **使用者群組** 中的多項內嵌政策,請輸入您要刪除的政策數量,後接 **inline policies**,然後選擇 **刪除** 。例如,如果您要刪除三個內嵌政策,請輸入 **3 inline policies**。
------
# 刪除 IAM 政策 (AWS CLI)
您可以使用 AWS Command Line Interface (AWS CLI) 在 IAM 中刪除*客戶受管政策和**內嵌政策*。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
**注意**
刪除 IAM 政策的動作具有永久性。刪除政策後,將無法復原。
如需有關 IAM 政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
如需有關受管與內嵌政策之間的差異的詳細資訊,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
## 先決條件
刪除政策之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 刪除客戶管理政策 (AWS CLI)
您可以從 AWS Command Line Interface刪除客戶受管政策。
**刪除客戶受管政策 (AWS CLI)**
1. (選用) 若要檢視關於政策的資訊,請執行下列命令:
+ 列出受管政策:[list-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies.html)
+ 取得關於受管政策的詳細資訊:[get-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請執行下列命令:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色),請執行以下命令:
+ [list-entities-for-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/list-entities-for-policy.html)
+ 若要列出連接到身分 (使用者、使用者群組或角色) 的受管政策,請執行下列其中一項命令:
+ [list-attached-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-user-policies.html)
+ [list-attached-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-group-policies.html)
+ [list-attached-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-attached-role-policies.html)
1. 若要刪除客戶受管政策,請執行下列命令:
+ [: delete-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-policy.html)
## 刪除內嵌政策 (AWS CLI)
您可以從 AWS CLI刪除內嵌政策。
**若要刪除內嵌政策 (AWS CLI)**
1. (選用) 若要列出連接到身分 (使用者、使用者群組或角色) 的所有內嵌政策,請使用下列其中一項命令:
+ [aws iam list-user-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-user-policies.html)
+ [aws iam list-group-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-group-policies.html)
+ [aws iam list-role-policies](https://docs.aws.amazon.com/cli/latest/reference/iam/list-role-policies.html)
1. (選用) 若要擷取嵌入到身分 (使用者、使用者群組或角色) 中的內嵌政策文件,請使用下列其中一項命令:
+ [aws iam get-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-user-policy.html)
+ [aws iam get-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-group-policy.html)
+ [aws iam get-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/get-role-policy.html)
1. 若要從身分中刪除內嵌政策 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請使用下列命令:
+ [aws iam delete-user-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-user-policy.html)
+ [aws iam delete-group-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-group-policy.html)
+ [aws iam delete-role-policy](https://docs.aws.amazon.com/cli/latest/reference/iam/delete-role-policy.html)
# 刪除 IAM 政策 (AWS API)
您可以使用 AWS API 在 IAM 中刪除*客戶受管政策和**內嵌政策*。 AWS 帳戶中 IAM 資源的數量和大小有限。如需詳細資訊,請參閱[IAM AWS STS 和配額](reference_iam-quotas.md)。
**注意**
刪除 IAM 政策的動作具有永久性。刪除政策後,將無法復原。
如需有關 IAM 政策結構和語法的詳細資訊,請參閱 [中的政策和許可 AWS Identity and Access Management](access_policies.md)和 [IAM JSON 政策元素參考](reference_policies_elements.md)。
如需有關受管與內嵌政策之間的差異的詳細資訊,請參閱 [受管政策與內嵌政策](access_policies_managed-vs-inline.md)。
## 先決條件
刪除政策之前,您應該檢閱其最近的服務層級活動。這很重要,因為您不希望從正在使用該許可的主體 (人員或應用程式) 中移除存取。如需有關檢視上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
## 刪除客戶受管政策 (AWS API)
您可以使用 AWS API 刪除客戶受管政策。
**刪除客戶受管政策 (AWS API)**
1. (選用) 若要檢視關於政策的資訊,請呼叫下列操作:
+ 列出受管政策:[ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)
+ 取得關於受管政策的詳細資訊:[GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)
1. (選用) 如果要了解的政策和身分之間的關係,請呼叫下列操作:
+ 若要列出受管政策所連接的身分 (IAM 使用者、IAM 群組和 IAM 角色),請呼叫以下操作:
+ [ListEntitiesForPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html)
+ 若要列出連接到身分的受管政策 (使用者、使用者群組或角色),請呼叫下列其中一項操作:
+ [ListAttachedUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html)
+ [ListAttachedGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html)
+ [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)
1. 若要刪除客戶受管政策,請呼叫下列操作:
+ [DeletePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html)
## 刪除內嵌政策 (AWS API)
您可以使用 AWS API 刪除內嵌政策。
**刪除內嵌政策 (AWS API)**
1. (選用) 若要列出連接到身分 (使用者、使用者群組或角色) 的所有內嵌政策,請呼叫下列其中一項操作:
+ [ListUserPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html)
+ [ListGroupPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html)
+ [ListRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html)
1. (選用) 若要擷取嵌入到身分 (使用者、使用者群組或角色) 中的內嵌政策文件,請呼叫下列其中一項操作:
+ [GetUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html)
+ [GetGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html)
+ [GetRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html)
1. 若要從身分中刪除內嵌政策 (非*[服務連結角色](id_roles.md#iam-term-service-linked-role)*的使用者、使用者群組或角色),請呼叫下列操作:
+ [DeleteUserPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html)
+ [DeleteGroupPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html)
+ [DeleteRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html)
# AWS 使用上次存取的資訊在 中精簡許可
身為管理員,您可能會為 IAM 資源 (角色、使用者、使用者群組或政策) 授予超出其所需範圍的許可。IAM 會提供上次存取的資訊,協助您識別未使用的許可,以便您移除這些許可。您可以使用上次存取的資訊來精細化政策,並僅允許存取 IAM 身分和政策所使用的服務和動作。這有助於您更加符合[最低許可的最佳實務。](best-practices.md#grant-least-privilege)您可以檢視 IAM 或 AWS Organizations中存在的身分或政策上次存取的資訊。
您可以透過未使用的存取權分析器持續監控上次存取的資訊。如需詳細資訊,請參閱[外部和未使用的存取權調查結果](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-findings.html)。
**Topics**
+ [IAM 上次存取的資訊類型](#access_policies_last-accessed-data-types)
+ [的上次存取資訊 AWS Organizations](#access_policies_last-accessed-orgs)
+ [關於上次存取資訊的注意事項](#access_policies_last-accessed-know)
+ [必要許可](#access_policies_last-accessed-permissions)
+ [IAM 和 AWS Organizations 實體的活動疑難排解](#access_policies_last-accessed-troubleshooting)
+ [其中 會 AWS 追蹤上次存取的資訊](#last-accessed_tracking-period)
+ [檢視 IAM 上次存取的資訊](access_policies_last-accessed-view-data.md)
+ [檢視 的上次存取資訊 AWS Organizations](access_policies_last-accessed-view-data-orgs.md)
+ [使用上次存取資訊的範例案例](access_policies_last-accessed-example-scenarios.md)
+ [IAM 動作最近存取的資訊服務和動作](access_policies_last-accessed-action-last-accessed.md)
## IAM 上次存取的資訊類型
您可以檢視 IAM 身分上次存取的兩種類型資訊:允許的 AWS 服務資訊和允許的動作資訊。該資訊包含嘗試存取 AWS API 的日期和時間。對於動作,上次存取的資訊會報告服務管理動作。管理動作包括建立、刪除和修改動作。若要進一步了解如何檢視上次存取 IAM 的資訊,請參閱 [檢視 IAM 上次存取的資訊](access_policies_last-accessed-view-data.md)。
如需有關使用上次存取的資訊以決定您授予 IAM 身分許可的案例,請參閱 [使用上次存取資訊的範例案例](access_policies_last-accessed-example-scenarios.md)。
若要深入瞭解如何提供管理動作資訊,請參閱[關於上次存取資訊的注意事項](#access_policies_last-accessed-know)。
## 的上次存取資訊 AWS Organizations
如果您使用管理帳戶登入資料登入,您可以檢視組織中 AWS Organizations 實體或政策的服務上次存取資訊。 AWS Organizations 實體包括組織根目錄、組織單位 OUs) 或帳戶。的上次存取資訊 AWS Organizations 包含服務控制政策 (SCP) 允許之服務的相關資訊。這些資訊會指出組織或帳戶中哪些主體 (根使用者、IAM 使用者或角色) 上次嘗試存取服務,以及何時存取服務。若要進一步了解報告以及如何檢視 的上次存取資訊 AWS Organizations,請參閱 [檢視 的上次存取資訊 AWS Organizations](access_policies_last-accessed-view-data-orgs.md)。
如需使用上次存取資訊來決定您授予 AWS Organizations 實體之許可的範例案例,請參閱 [使用上次存取資訊的範例案例](access_policies_last-accessed-example-scenarios.md)。
## 關於上次存取資訊的注意事項
在您使用報告上次存取的資訊來變更 IAM 身分或 AWS Organizations 實體的許可之前,請檢閱下列有關資訊的詳細資訊。
+ **追蹤期** – 最近的活動會在四小時內顯示在 IAM 主控台中。服務資訊的追蹤期至少為 400 天,具體視服務何時開始追蹤動作資訊而定。Amazon S3 動作資訊的追蹤期從 2020 年 4 月 12 日開始。Amazon EC2、IAM 和 Lambda 行動追蹤期由 2021 年 4 月 7 日開始。所有其他服務的追蹤期從 2023 年 5 月 23 日開始。如需檢視可使用動作上次存取資訊的服務清單,請參閱 [IAM 動作最近存取的資訊服務和動作](access_policies_last-accessed-action-last-accessed.md)。如需有關哪些區域提供動作上次存取資訊的更多資訊,請參閱 [其中 會 AWS 追蹤上次存取的資訊](#last-accessed_tracking-period)。
+ **報告的嘗試**次數 – 服務上次存取的資料包括存取 AWS API 的所有嘗試次數,而不只是成功嘗試次數。這包括使用 AWS 管理主控台、透過任何 SDKs AWS 的 API,或任何命令列工具進行的所有嘗試。在上次存取的服務相關資料中看到未預期的項目並不表示您的帳戶資訊洩露,因為請求可能已遭拒。請參閱您的 CloudTrail 日誌並將其作為有關所有 API 呼叫以及它們是成功還是被拒絕的存取的資訊的權威來源。
+ **PassRole** – 系統不會追蹤 `iam:PassRole` 動作,也不會將其包含在 IAM 動作上次存取的資訊中。
+ **動作上次存取的資訊** – 動作上次存取的資訊適用於由 IAM 身分存取的服務管理動作。檢視動作上次存取的報告資訊的[服務及其動作清單](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-action-last-accessed.html#access_policies_last-accessed-action-last-accessed-supported-actions)。
**注意**
動作上次存取的資訊無法用於所有資料平面事件。
+ **管理事件** – IAM 為 CloudTrail 記錄的服務管理事件提供動作資訊。有時候,CloudTrail 管理事件也被稱為控制平面操作或控制平面事件。管理事件可讓您了解在 資源上執行的管理操作 AWS 帳戶。若要深入了解 CloudTrail 中的管理事件,請參閱《AWS CloudTrail 使用者指南》**中的[記錄管理事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html)。
+ **報告擁有者** – 只有產生報告的主體才可以檢視報告詳細資訊。這表示當您檢視 中的資訊時 AWS 管理主控台,您可能需要等待它產生和載入。如果您使用 AWS CLI 或 AWS API 取得報告詳細資訊,您的登入資料必須符合產生報告的委託人登入資料。如果您使用角色或 AWS STS 聯合身分使用者主體的臨時登入資料,則必須在相同工作階段期間產生和擷取報告。如需有關擔任角色工作階段主體的詳細資訊,請參閱 [AWS JSON 政策元素: Principal](reference_policies_elements_principal.md)。
+ **IAM 資源** – IAM 上次存取的資訊,包括您的帳戶中的 IAM 資源 (角色、使用者、IAM 群組和政策)。的上次存取資訊 AWS Organizations 包括指定 AWS Organizations 實體中的主體 (IAM 使用者、IAM 角色或 AWS 帳戶根使用者)。上次存取的資訊不包括未驗證的嘗試。
+ **IAM 政策類型** – IAM 上次存取的資訊包含由 IAM 身分的政策所許可的服務。這些政策連接至角色或者直接或透過群組連接至使用者。您的報告不包含其他政策類型允許的存取。排除的政策類型包括以資源為基礎的政策、存取控制清單、 AWS Organizations SCP、IAM 許可邊界,以及工作階段政策。服務連結角色所提供的許可是由它們連結的服務所定義,而且無法在 IAM 中修改。若要進一步了解服務連結角色,請參閱[建立服務連結角色](id_roles_create-service-linked-role.md) 若要了解如何評估不同原則類型以允許或拒絕存取,請參閱[政策評估邏輯](reference_policies_evaluation-logic.md)。
+ **AWS Organizations 政策類型** – 的資訊僅 AWS Organizations 包含 AWS Organizations 實體的繼承服務控制政策 (SCPs) 允許的服務。SCP 是連接到根帳戶、OU 或帳戶的政策。您的報告不包含其他政策類型允許的存取。排除的政策類型包含身分類型政策、資源類型政策、存取控制清單、IAM 許可邊界,以及工作階段政策。若要了解如何評估不同的政策類型以允許或拒絕存取,請參閱[政策評估邏輯](reference_policies_evaluation-logic.md)。
+ **指定政策 ID** – 當您使用 AWS CLI 或 AWS API 為 中上次存取的資訊產生報告時 AWS Organizations,您可以選擇指定政策 ID。產生的報告包含僅由該政策允許的服務資訊。此資訊包含指定 AWS Organizations 實體或實體子項中最新的帳戶活動。如需詳細資訊,請參閱 [aws iam generate-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-organizations-access-report.html) 或 [GenerateOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html)。
+ **AWS Organizations 管理帳戶** – 您必須登入組織的管理帳戶,才能檢視服務上次存取的資訊。您可以選擇使用 IAM 主控台 AWS CLI、 或 AWS API 檢視管理帳戶的資訊。產生的報告會列出所有 AWS 服務,因為管理帳戶不受 SCPs限制。如果您指定的政策 ID 位於 CLI 或 API 中,便會忽略該政策。對於每個服務,報告包含僅適用於管理帳戶的資訊。不過,其他 AWS Organizations 實體的報告不會傳回管理帳戶中活動的資訊。
+ **AWS Organizations 設定** – 管理員必須在[組織根目錄中啟用 SCPs](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root),然後才能為 產生資料 AWS Organizations。
## 必要許可
若要在 中檢視上次存取的資訊 AWS 管理主控台,您必須擁有授予必要許可的政策。
### IAM 資訊的許可
若要使用 IAM 主控台檢視 IAM 使用者、角色或政策的上次存取資訊,您必須擁有一個包含下列動作的政策:
+ `iam:GenerateServiceLastAccessedDetails`
+ `iam:Get*`
+ `iam:List*`
這些許可允許使用者檢視下列項目:
+ 哪些使用者、群組或角色連接至[受管政策](https://docs.aws.amazon.com/glossary/latest/reference/glos-chap.html#managed_policy)
+ 使用者或角色可以存取哪些服務
+ 他們上一次存取該服務的時間
+ 他們上次嘗試使用特定的 Amazon EC2、IAM、Lambda 或 Amazon S3 動作的時間
若要使用 AWS CLI 或 AWS API 來檢視 IAM 的上次存取資訊,您必須具有符合您要使用之操作的許可:
+ `iam:GenerateServiceLastAccessedDetails`
+ `iam:GetServiceLastAccessedDetails`
+ `iam:GetServiceLastAccessedDetailsWithEntities`
+ `iam:ListPoliciesGrantingServiceAccess`
此範例會示範如何建立身分型政策,允許檢視 IAM 上次存取的資訊。此外,還允許對所有 IAM 的唯讀存取。此政策定義了程式設計和主控台存取的許可。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*"
],
"Resource": "*"
}
}
```
------
### AWS Organizations 資訊的許可
若要使用 IAM 主控台檢視 AWS Organizations中根、組織單位或帳戶實體的報告,您必須具有一個包含下列動作的政策:
+ `iam:GenerateOrganizationsAccessReport`
+ `iam:GetOrganizationsAccessReport`
+ `organizations:DescribeAccount`
+ `organizations:DescribeOrganization`
+ `organizations:DescribeOrganizationalUnit`
+ `organizations:DescribePolicy`
+ `organizations:ListChildren`
+ `organizations:ListParents`
+ `organizations:ListPoliciesForTarget`
+ `organizations:ListRoots`
+ `organizations:ListTargetsForPolicy`
若要使用 AWS CLI 或 AWS API 來檢視 的服務上次存取資訊 AWS Organizations,您必須擁有包含下列動作的政策:
+ `iam:GenerateOrganizationsAccessReport`
+ `iam:GetOrganizationsAccessReport`
+ `organizations:DescribePolicy`
+ `organizations:ListChildren`
+ `organizations:ListParents`
+ `organizations:ListPoliciesForTarget`
+ `organizations:ListRoots`
+ `organizations:ListTargetsForPolicy`
此範例示範如何建立身分型政策,允許檢視 的服務上次存取資訊 AWS Organizations。此外,它允許唯讀存取所有 AWS Organizations。此政策定義了程式設計和主控台存取的許可。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"iam:GenerateOrganizationsAccessReport",
"iam:GetOrganizationsAccessReport",
"organizations:Describe*",
"organizations:List*"
],
"Resource": "*"
}
}
```
------
您也可以使用 [iam:OrganizationsPolicyId](reference_policies_iam-condition-keys.md#ck_OrganizationsPolicyId) 條件金鑰,僅允許針對特定 AWS Organizations 政策產生報告。如需政策範例,請參閱 [IAM:檢視 AWS Organizations 政策的服務上次存取資訊](reference_policies_examples_iam_service-accessed-data-orgs.md)。
## IAM 和 AWS Organizations 實體的活動疑難排解
在某些情況下,您 AWS 管理主控台 上次存取的資訊表可能空白。或者,您的 AWS CLI 或 AWS API 請求會傳回空的資訊集或 null 欄位。在這些情況下,檢閱下列問題:
+ 對於上次存取的動作資訊,清單中可能不會傳回您預期看到的動作。這可能是因為 IAM 身分沒有 動作的許可,或 AWS 尚未追蹤上次存取資訊的動作。
+ 對於 IAM 使用者,請確定該使用者至少連接一個內嵌或受管政策,無論是直接或透過群組成員資格連接。
+ 對於 IAM 群組,請確認群組至少連接一個內嵌或受管政策。
+ 對於 IAM 群組,報告只會傳回使用群組的政策存取服務之成員的服務上次存取資訊。若要了解成員是否使用了其他政策,請檢閱該使用者的上次存取資訊。
+ 對於 IAM 角色,請確認角色至少連接一個內嵌或受管政策。
+ 對於 IAM 實體 (使用者或角色),請檢閱可能影響該實體之許可的其他政策類型。其中包括資源型政策、存取控制清單、 AWS Organizations 政策、IAM 許可界限或工作階段政策。如需詳細資訊,請參閱[政策類型](access_policies.md#access_policy-types)或[單一帳戶中請求的政策評估](reference_policies_evaluation-logic_policy-eval-basics.md)。
+ 對於 IAM 政策,請確定指定的受管政策已連接到至少一個使用者、內含成員的群組,或角色。
+ 對於 AWS Organizations 實體 (根、OU 或帳戶),請確定您使用 AWS Organizations 管理帳戶登入資料進行簽署。
+ 確定已在組織根目錄中啟用 [SCP](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)。
+ 動作上次存取的資訊僅適用於 [IAM 動作最近存取的資訊服務和動作](access_policies_last-accessed-action-last-accessed.md) 中列出的動作。
當您進行變更時,請等待至少 4 小時,活動才會顯示在您的 IAM 主控台報告中。如果您使用 AWS CLI 或 AWS API,則必須產生新的報告來檢視更新的資訊。
## 其中 會 AWS 追蹤上次存取的資訊
AWS 會收集標準 AWS 區域的上次存取資訊。當 AWS 新增其他區域時,這些區域會新增至下表,包括每個區域中 AWS 開始追蹤資訊的日期。
+ **服務資訊**:服務追蹤期至少為 400 天,如果區域在過去 400 天內開始追蹤此功能,則服務追蹤期會更短。
+ **動作資訊** – Amazon S3 管理動作的追蹤期從 2020 年 4 月 12 日開始。Amazon EC2、IAM 和 Lambda 管理行動追蹤期由 2021 年 4 月 7 日開始。所有其他服務的管理動作追蹤期從 2023 年 5 月 23 日開始。如果某區域的追蹤日期遲於 2023 年 5 月 23 日,則該區域的動作上次存取資訊將從較遲的日期開始。
| 區域名稱 | 區域 | 追蹤開始日期 |
| --- | --- | --- |
| 美國東部 (俄亥俄) | us-east-2 | 2017 年 10 月 27 日 |
| 美國東部 (維吉尼亞北部) | us-east-1 | 2015 年 10 月 1 日 |
| 美國西部 (加利佛尼亞北部) | us-west-1 | 2015 年 10 月 1 日 |
| 美國西部 (奧勒岡) | us-west-2 | 2015 年 10 月 1 日 |
| Africa (Cape Town) | af-south-1 | 2020 年 4 月 22 日 |
| 亞太地區 (香港) | ap-east-1 | 2019 年 4 月 24 日 |
| 亞太地區 (海德拉巴) | ap-south-2 | 2022 年 11 月 22 日 |
| 亞太地區 (雅加達) | ap-southeast-3 | 2021 年 12 月 13 日 |
| 亞太地區 (墨爾本) | ap-southeast-4 | 2023 年 1 月 23 日 |
| 亞太區域 (孟買) | ap-south-1 | 2016 年 6 月 27 日 |
| 亞太地區 (大阪) | ap-northeast-3 | 2018 年 2 月 11 日 |
| 亞太區域 (首爾) | ap-northeast-2 | 2016 年 1 月 6 日 |
| 亞太區域 (新加坡) | ap-southeast-1 | 2015 年 10 月 1 日 |
| 亞太區域 (雪梨) | ap-southeast-2 | 2015 年 10 月 1 日 |
| 亞太區域 (東京) | ap-northeast-1 | 2015 年 10 月 1 日 |
| 加拿大 (中部) | ca-central-1 | 2017 年 10 月 28 日 |
| 歐洲 (法蘭克福) | eu-central-1 | 2015 年 10 月 1 日 |
| 歐洲 (愛爾蘭) | eu-west-1 | 2015 年 10 月 1 日 |
| 歐洲 (倫敦) | eu-west-2 | 2017 年 10 月 28 日 |
| 歐洲 (米蘭) | eu-south-1 | 2020 年 4 月 28 日 |
| Europe (Paris) | eu-west-3 | 2017 年 12 月 18 日 |
| 歐洲 (西班牙) | eu-south-2 | 2022 年 11 月 15 日 |
| Europe (Stockholm) | eu-north-1 | 2018 年 12 月 12 日 |
| 歐洲 (蘇黎世) | eu-central-2 | 2022 年 11 月 8 日 |
| 以色列 (特拉維夫) | il-central-1 | 2023 年 8 月 1 日 |
| Middle East (Bahrain) | me-south-1 | 2019 年 7 月 29 日 |
| 中東 (阿拉伯聯合大公國) | me-central-1 | 2022 年 8 月 30 日 |
| 南美洲 (聖保羅) | sa-east-1 | 2015 年 12 月 11 日 |
| AWS GovCloud (美國東部) | us-gov-east-1 | 2023 年 7 月 1 日 |
| AWS GovCloud (美國西部) | us-gov-west-1 | 2023 年 7 月 1 日 |
如果某個區域未在上表中列出,則表示此區域尚不提供上次存取的相關資訊。
AWS 區域是地理區域中的 AWS 資源集合。區域會分組成分割區。標準區域是屬於該 `aws` 分區的區域。如需有關不同分割區的詳細資訊,請參閱 AWS 一般參考中的 [Amazon Resource Name (ARN) 格式](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-syntax)。如需區域的詳細資訊,請參閱 中的[關於 AWS 區域](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#region-what-is) AWS 一般參考。
# 檢視 IAM 上次存取的資訊
您可以使用 AWS 管理主控台 AWS CLI、 或 AWS API 檢視 IAM 的上次存取資訊。檢視顯示上次存取資訊的[服務及其動作清單](access_policies_last-accessed-action-last-accessed.md)。如需有關上次存取的資訊的詳細資訊,請參閱 [AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
您可以在 IAM 中檢視下列資源類型的資訊。在每個案例中,資訊涵蓋指定報告期間允許的服務:
+ **使用者** – 檢視使用者上一次嘗試存取每個允許服務的時間。
+ **使用者群組** – 檢視有關上一次使用者群組成員嘗試存取每個允許服務的資訊。此報告也包含曾嘗試存取的成員總數。
+ **角色** – 檢視上一次有人使用該角色嘗試存取每個允許服務的時間。
+ **政策** – 檢視有關上一次使用者或角色嘗試存取每個允許服務的資訊。此報告也包含曾嘗試存取的實體總數。
**注意**
在檢視 IAM 中的資源的存取資訊之前,請確定您了解報告期間、報告的實體,以及您資訊的評估政策類型。如需詳細資訊,請參閱 [關於上次存取資訊的注意事項](access_policies_last-accessed.md#access_policies_last-accessed-know)。
## 檢視 IAM 的資訊 (主控台)
您可以在 IAM 主控台的**上次存取**索引標籤上檢視 IAM 上次存取的資訊。
**檢視 IAM 的資訊 (主控台)**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 開啟 IAM 主控台。
1. 在導覽窗格中,選擇**使用者群組**、**使用者**、**角色**或**政策**。
1. 選擇任意使用者、使用者群組、角色或政策名稱以開啟其**摘要**頁面,然後選擇**上次存取**索引標籤。根據您選擇的資源,檢視下列資訊:
+ **使用者群組** – 檢視使用者群組成員可存取的服務清單。您也可以檢視成員上次存取服務的時間、他們使用的使用者群組政策,以及提出要求的使用者群組成員。選擇政策的名稱以了解其為受管政策或內嵌使用者群組政策。選擇使用者群組成員的名稱以檢視該使用者群組的所有成員,以及他們上次存取該服務的時間。
+ **使用者** – 檢視使用者可存取的服務清單。您也可以檢視他們上次存取服務的時間,以及目前與該名使用者關聯的政策有哪些。選擇政策的名稱,以了解該政策是受管政策、內嵌使用者政策還是使用者群組的內嵌政策。
+ **角色** – 檢視角色可存取的服務清單、角色上次存取該服務的時間,以及他們使用哪些政策。選擇政策的名稱以了解其為受管政策還是內嵌角色政策。
+ **政策** – 檢視政策中包含允許動作的服務清單。您也可以檢視上次使用政策來存取服務的時間,以及使用政策的實體 (使用者或角色)。**上次存取**日期也包含透過其他政策授予此政策存取權的時間。選擇實體的名稱以了解哪些實體有連接政策,以及它們上次存取服務的時間。
1. 在表格的**服務**欄中,選擇[其中一項包含動作上次存取資訊的服務](access_policies_last-accessed-action-last-accessed.md)之名稱,以檢視 IAM 實體嘗試存取的管理動作清單。您可以檢視 AWS 區域 和時間戳記,顯示上次有人嘗試執行動作的時間。
1. 針對[包含動作上次存取資訊的服務](access_policies_last-accessed-action-last-accessed.md),將為其服務和管理動作顯示**上次存取**欄。檢閱此欄中傳回的下列可能結果。這些結果取決於是否允許、是否存取服務或動作,以及是否由 追蹤 AWS 上次存取的資訊。
** 天前**
自追蹤期間內使用服務或動作之後的天數。服務的追蹤期為過去 400 天。Amazon S3 動作的追蹤期由 2020 年 4 月 12 日開始。Amazon EC2、IAM 和 Lambda 行動追蹤期由 2021 年 4 月 7 日開始。所有其他服務的追蹤期從 2023 年 5 月 23 日開始。若要進一步了解每個追蹤開始日期 AWS 區域,請參閱 [其中 會 AWS 追蹤上次存取的資訊](access_policies_last-accessed.md#last-accessed_tracking-period)。
**在追蹤期內未存取**
追蹤的服務或動作尚未由實體在追蹤期間內使用。
您可以擁有清單中未出現的動作許可。如果 AWS目前不包含動作的追蹤資訊,就可能發生這種情況。您不應該只根據有沒有追蹤資訊來決定許可。相反地,建議您使用此資訊來告知並支援授予最低權限的整體策略。檢查您的政策以確認存取層級是否適當。
## 檢視 IAM 的資訊 (AWS CLI)
您可以使用 AWS CLI 擷取上次使用 IAM 資源嘗試存取 AWS 服務和 Amazon S3、Amazon EC2、IAM 和 Lambda 動作的相關資訊。IAM 資源可以是使用者、使用者群組、角色或政策。
**檢視 IAM 的資訊 (AWS CLI)**
1. 產生報告。此請求必須包含您需要報告的 IAM 資源 (使用者、使用者群組、角色或政策) 的 ARN。您可以在報告中指定要產生的資料粒度層級,以檢視任一服務或同時檢視服務和動作的存取詳細資訊。它會傳回 `job-id`,然後您可將它用於 `get-service-last-accessed-details` 和 `get-service-last-accessed-details-with-entities` 操作以監控 `job-status`,直到任務完成。
+ [aws iam generate-service-last-accessed-details](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-service-last-accessed-details.html)
1. 使用上個步驟的 `job-id` 參數來擷取報告的詳細資訊。
+ [aws iam get-service-last-accessed-details](https://docs.aws.amazon.com/cli/latest/reference/iam/get-service-last-accessed-details.html)
根據您在 `generate-service-last-accessed-details` 操作中請求的資源類型與精細程度,此操作會傳回以下資訊:
+ **使用者** – 傳回指定的使用者可存取的服務清單。對於每個服務,此操作會傳回使用者最後一次嘗試的日期與時間,以及該使用者的 ARN。
+ **使用者群組** – 傳回指定使用者群組的成員可使用連接至該使用者群組的政策進行存取的服務清單。對於每個服務,此操作會傳回任何使用者群組成員最後一次嘗試的日期與時間。它也會傳回該使用者的 ARN 以及曾嘗試存取服務的使用者群組成員總數。使用 [GetServiceLastAccessedDetailsWithEntities](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html) 操作來擷取所有成員的清單。
+ **角色** – 傳回指定的角色可存取的服務清單。對於每個服務,此操作會傳回角色最後一次嘗試的日期與時間,以及該角色的 ARN。
+ **政策** – 傳回指定的政策允許存取的服務清單。對於每個服務,此操作會傳回實體 (使用者或角色) 上次使用政策來嘗試存取服務的日期和時間。它也會傳回實體的 ARN 以及嘗試存取的實體總數。
1. 進一步了解在嘗試存取特定服務時使用使用者群組或政策許可的實體。此操作會傳回實體清單,包括各實體的 ARN、ID、名稱、路徑、類型 (使用者或角色),以及它們最後一次嘗試存取服務的時間。您也可以針對使用者和角色使用此操作,但只會傳回有關該實體的資訊。
+ [aws iam get-service-last-accessed-details-with-entities](https://docs.aws.amazon.com/cli/latest/reference/iam/get-service-last-accessed-details-with-entities.html)
1. 進一步了解有關身分 (使用者、使用者群組或角色) 在嘗試存取特定服務時使用之以身分為基礎的政策。當您指定身分和服務時,此操作會傳回實體可用於存取指定服務的許可政策清單。此操作可提供政策的目前狀態,而且不倚賴產生的報告。它也不會傳回其他政策類型,例如以資源為基礎的政策、存取控制清單、 AWS Organizations 政策、IAM 許可邊界,或工作階段政策。如需詳細資訊,請參閱[政策類型](access_policies.md#access_policy-types)或[單一帳戶中請求的政策評估](reference_policies_evaluation-logic_policy-eval-basics.md)。
+ [aws iam list-policies-granting-service-access](https://docs.aws.amazon.com/cli/latest/reference/iam/list-policies-granting-service-access.html)
## 檢視 IAM (AWS API) 的資訊
您可以使用 AWS API 擷取上次使用 IAM 資源嘗試存取 AWS 服務和 Amazon S3、Amazon EC2、IAM 和 Lambda 動作的相關資訊。IAM 資源可以是使用者、使用者群組、角色或政策。您可以在報告中指定要產生的資料細微層級,以檢視任一服務或同時檢視服務和動作的詳細資訊。
**檢視 IAM (AWS API) 的資訊**
1. 產生報告。此請求必須包含您需要報告的 IAM 資源 (使用者、使用者群組、角色或政策) 的 ARN。它會傳回 `JobId`,然後您可將它用於 `GetServiceLastAccessedDetails` 和 `GetServiceLastAccessedDetailsWithEntities` 操作以監控 `JobStatus`,直到任務完成。
+ [GenerateServiceLastAccessedDetails](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html)
1. 使用上個步驟的 `JobId` 參數來擷取報告的詳細資訊。
+ [GetServiceLastAccessedDetails](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html)
根據您在 `GenerateServiceLastAccessedDetails` 操作中請求的資源類型與精細程度,此操作會傳回以下資訊:
+ **使用者** – 傳回指定的使用者可存取的服務清單。對於每個服務,此操作會傳回使用者最後一次嘗試的日期與時間,以及該使用者的 ARN。
+ **使用者群組** – 傳回指定使用者群組的成員可使用連接至該使用者群組的政策進行存取的服務清單。對於每個服務,此操作會傳回任何使用者群組成員最後一次嘗試的日期與時間。它也會傳回該使用者的 ARN 以及曾嘗試存取服務的使用者群組成員總數。使用 [GetServiceLastAccessedDetailsWithEntities](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html) 操作來擷取所有成員的清單。
+ **角色** – 傳回指定的角色可存取的服務清單。對於每個服務,此操作會傳回角色最後一次嘗試的日期與時間,以及該角色的 ARN。
+ **政策** – 傳回指定的政策允許存取的服務清單。對於每個服務,此操作會傳回實體 (使用者或角色) 上次使用政策來嘗試存取服務的日期和時間。它也會傳回實體的 ARN 以及嘗試存取的實體總數。
1. 進一步了解在嘗試存取特定服務時使用使用者群組或政策許可的實體。此操作會傳回實體清單,包括各實體的 ARN、ID、名稱、路徑、類型 (使用者或角色),以及它們最後一次嘗試存取服務的時間。您也可以針對使用者和角色使用此操作,但只會傳回有關該實體的資訊。
+ [GetServiceLastAccessedDetailsWithEntities](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html)
1. 進一步了解有關身分 (使用者、使用者群組或角色) 在嘗試存取特定服務時使用之以身分為基礎的政策。當您指定身分和服務時,此操作會傳回實體可用於存取指定服務的許可政策清單。此操作可提供政策的目前狀態,而且不倚賴產生的報告。它也不會傳回其他政策類型,例如以資源為基礎的政策、存取控制清單、 AWS Organizations 政策、IAM 許可邊界,或工作階段政策。如需詳細資訊,請參閱[政策類型](access_policies.md#access_policy-types)或[單一帳戶中請求的政策評估](reference_policies_evaluation-logic_policy-eval-basics.md)。
+ [ListPoliciesGrantingServiceAccess](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html)
# 檢視 的上次存取資訊 AWS Organizations
您可以使用 IAM AWS Organizations 主控台 AWS CLI或 AWS API 檢視服務上次存取的資訊。如需關於資料、必要許可、疑難排解及支援區域的重要資訊,請參閱[AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
當您使用 AWS Organizations 管理帳戶登入資料登入 IAM 主控台時,您可以檢視組織中任何實體的資訊。 AWS Organizations 實體包括組織根目錄、組織單位 OUs) 和帳戶。您也可以使用 IAM 主控台來檢視組織中任何服務控制政策 (SCP) 的資訊。IAM 會顯示套用至實體的 SCP 所允許的服務清單。對於每個服務,您可以檢視所選 AWS Organizations 實體或實體子系的最新帳戶活動資訊。
當您使用 AWS CLI 或 AWS API 搭配管理帳戶登入資料時,您可以為組織中的任何實體或政策產生報告。實體的程式設計報告包含套用至實體之任何 SCP 所允許的服務清單。對於每個服務,報告包含指定 AWS Organizations 實體或實體子目錄中的最新帳戶活動。
當您產生政策的程式設計報告時,您必須指定 AWS Organizations 實體。這份報告包含指定 SCP 所允許的服務清單。對於每個服務,其包含由政策授予許可之實體或實體子系的最新帳戶活動。如需詳細資訊,請參閱 [aws iam generate-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-organizations-access-report.html) 或 [GenerateOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html)。
檢視報告之前,請確認您了解管理帳戶需求和資訊、報告期間、回報實體和評估的政策類型。如需詳細資訊,請參閱 [關於上次存取資訊的注意事項](access_policies_last-accessed.md#access_policies_last-accessed-know)。
## 了解 AWS Organizations 實體路徑
當您使用 AWS CLI 或 AWS API 產生 AWS Organizations 存取報告時,您必須指定實體路徑。路徑是 AWS Organizations 實體結構的文字表示。
您可以使用組織已知的結構來建立實體路徑。例如,假設您在其中具有下列組織結構 AWS Organizations。
![\[組織路徑結構\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/ou-path-diagram.png)
**開發人員管理員** OU 的路徑是使用組織 ID、根目錄和路徑中所有的 OU 包含 OU。
```
o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-ghi0-awsccccc/ou-jkl0-awsddddd/
```
**生產** OU 中帳戶的路徑是使用組織、根、OU 和帳戶號碼的 ID 建立的。
```
o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-abc0-awsaaaaa/111111111111/
```
**注意**
組織 ID 是全域唯一,但 OU ID 和根 ID 只有在組織內是唯一。這表示沒有兩個組織共用相同的組織 ID。不過,另一個組織的 OU 或根可能與您的 ID 相同。我們建議您在指定 OU 或根時,一律包含組織 ID。
## 檢視 AWS Organizations (主控台) 的資訊
您可以使用 IAM 主控台檢視您的根目錄、OU、帳戶或政策的上次存取資訊。
**檢視根目錄的資訊 (主控台)**
1. AWS 管理主控台 使用 AWS Organizations 管理帳戶登入資料登入 ,然後開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格的 **Access reports (存取報告)** 區段下方,選擇 **Organization activity (組織活動)**。
1. 在 **Organization activity** (組織活動) 頁面,選擇 **Root** (根)。
1. 在 **Details and activity** (詳細資訊與活動) 索引標籤上檢視 **Service access report** (服務存取報告) 部分。該資訊包含直接連接至根目錄之政策所允許的服務清單。該資訊會為您顯示服務上次存取哪個帳戶的服務,以及存取時間。如需關於哪個主體存取服務的詳細資訊,請以該帳戶的管理員身分登入帳戶並[檢視 IAM 上次存取資訊](access_policies_last-accessed-view-data.md)。
1. 選擇 **Attached SCPs** (連接的 SCP) 索引標籤,檢視連接至根目錄的服務控制政策 (SCP) 清單。IAM 會顯示與每個政策連接的目標實體數量。您可以使用此資訊來決定要檢閱哪些 SCP。
1. 選擇 SCP 的名稱,以檢視政策允許的所有服務。對於每個服務,可從中檢視服務上次存取哪個帳戶的服務,以及存取時間。
1. 選擇在 **中編輯 AWS Organizations**以檢視其他詳細資訊,並在 AWS Organizations 主控台中編輯 SCP。如需詳細資訊,請參閱《AWS Organizations 使用者指南》**中的[更新 SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy)。
**檢視 OU 或帳戶的資訊 (主控台)**
1. AWS 管理主控台 使用 AWS Organizations 管理帳戶登入資料登入 ,然後開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格的 **Access reports (存取報告)** 區段下方,選擇 **Organization activity (組織活動)**。
1. 在 **Organization activity (組織活動)**頁面,展開組織的結構。然後,選擇 OU 或您要檢視任何帳戶的名稱 (管理帳戶除外)。
1. 在 **Details and activity** (詳細資訊與活動) 索引標籤上檢視 **Service access report** (服務存取報告) 部分。該資訊包含 SCP 允許的服務清單,而且這些 SCP 都連接至 OU 或帳戶*及其*所有父系。該資訊會為您顯示服務上次存取哪個帳戶的服務,以及存取時間。如需關於哪個主體存取服務的詳細資訊,請以該帳戶的管理員身分登入帳戶並[檢視 IAM 上次存取資訊](access_policies_last-accessed-view-data.md)。
1. 選擇 **Attached SCPs** (連接的 SCP) 索引標籤,檢視直接連接至 OU 或帳戶的服務控制政策 (SCP) 清單。IAM 會顯示與每個政策連接的目標實體數量。您可以使用此資訊來決定要檢閱哪些 SCP。
1. 選擇 SCP 的名稱,以檢視政策允許的所有服務。對於每個服務,可從中檢視服務上次存取哪個帳戶的服務,以及存取時間。
1. 選擇在 **中編輯 AWS Organizations**以檢視其他詳細資訊,並在 AWS Organizations 主控台中編輯 SCP。如需詳細資訊,請參閱《AWS Organizations 使用者指南》**中的[更新 SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy)。
**檢視管理帳戶的資訊 (主控台)**
1. AWS 管理主控台 使用 AWS Organizations 管理帳戶登入資料登入 ,然後開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格的 **Access reports (存取報告)** 區段下方,選擇 **Organization activity (組織活動)**。
1. 在 **Organization activity** (組織活動) 頁面,展開組織的結構,然後選擇管理帳戶的名稱。
1. 在 **Details and activity** (詳細資訊與活動) 索引標籤上檢視 **Service access report** (服務存取報告) 部分。這些資訊包括所有 AWS 服務的清單。管理帳戶不受 SCP 限制。該資訊會為您顯示帳戶上次是否存取服務,以及存取的時間。如需關於哪個主體存取服務的詳細資訊,請以該帳戶的管理員身分登入帳戶並[檢視 IAM 上次存取資訊](access_policies_last-accessed-view-data.md)。
1. 選擇 **Attached SCPs** (連接的 SCP) 索引標籤,以確認沒有任何連接的 SCP,因為帳戶就是管理帳戶。
**檢視政策的資訊 (主控台)**
1. AWS 管理主控台 使用 AWS Organizations 管理帳戶登入資料登入 ,然後開啟位於 https://[https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/) 的 IAM 主控台。
1. 在導覽窗格的 **Access reports (存取報告)** 區段下方,選擇 **Service control policies (SCPs) (服務控制政策 (SCP))**。
1. 在**Service control policies (SCPs) (服務控制政策 (SCP))** 頁面上,檢視組織的政策清單。您可以檢視每個政策連接的目標實體數量。
1. 選擇 SCP 的名稱,以檢視政策允許的所有服務。對於每個服務,可從中檢視服務上次存取哪個帳戶的服務,以及存取時間。
1. 選擇在 **中編輯 AWS Organizations**以檢視其他詳細資訊,並在 AWS Organizations 主控台中編輯 SCP。如需詳細資訊,請參閱《AWS Organizations 使用者指南》**中的[更新 SCP](https://docs.aws.amazon.com/organizations/latest/userguide/create-policy.html#update_policy)。
## 檢視 AWS Organizations (AWS CLI) 的資訊
您可以使用 AWS CLI 來擷取 AWS Organizations 根、OU、帳戶或政策的服務上次存取資訊。
**檢視 AWS Organizations 服務上次存取的資訊 (AWS CLI)**
1. 使用您的 AWS Organizations 管理帳戶登入資料搭配必要的 IAM 和 AWS Organizations 許可,並確認已為您的根目錄啟用 SCPs。如需詳細資訊,請參閱[關於上次存取資訊的注意事項](access_policies_last-accessed.md#access_policies_last-accessed-know)。
1. 產生報告。請求必須包含您想要報告之 AWS Organizations 實體 (根、OU 或帳戶) 的路徑。您可以選擇包含 `organization-policy-id` 參數,以檢視特定政策的報告。命令會傳回 `job-id`,然後您可將它用於 `get-organizations-access-report` 命令以監控 `job-status`,直到任務完成為止。
+ [aws iam generate-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/generate-organizations-access-report.html)
1. 使用上個步驟的 `job-id` 參數來擷取報告的詳細資訊。
+ [aws iam get-organizations-access-report](https://docs.aws.amazon.com/cli/latest/reference/iam/get-organizations-access-report.html)
此命令會傳回實體成員可以存取的服務清單。對於每個服務,命令會傳回帳戶成員上次嘗試存取的日期及時間,以及帳戶的實體路徑。它還會傳回可用來存取的服務數量,以及並未存取的服務數量。如果您指定選用的 `organizations-policy-id` 參數,則可存取的服務就是指定政策允許的服務。
## 檢視 AWS Organizations (AWS API) 的資訊
您可以使用 AWS API 來擷取根 AWS Organizations 、OU、帳戶或政策的服務上次存取資訊。
**檢視 AWS Organizations 服務上次存取資訊 (AWS API)**
1. 使用您的 AWS Organizations 管理帳戶登入資料搭配必要的 IAM 和 AWS Organizations 許可,並確認已為您的根目錄啟用 SCPs。如需詳細資訊,請參閱[關於上次存取資訊的注意事項](access_policies_last-accessed.md#access_policies_last-accessed-know)。
1. 產生報告。請求必須包含您想要報告之 AWS Organizations 實體 (根、OU 或帳戶) 的路徑。您可以選擇包含 `OrganizationsPolicyId` 參數,以檢視特定政策的報告。操作會傳回 `JobId`,您可將它用於 `GetOrganizationsAccessReport` 操作以監控 `JobStatus`,直到任務完成為止。
+ [GenerateOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html)
1. 使用上個步驟的 `JobId` 參數來擷取報告的詳細資訊。
+ [GetOrganizationsAccessReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html)
此操作會傳回實體成員可以存取的服務清單。對於每個服務,操作會傳回帳戶成員上次嘗試存取的日期及時間,以及帳戶的實體路徑。它還會傳回可用來存取的服務數量,以及並未存取的服務數量。如果您指定選用的 `OrganizationsPolicyId` 參數,則可存取的服務就是指定政策允許的服務。
# 使用上次存取資訊的範例案例
您可以使用上次存取的資訊,對您授予 IAM 實體的許可做出決策 AWS Organizations 。如需詳細資訊,請參閱[AWS 使用上次存取的資訊在 中精簡許可](access_policies_last-accessed.md)。
**注意**
在 IAM 或 中檢視實體或政策的存取資訊之前 AWS Organizations,請確定您了解資料的報告期間、報告的實體和評估的政策類型。如需詳細資訊,請參閱 [關於上次存取資訊的注意事項](access_policies_last-accessed.md#access_policies_last-accessed-know)。
身為管理員的您,可以在可存取性與最低權限取得平衡,以符合您公司的需求。
## 使用資訊減少 IAM 群組的許可
您可以使用上次存取資訊以減少 IAM 群組許可,使其僅包含您的使用者所需要的服務。此方法在服務等級的[授予最低權限](best-practices.md#grant-least-privilege)中是一個重要的步驟。
例如,Paulo Santos 是負責定義 Example Corp AWS 使用者許可的管理員。 此公司剛開始使用 AWS,軟體開發團隊尚未定義他們將使用 AWS 的服務。Paulo 打算僅提供該團隊所需服務的存取許可,但由於尚未定義相關服務,因此 Paulo 暫時提供該團隊進階使用者許可。然後,他會使用上次存取的資訊來減少群組的許可。
Paulo 使用以下 JSON 文字建立一個名為 `ExampleDevelopment` 的受管政策。然後,他將其連接至名為 `Development` 的群組,並將所有開發人員新增至該群組。
**注意**
Paulo 的進階使用者可能需要 `iam:CreateServiceLinkedRole` 許可才能使用某些服務和功能。他了解新增此許可會允許使用者建立任何服務連結的角色。他接受其進階使用者的這種風險。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "FullAccessToAllServicesExceptPeopleManagement",
"Effect": "Allow",
"NotAction": [
"iam:*",
"organizations:*"
],
"Resource": "*"
},
{
"Sid": "RequiredIamAndOrgsActions",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole",
"iam:ListRoles",
"organizations:DescribeOrganization"
],
"Resource": "*"
}
]
}
```
------
Paulo 決定在他[檢視上次存取資訊](access_policies_last-accessed-view-data.md#access_policies_last-accessed-viewing)前等待 90 天,然後讓 `Development` 群組使用 AWS 管理主控台。他檢視群組成員曾經存取的服務清單。他得知使用者在過去一週內存取了五個服務: AWS CloudTrail Amazon CloudWatch Logs AWS KMS、Amazon EC2 和 Amazon S3。他們在第一次評估時存取了其他一些服務 AWS,但之後卻無法存取。
Paulo 決定減少政策許可,只包含這五個服務以及必要的 IAM 和 AWS Organizations 動作。他使用以下 JSON 文字編輯 `ExampleDevelopment` 政策。
**注意**
Paulo 的進階使用者可能需要 `iam:CreateServiceLinkedRole` 許可才能使用某些服務和功能。他了解新增此許可會允許使用者建立任何服務連結的角色。他接受其進階使用者的這種風險。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "FullAccessToListedServices",
"Effect": "Allow",
"Action": [
"s3:*",
"kms:*",
"cloudtrail:*",
"logs:*",
"ec2:*"
],
"Resource": "*"
},
{
"Sid": "RequiredIamAndOrgsActions",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole",
"iam:ListRoles",
"organizations:DescribeOrganization"
],
"Resource": "*"
}
]
}
```
------
若要進一步減少許可,Paulo 可在 AWS CloudTrail **Event history (事件歷程記錄)** 中檢視帳戶的事件。他可在此檢視詳細的事件資訊,以用於減少政策的許可,使其僅包含開發人員需要的動作和資源。如需詳細資訊,請參閱《AWS CloudTrail 使用者指南》**中的[在 CloudTrail 主控台中檢視 CloudTrail 事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html)。
## 使用資訊減少 IAM 使用者的許可
您可以使用上次存取資訊,以減少個別 IAM 使用者的許可。
例如,Martha Rivera 是 IT 管理員,負責確保其公司中的人員沒有多餘的 AWS 許可。在定期安全性檢查中,她會檢查所有 IAM 使用者的許可。在這些使用者中,有一位名為 Nikhil Jayashankar 的應用程式開發人員,過去曾經擔任安全工程師。因為任務需求的變更,Nikhil 同時是 `app-dev` 群組和 `security-team` 群組的成員。`app-dev` 群組為其新任務授予多項服務的許可,包括 Amazon EC2、Amazon EBS、Auto Scaling、Amazon S3、Route 53 和 Elastic Transcoder。他的舊任務的 `security-team` 群組授予 IAM 與 CloudTrail 的許可。
作為管理員,Martha 登入 IAM 主控台,依序選擇**使用者**、名稱 `nikhilj`,然後選擇**上次存取**索引標籤。
Martha 會檢閱**上次存取的資料**欄,並注意到 Nikhil 最近未存取 IAM、CloudTrail、Route 53、Amazon Elastic Transcoder 和許多 AWS 其他服務。Nikhil 已經存取 Amazon S3。Martha 從服務清單中選擇 **S3**,並得知 Nikhil 在過去兩週內執行了一些 Amazon S3 `List` 動作。Martha 確認 Nikhil 在她的公司中不再需要存取 IAM 與 CloudTrail,因為他不再是內部安全團隊的成員。
Martha 現在已經準備好對服務採取行動,並採取行動上次存取的資訊。不過,不同於先前範例中的群組,像是 `nikhilj` 這樣的 IAM 使用者可能會受到多個政策的約束,並且可能是多個群組的成員。Martha 必須小心處理以避免不慎中斷 `nikhilj` 或其他群組成員的存取。除了了解 Nikhil 應有哪些存取,她也必須判斷 Nikhil 應*如何*接收這些許可。
Martha 選擇 **Permissions (許可)** 標籤,她檢視哪些政策直接連接至 `nikhilj`,以及從群組連接的政策。她展開每個政策並檢視政策摘要,以了解哪個政策允許 Nikhil 存取他沒有在使用的服務:
+ IAM – `IAMFullAccess` AWS 受管政策會直接連接至 `nikhilj` 群組`security-team`。
+ CloudTrail – `AWS CloudTrailReadOnlyAccess` AWS 受管政策會連接到 `security-team`群組。
+ Route 53 – `App-Dev-Route53` 客戶受管政策連接至 `app-dev` 群組。
+ Elastic Transcoder – `App-Dev-ElasticTranscoder` 客戶受管政策連接至 `app-dev` 群組。
Martha 決定移除直接連接到 的`IAMFullAccess` AWS 受管政策`nikhilj`。她也移除 Nikhil 的 `security-team` 群組成員資格。這兩個動作移除了不必要的 IAM 與 CloudTrail 存取。
Nikhil 存取 Route 53 和 Elastic Transcoder 的許可是由 `app-dev` 群組所授予。雖然 Nikhil 沒有使用這些服務,但群組的其他成員可能會使用。Martha 會檢閱 `app-dev` 群組上次存取的資訊,並得知多位成員最近存取 Route 53 和 Amazon S3。但在去年沒有任何群組成員存取過 Elastic Transcoder。她從群組移除 `App-Dev-ElasticTranscoder` 客戶受管政策。
然後,Martha 檢閱了 `App-Dev-ElasticTranscoder` 客戶受管政策的上次存取資訊。她發現該政策未連接至任何其他 IAM 身分。她在公司內部進行調查以確定未來不需要此政策,然後將此政策刪除。
## 刪除 IAM 資源前使用資訊
您可以在刪除 IAM 資源之前使用上次存取資訊,以確保在最後一次有人使用該資源之後已經過一段特定的時間。這適用於使用者、群組、角色及政策。若要進一步了解這些動作的詳細資訊,請參閱下列主題:
+ **IAM 使用者** – [移除或停用 IAM 使用者](id_users_remove.md)
+ **群組** – [刪除 IAM 群組](id_groups_manage_delete.md)
+ **角色** – [刪除角色或執行個體設定檔](id_roles_manage_delete.md)
+ **政策** – [刪除 IAM 政策 (這也會從身分中分開政策)](access_policies_manage-delete.md)
## 編輯 IAM 政策前使用資訊
您可以在編輯會影響該資源的政策之前,檢閱上次存取資訊中的 IAM 身分 (使用者、群組或角色) 或 IAM 政策。這是重要的,因為您不會想要移除使用該政策者的存取權。
例如,Arnav Desai 是 Example Corp. 的開發人員和 AWS 管理員。 當他的團隊開始使用 時 AWS,他們會授予所有開發人員進階使用者存取權,讓他們能夠完整存取 IAM 和 以外的所有服務 AWS Organizations。做為[授予最低權限](best-practices.md#grant-least-privilege)的第一步,Arnav 希望使用 AWS CLI 檢閱其帳戶中的受管政策。
因此,Arnav 首先列出其帳戶中連接至身分的客戶受管許可政策,他使用下列命令:
```
aws iam list-policies --scope Local --only-attached --policy-usage-filter PermissionsPolicy
```
他從回應中擷取每個政策的 ARN。然後,Arnav 使用下列命令,為每個政策產生上次存取資訊的報告。
```
aws iam generate-service-last-accessed-details --arn arn:aws:iam::123456789012:policy/ExamplePolicy1
```
從回應中,他從 `JobId` 欄位擷取所產生報告的 ID。然後,Arnav 輪詢下列命令,直到 `JobStatus` 欄位傳回 `COMPLETED` 或 `FAILED` 值。如果任務失敗,他將會擷取錯誤。
```
aws iam get-service-last-accessed-details --job-id 98a765b4-3cde-2101-2345-example678f9
```
當任務的狀態為 `COMPLETED` 時,Arnav 剖析 JSON 格式 `ServicesLastAccessed` 陣列的內容。
```
"ServicesLastAccessed": [
{
"TotalAuthenticatedEntities": 1,
"LastAuthenticated": 2018-11-01T21:24:33.222Z,
"ServiceNamespace": "dynamodb",
"LastAuthenticatedEntity": "arn:aws:iam::123456789012:user/IAMExampleUser",
"ServiceName": "Amazon DynamoDB"
},
{
"TotalAuthenticatedEntities": 0,
"ServiceNamespace": "ec2",
"ServiceName": "Amazon EC2"
},
{
"TotalAuthenticatedEntities": 3,
"LastAuthenticated": 2018-08-25T15:29:51.156Z,
"ServiceNamespace": "s3",
"LastAuthenticatedEntity": "arn:aws:iam::123456789012:role/IAMExampleRole",
"ServiceName": "Amazon S3"
}
]
```
Arnav 透過此資訊發現 `ExamplePolicy1` 政策允許存取三項服務、Amazon DynamoDB、Amazon S3 和 Amazon EC2。名為 `IAMExampleUser` 的 IAM 使用者與 11 月 1 日最後一次嘗試存取 DynamoDB,另有某人於 8 月 25 日使用了 `IAMExampleRole` 角色嘗試存取 Amazon S3。另有兩個實體在過去一年嘗試存取 Amazon S3。不過,過去一年無人嘗試存取 Amazon EC2。
這表示 Arnav 可以安全地從政策中移除 Amazon EC2 動作。Arnav 想要檢閱該政策目前的 JSON 文件。首先,他必須使用以下命令判斷政策的版本號碼。
```
aws iam list-policy-versions --policy-arn arn:aws:iam::123456789012:policy/ExamplePolicy1
```
Arnav 從回應中的 `Versions` 陣列收集到目前的預設版本號碼。然後,他使用該版本號碼 (`v2`) 以及以下命令請求 JSON 政策文件。
```
aws iam get-policy-version --policy-arn arn:aws:iam::123456789012:policy/ExamplePolicy1 --version-id v2
```
Arnav 將傳回的 JSON 政策文件存放於 `Document` 陣列的 `PolicyVersion` 欄位。在政策文件中,Arnav 搜尋 `ec2` 命名空間中的動作。如果政策中沒有來自其他命名空間的動作,他將會分開政策與受影響的身分 (使用者、群組和角色)。而後他會刪除政策。在這種情況下,政策並包含 Amazon DynamoDB 與 Amazon S3 服務。因此,Arnav 會從文件中移除 Amazon EC2 動作,並儲存變更。然後,他使用下列命令來更新使用新文件版本的政策,然後將該版本設定為預設的政策版本。
```
aws iam create-policy-version --policy-arn arn:aws:iam::123456789012:policy/ExamplePolicy1 --policy-document file://UpdatedPolicy.json --set-as-default
```
`ExamplePolicy1` 政策現在已更新,以移除不必要 Amazon EC2 服務的存取權。
## 其他 IAM 案例
有關 IAM 資源 (使用者、群組、角色或政策) 上次嘗試存取服務時間的資訊,可在您完成下列任一項任務時提供協助:
+ **政策** – [編輯現有的客戶受管政策或內嵌政策以移除許可](access_policies_manage-edit.md)
+ **政策** – [將內嵌政策轉換為受管政策,然後刪除它](access_policies-convert-inline-to-managed.md)
+ **政策** – [將明確拒絕新增至現有的政策](reference_policies_evaluation-logic_AccessPolicyLanguage_Interplay.md)
+ **政策** – [從身分 (使用者、群組或角色) 分開受管政策](access_policies_manage-attach-detach.md#detach-managed-policy-console)
+ **實體** – [設定許可界限以控制實體 (使用者或角色) 可擁有的最大許可](access_policies_manage-attach-detach.md)
+ **群組** – [從群組移除使用者](id_groups_manage_add-remove-users.md)
## 使用資訊來調整組織單位的許可
您可以使用上次存取資訊,以強化 AWS Organizations中組織單位 (OU) 的許可。
例如,John Stiles 是 AWS Organizations 管理員。他負責確保公司中的人員 AWS 帳戶 沒有多餘的許可。在定期安全稽核中,他會檢查其組織的許可。他的 `Development` OU 包含帳戶,這類帳戶經常用於測試新的 AWS 服務。John 決定要定期檢查超過 180 天未存取的服務報告。然後,他的 OU 成員會移除存取那些服務的許可。
John 使用自己的管理帳戶憑證登入 IAM 主控台。在 IAM 主控台中,他找到 OU `Development` AWS Organizations 的資料。他檢閱**服務存取報告**表 AWS ,並看到兩個服務在超過他偏好的 180 天期間內未被存取。他記得新增許可,讓開發團隊存取 Amazon Lex 和 AWS Database Migration Service。John 聯絡開發團隊,並確認他們不再有測試這些服務的商業需求。
Martha 現在已經準備好對上次存取的資訊採取行動。他選擇 **Edit in AWS Organizations** (在 AWS Organizations中編輯),而且收到提醒,表示已將 SCP 連接至多個實體。他選擇 **Continue (繼續)**。在 中 AWS Organizations,他會檢閱目標,以了解 SCP 連接到哪些 AWS Organizations 實體。所有實體都位於 `Development` OU 內。
John 決定拒絕存取 Amazon Lex 和 `NewServiceTest` SCP 中的 AWS Database Migration Service 動作。這個動作移除了不必要的服務存取。
# IAM 動作最近存取的資訊服務和動作
下表列出顯示 [IAM 動作上次存取資訊](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed.html) AWS 的服務。如需每個服務的動作清單,請參閱《服務授權參考》中的[AWS 服務的動作、資源和條件索引鍵](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)。
AWS 提供 JSON 格式的動作上次存取資訊,以簡化政策管理工作流程的自動化。使用 服務參考資訊,您可以存取動作上次 AWS 服務 從機器可讀取檔案跨 存取的資訊。如需詳細資訊,請參閱 Service Authorization Reference 中的 [Simplified AWS 服務 information for programmatic access](https://docs.aws.amazon.com/service-authorization/latest/reference/service-reference.html)。
| **服務** | **服務前綴** |
| --- | --- |
| [AWS Identity and Access Management 和 Access Analyzer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamaccessanalyzer.html) | access-analyzer |
| [AWS 帳戶管理](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsaccountmanagement.html) | 帳戶 |
| [AWS Certificate Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscertificatemanager.html) | acm |
| [Amazon Managed Workflows for Apache Airflow](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedworkflowsforapacheairflow.html) | airflow |
| [AWS Amplify](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsamplify.html) | mplify |
| [AWS Amplify UI Builder](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsamplifyuibuilder.html) | amplifyuibuilder |
| [Amazon AppIntegrations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonappintegrations.html) | app-integrations |
| [AWS AppConfig](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappconfig.html) | appconfig |
| [Amazon AppFlow](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonappflow.html) | appflow |
| [AWS 應用程式成本分析器](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsapplicationcostprofilerservice.html) | application-cost-profiler |
| [Amazon CloudWatch Application Insights](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchapplicationinsights.html) | applicationinsights |
| [AWS App Mesh](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappmesh.html) | appmesh |
| [Amazon WorkSpaces 應用程式](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonappstream2.0.html) | appstream |
| [AWS AppSync](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappsync.html) | appsync |
| [Amazon Managed Service for Prometheus](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedserviceforprometheus.html) | aps |
| [Amazon Athena](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonathena.html) | athena |
| [AWS Audit Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsauditmanager.html) | auditmanager |
| [AWS Auto Scaling](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsautoscaling.html) | 自動擴展 |
| [AWS Marketplace](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplace.html) | aws-marketplace |
| [AWS Backup](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html) | 備份 |
| [AWS Batch](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbatch.html) | 批次 |
| [Amazon Braket](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbraket.html) | braket |
| [AWS Budgets](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbudgetservice.html) | 預算 |
| [AWS Cloud9](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloud9.html) | Cloud9 |
| [AWS CloudFormation](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudformation.html) | cloudformation |
| [Amazon CloudFront](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudfront.html) | cloudfront |
| [AWS CloudHSM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudhsm.html) | cloudhsm |
| [Amazon CloudSearch](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudsearch.html) | cloudsearch |
| [AWS CloudTrail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html) | cloudtrail |
| [Amazon CloudWatch](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html) | cloudwatch |
| [AWS CodeArtifact](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodeartifact.html) | codeartifact |
| [AWS CodeDeploy](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodedeploy.html) | codedeploy |
| [Amazon CodeGuru Profiler](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncodeguruprofiler.html) | codeguru-profiler |
| [Amazon CodeGuru Reviewer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncodegurureviewer.html) | codeguru-reviewer |
| [AWS CodePipeline](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodepipeline.html) | codepipeline |
| [AWS CodeStar](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodestar.html) | codestar |
| [AWS CodeStar 通知](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodestarnotifications.html) | codestar-notifications |
| [Amazon Cognito 身分](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitoidentity.html) | cognito-identity |
| [Amazon Cognito 使用者集區](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitouserpools.html) | cognito-idp |
| [Amazon Cognito Sync](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncognitosync.html) | cognito-sync |
| [Amazon Comprehend Medical](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncomprehendmedical.html) | comprehendmedical |
| [AWS Compute Optimizer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscomputeoptimizer.html) | compute-optimizer |
| [AWS Config](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsconfig.html) | config |
| [Amazon Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html) | connect |
| [AWS Cost and Usage Report](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscostandusagereport.html) | cur |
| [AWS Glue DataBrew](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsgluedatabrew.html) | databrew |
| [AWS Data Exchange](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdataexchange.html) | dataexchange |
| [AWS Data Pipeline](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdatapipeline.html) | datapipeline |
| [DynamoDB Accelerator](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodbacceleratordax.html) | dax |
| [AWS Device Farm](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdevicefarm.html) | devicefarm |
| [Amazon DevOps Guru](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondevopsguru.html) | devops-guru |
| [AWS Direct Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdirectconnect.html) | directconnect |
| [Amazon Data Lifecycle Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondatalifecyclemanager.html) | dlm |
| [AWS Database Migration Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdatabasemigrationservice.html) | dms |
| [Amazon DocumentDB Elastic Clusters](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondocumentdbelasticclusters.html) | docdb-elastic |
| [Amazon DynamoDB](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html) | dynamodb |
| [Amazon Elastic Block Store](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticblockstore.html) | ebs |
| [Amazon Elastic Compute Cloud](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html) | ec2 |
| [Amazon Elastic Container Registry](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerregistry.html) | ecr |
| [Amazon Elastic Container Registry Public](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerregistrypublic.html) | ecr-public |
| [Amazon Elastic Container Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerservice.html) | ecs |
| [Amazon Elastic Kubernetes Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html) | eks |
| [Amazon ElastiCache](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticache.html) | elasticache |
| [AWS Elastic Beanstalk](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselasticbeanstalk.html) | elasticbeanstalk |
| [Amazon Elastic File System](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticfilesystem.html) | elasticfilesystem |
| [Elastic Load Balancing](https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html) | elasticloadbalancing |
| [Amazon Elastic Transcoder](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastictranscoder.html) | elastictranscoder |
| [Amazon EMR on EKS (EMR 容器)](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonemroneksemrcontainers.html) | emr-containers |
| [Amazon EMR Serverless](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonemrserverless.html) | emr-serverless |
| [Amazon OpenSearch Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonopensearchservice.html) | es |
| [Amazon EventBridge](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridge.html) | events |
| [Amazon CloudWatch Evidently](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchevidently.html) | evidently |
| [Amazon FinSpace](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfinspace.html) | finspace |
| [Amazon Data Firehose](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkinesisfirehose.html) | firehose |
| [AWS Fault Injection Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsfaultinjectionsimulator.html) | fis |
| [AWS Firewall Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsfirewallmanager.html) | fms |
| [Amazon Fraud Detector](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfrauddetector) | frauddetector |
| [Amazon FSx](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonfsx) | fsx |
| [Amazon GameLift 伺服器](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazongamelift) | gamelift |
| [Amazon Location Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlocation.html) | geo |
| [Amazon Glacier](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3glacier.html) | glacier |
| [Amazon Managed Grafana](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedgrafana.html) | grafana |
| [AWS IoT Greengrass](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotgreengrass.html) | greengrass |
| [AWS Ground Station](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsgroundstation.html) | groundstation |
| [Amazon GuardDuty](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonguardduty.html) | guardduty |
| [AWS HealthLake](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonhealthlake.html) | healthlake |
| [Amazon Honeycode](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonhoneycode.html) | honeycode |
| [AWS Identity and Access Management](https://docs.aws.amazon.com/service-authorization/latest/reference/list_identityandaccessmanagement.html) | iam |
| [AWS 身分存放區](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html) | identitystore |
| [EC2 Image Builder](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2imagebuilder.html) | imagebuilder |
| [Amazon Inspector Classic](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector.html) | inspector |
| [Amazon Inspector](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector2.html) | inspector2 |
| [AWS IoT](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | iot |
| [AWS IoT Analytics](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotanalytics.html) | iotanalytics |
| [AWS IoT Core Device Advisor](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotcoredeviceadvisor.html) | iotdeviceadvisor |
| [AWS IoT Events](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotevents.html) | iotevents |
| [AWS IoT Fleet Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotfleethubfordevicemanagement.html) | iotfleethub |
| [AWS IoT SiteWise](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotsitewise.html) | iotsitewise |
| [AWS IoT TwinMaker](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiottwinmaker.html) | iottwinmaker |
| [AWS IoT Wireless](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotwireless.html) | iotwireless |
| [Amazon Interactive Video Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninteractivevideoservice.html) | ivs |
| [Amazon Interactive Video Service Chat](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninteractivevideoservicechat.html) | ivschat |
| [Amazon Managed Streaming for Apache Kafka](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedstreamingforapachekafka.html) | kafka |
| [Amazon Managed Streaming for Kafka Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedstreamingforkafkaconnect.html) | kafkaconnect |
| [Amazon Kendra](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkendra.html) | kendra |
| [Amazon Kinesis](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkinesis.html) | kinesis |
| [Amazon Kinesis Analytics V2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkinesisanalyticsv2.html) | kinesisanalytics |
| [AWS Key Management Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awskeymanagementservice.html) | kms |
| [AWS Lambda](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html) | lambda |
| [Amazon Lex](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlexv2.html) | lex |
| [AWS License Manager Linux 訂閱管理員](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslicensemanagerlinuxsubscriptionsmanager.html) | license-manager-linux-subscriptions |
| [Amazon Lightsail](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlightsail.html) | lightsail |
| [Amazon CloudWatch Logs](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html) | 日誌 |
| [Amazon Lookout for Equipment](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlookoutforequipment.html) | lookoutequipment |
| [Amazon Lookout for Metrics](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlookoutformetrics.html) | lookoutmetrics |
| [Amazon Lookout for Vision](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlookoutforvision.html) | lookoutvision |
| [AWS Mainframe Modernization](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmainframemodernizationservice.html) | m2 |
| [Amazon Managed Blockchain](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedblockchain.html) | managedblockchain |
| [AWS Elemental MediaConnect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediaconnect.html) | mediaconnect |
| [AWS Elemental MediaConvert](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediaconvert.html) | mediaconvert |
| [AWS Elemental MediaLive](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmedialive.html) | medialive |
| [AWS Elemental MediaStore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediastore.html) | mediastore |
| [AWS Elemental MediaTailor](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediatailor.html) | mediatailor |
| [Amazon MemoryDB](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmemorydb.html) | memorydb |
| [AWS Application Migration Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsapplicationmigrationservice.html) | mgn |
| [AWS Migration Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmigrationhub.html) | mgh |
| [AWS Migration Hub 策略建議](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmigrationhubstrategyrecommendations.html) | migrationhub-strategy |
| [Amazon Pinpoint](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonpinpoint.html) | mobiletargeting |
| [Amazon MQ](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmq.html) | mq |
| [AWS Network Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsnetworkmanager.html) | networkmanager |
| [Amazon Nimble Studio](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonnimblestudio.html) | nimble |
| [AWS HealthOmics](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awshealthomics.html) | omics |
| [AWS OpsWorks](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsopsworks.html) | opsworks |
| [AWS OpsWorks CM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsopsworksconfigurationmanagement) | opsworks-cm |
| [AWS Outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsoutposts.html) | outposts |
| [AWS Organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html) | 組織 |
| [AWS Panorama](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awspanorama.html) | panorama |
| [AWS Performance Insights](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsperformanceinsights.html) | pi |
| [Amazon EventBridge Pipes](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridgepipes.html) | pipes |
| [Amazon Polly](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonpolly.html) | polly |
| [Amazon Connect Customer Profiles](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnectcustomerprofiles.html) | profile |
| [Amazon QLDB](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonqldb.html) | qldb |
| [AWS Resource Access Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresourceaccessmanager.html) | ram |
| [AWS 資源回收筒](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsrecyclebin.html) | rbin |
| [Amazon Relational Database Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonrds.html) | rds |
| [Amazon Redshift](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html) | redshift |
| [Amazon Redshift 資料 API](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshiftdataapi.html) | redshift-data |
| [AWS Migration Hub Refactor Spaces](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmigrationhubrefactorspaces.html) | refactor-spaces |
| [Amazon Rekognition](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonrekognition.html) | rekognition |
| [AWS Resilience Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresiliencehub.html) | resiliencehub |
| [AWS 資源總管](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresourceexplorer.html) | resource-explorer-2 |
| [AWS Resource Groups](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsresourcegroups.html) | resource-groups |
| [AWS RoboMaker](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsrobomaker.html) | robomaker |
| [AWS Identity and Access Management Roles Anywhere](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementrolesanywhere.html) | rolesanywhere |
| [Amazon Route 53](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html) | route53 |
| [Amazon Route 53 Recovery Controls](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53recoverycontrols.html) | route53-recovery-control-config |
| [Amazon Route 53 Recovery Readiness](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53recoveryreadiness.html) | route53-recovery-readiness |
| [Amazon Route 53 Resolver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53resolver.html) | route53resolver |
| [AWS CloudWatch RUM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudwatchrum.html) | rum |
| [Amazon Simple Storage Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html) | s3 |
| [Amazon S3 on Outposts](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3onoutposts.html) | s3-outposts |
| [Amazon SageMaker AI 地理空間功能](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemakergeospatialcapabilities.html) | sagemaker-geospatial |
| [Savings Plans](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssavingsplans.html) | savingsplans |
| [Amazon EventBridge Schemas](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridgeschemas.html) | schemas |
| [Amazon SimpleDB](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsimpledb.html) | sdb |
| [AWS Secrets Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html) | secretsmanager |
| [AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html) | securityhub |
| [Amazon Security Lake](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsecuritylake.html) | securitylake |
| [AWS Serverless Application Repository](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsserverlessapplicationrepository.html) | serverlessrepo |
| [AWS Service Catalog](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsservicecatalog.html) | servicecatalog |
| [AWS Cloud Map](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudmap.html) | servicediscovery |
| [Service Quotas](https://docs.aws.amazon.com/service-authorization/latest/reference/list_servicequotas.html) | servicequotas |
| [Amazon Simple Email Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonses.html) | ses |
| [AWS Shield](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsshield.html) | shield |
| [AWS Signer](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssigner.html) | signer |
| [AWS SimSpace Weaver](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssimspaceweaver.html) | simspaceweaver |
| [AWS Server Migration Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsservermigrationservice.html) | sms |
| [Amazon Pinpoint 簡訊和語音服務](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonpinpointsmsandvoiceservice.html) | sms-voice |
| [AWS Snowball Edge](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssnowball.html) | snowball |
| [Amazon Simple Queue Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsqs.html) | sqs |
| [AWS Systems Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanager.html) | ssm |
| [AWS Systems Manager Incident Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanagerincidentmanager.html) | ssm-incidents |
| [適用於 SAP 的 AWS Systems Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssystemsmanagerforsap.html) | ssm-sap |
| [AWS Step Functions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsstepfunctions.html) | states |
| [AWS Security Token Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html) | sts |
| [Amazon Simple Workflow Service](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsimpleworkflowservice.html) | swf |
| [Amazon CloudWatch Synthetics](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchsynthetics.html) | synthetics |
| [AWS Resource Groups Tagging API](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonresourcegrouptaggingapi.html) | 標籤 |
| [Amazon Textract](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazontextract.html) | textract |
| [Amazon Timestream](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazontimestream.html) | timestream |
| [AWS 電信網路建置器](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awstelconetworkbuilder.html) | tnb |
| [Amazon Transcribe](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazontranscribe.html) | transcribe |
| [AWS Transfer Family](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awstransferfamily.html) | 傳輸 |
| [Amazon Translate](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazontranslate.html) | translate |
| [Amazon Connect Voice ID](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnectvoiceid.html) | voiceid |
| [Amazon VPC Lattice](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonvpclattice.html) | vpc-lattice |
| [AWS WAFV2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswafv2.html) | wafv2 |
| [AWS Well-Architected Tool](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awswell-architectedtool.html) | wellarchitected |
| [Amazon Connect Wisdom](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnectwisdom.html) | wisdom |
| [Amazon WorkLink](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworklink.html) | worklink |
| [Amazon WorkSpaces](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspaces.html) | 工作區 |
| [AWS X-Ray](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsx-ray.html) | xray |
## 用於動作最近存取資訊的動作
下表會列出可使用動作最近存取資訊的動作。
**重要**
`iam:UpdateAccountName` 動作將於 2026 年 4 月 22 日棄用。2026 年 4 月 22 日之後,僅 `[account:PutAccountName](https://docs.aws.amazon.com/accounts/latest/reference/API_PutAccountName.html)` 許可能夠控制帳戶名稱更新存取權。我們強烈建議您更新所有控制帳戶名稱更新的[服務控制政策 (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html),以便使用 `account:PutAccountName` 許可。
| **服務前綴** | **動作** |
| --- | --- |
| access-analyzer | access-analyzer:ApplyArchiveRule access-analyzer:CancelPolicyGeneration access-analyzer:CheckAccessNotGranted access-analyzer:CheckNoNewAccess access-analyzer:CheckNoPublicAccess access-analyzer:CreateAccessPreview access-analyzer:CreateAnalyzer access-analyzer:CreateArchiveRule access-analyzer:DeleteAnalyzer access-analyzer:DeleteArchiveRule access-analyzer:GenerateFindingRecommendation access-analyzer:GetAccessPreview access-analyzer:GetAnalyzedResource access-analyzer:GetAnalyzer access-analyzer:GetArchiveRule access-analyzer:GetFinding access-analyzer:GetFindingRecommendation access-analyzer:GetFindingsStatistics access-analyzer:GetGeneratedPolicy access-analyzer:ListAccessPreviewFindings access-analyzer:ListAccessPreviews access-analyzer:ListAnalyzedResources access-analyzer:ListAnalyzers access-analyzer:ListArchiveRules access-analyzer:ListFindings access-analyzer:ListPolicyGenerations access-analyzer:StartPolicyGeneration access-analyzer:StartResourceScan access-analyzer:UpdateAnalyzer access-analyzer:UpdateArchiveRule access-analyzer:UpdateFindings access-analyzer:ValidatePolicy |
| 帳戶 | account:AcceptPrimaryEmailUpdate account:DeleteAlternateContact account:DisableRegion account:EnableRegion account:GetAccountInformation account:GetAlternateContact account:GetContactInformation account:GetGovCloudAccountInformation account:GetPrimaryEmail account:GetRegionOptStatus account:ListRegions account:PutAccountName account:PutAlternateContact account:PutContactInformation account:StartPrimaryEmailUpdate |
| acm | acm:DeleteCertificate acm:DescribeCertificate acm:ExportCertificate acm:GetAccountConfiguration acm:GetCertificate acm:ImportCertificate acm:ListCertificates acm:PutAccountConfiguration acm:RenewCertificate acm:RequestCertificate acm:ResendValidationEmail acm:UpdateCertificateOptions |
| airflow | airflow:CreateCliToken airflow:CreateEnvironment airflow:CreateWebLoginToken airflow:DeleteEnvironment airflow:GetEnvironment airflow:ListEnvironments airflow:PublishMetrics airflow:UpdateEnvironment |
| mplify | amplify:CreateApp amplify:CreateBackendEnvironment amplify:CreateBranch amplify:CreateDeployment amplify:CreateDomainAssociation amplify:CreateWebHook amplify:DeleteApp amplify:DeleteBackendEnvironment amplify:DeleteBranch amplify:DeleteDomainAssociation amplify:DeleteJob amplify:DeleteWebHook amplify:GenerateAccessLogs amplify:GetApp amplify:GetArtifactUrl amplify:GetBackendEnvironment amplify:GetBranch amplify:GetDomainAssociation amplify:GetJob amplify:GetWebHook amplify:ListApps amplify:ListArtifacts amplify:ListBackendEnvironments amplify:ListBranches amplify:ListDomainAssociations amplify:ListJobs amplify:ListWebHooks amplify:StartDeployment amplify:StartJob amplify:StopJob amplify:UpdateApp amplify:UpdateBranch amplify:UpdateDomainAssociation amplify:UpdateWebHook |
| amplifyuibuilder | amplifyuibuilder:CreateComponent amplifyuibuilder:CreateForm amplifyuibuilder:CreateTheme amplifyuibuilder:DeleteComponent amplifyuibuilder:DeleteForm amplifyuibuilder:DeleteTheme amplifyuibuilder:ExportComponents amplifyuibuilder:ExportThemes amplifyuibuilder:GetCodegenJob amplifyuibuilder:ListCodegenJobs amplifyuibuilder:ListComponents amplifyuibuilder:ListForms amplifyuibuilder:ListThemes amplifyuibuilder:ResetMetadataFlag amplifyuibuilder:StartCodegenJob amplifyuibuilder:UpdateComponent amplifyuibuilder:UpdateForm amplifyuibuilder:UpdateTheme |
| app-integrations | app-integrations:CreateApplication app-integrations:CreateDataIntegration app-integrations:CreateDataIntegrationAssociation app-integrations:CreateEventIntegration app-integrations:DeleteApplication app-integrations:DeleteDataIntegration app-integrations:DeleteEventIntegration app-integrations:GetApplication app-integrations:GetDataIntegration app-integrations:GetEventIntegration app-integrations:ListApplicationAssociations app-integrations:ListApplications app-integrations:ListDataIntegrationAssociations app-integrations:ListDataIntegrations app-integrations:ListEventIntegrationAssociations app-integrations:ListEventIntegrations app-integrations:UpdateApplication app-integrations:UpdateDataIntegration app-integrations:UpdateDataIntegrationAssociation app-integrations:UpdateEventIntegration |
| appconfig | appconfig:CreateApplication appconfig:CreateConfigurationProfile appconfig:CreateDeploymentStrategy appconfig:CreateEnvironment appconfig:CreateExtension appconfig:CreateExtensionAssociation appconfig:CreateHostedConfigurationVersion appconfig:DeleteApplication appconfig:DeleteConfigurationProfile appconfig:DeleteDeploymentStrategy appconfig:DeleteEnvironment appconfig:DeleteExtension appconfig:DeleteExtensionAssociation appconfig:DeleteHostedConfigurationVersion appconfig:GetAccountSettings appconfig:GetApplication appconfig:GetConfiguration appconfig:GetConfigurationProfile appconfig:GetDeployment appconfig:GetDeploymentStrategy appconfig:GetEnvironment appconfig:GetExtension appconfig:GetExtensionAssociation appconfig:GetHostedConfigurationVersion appconfig:ListApplications appconfig:ListConfigurationProfiles appconfig:ListDeploymentStrategies appconfig:ListDeployments appconfig:ListEnvironments appconfig:ListExtensionAssociations appconfig:ListExtensions appconfig:ListHostedConfigurationVersions appconfig:StartDeployment appconfig:StopDeployment appconfig:UpdateAccountSettings appconfig:UpdateApplication appconfig:UpdateConfigurationProfile appconfig:UpdateDeploymentStrategy appconfig:UpdateEnvironment appconfig:UpdateExtension appconfig:UpdateExtensionAssociation appconfig:ValidateConfiguration |
| appflow | appflow:CancelFlowExecutions appflow:CreateConnectorProfile appflow:CreateFlow appflow:DeleteConnectorProfile appflow:DeleteFlow appflow:DescribeConnector appflow:DescribeConnectorEntity appflow:DescribeConnectorProfiles appflow:DescribeConnectors appflow:DescribeFlow appflow:DescribeFlowExecutionRecords appflow:ListConnectorEntities appflow:ListConnectors appflow:ListFlows appflow:RegisterConnector appflow:ResetConnectorMetadataCache appflow:StartFlow appflow:StopFlow appflow:UnRegisterConnector appflow:UpdateConnectorProfile appflow:UpdateConnectorRegistration appflow:UpdateFlow |
| applicationinsights | applicationinsights:AddWorkload applicationinsights:CreateApplication applicationinsights:CreateComponent applicationinsights:CreateLogPattern applicationinsights:DeleteApplication applicationinsights:DeleteComponent applicationinsights:DeleteLogPattern applicationinsights:DescribeApplication applicationinsights:DescribeComponent applicationinsights:DescribeComponentConfiguration applicationinsights:DescribeComponentConfigurationRecommendation applicationinsights:DescribeLogPattern applicationinsights:DescribeObservation applicationinsights:DescribeProblem applicationinsights:DescribeProblemObservations applicationinsights:DescribeWorkload applicationinsights:ListApplications applicationinsights:ListComponents applicationinsights:ListConfigurationHistory applicationinsights:ListLogPatternSets applicationinsights:ListLogPatterns applicationinsights:ListProblems applicationinsights:ListWorkloads applicationinsights:RemoveWorkload applicationinsights:UpdateApplication applicationinsights:UpdateComponent applicationinsights:UpdateComponentConfiguration applicationinsights:UpdateLogPattern applicationinsights:UpdateWorkload |
| appmesh | appmesh:CreateGatewayRoute appmesh:CreateMesh appmesh:CreateRoute appmesh:CreateVirtualGateway appmesh:CreateVirtualNode appmesh:CreateVirtualRouter appmesh:CreateVirtualService appmesh:DeleteGatewayRoute appmesh:DeleteMesh appmesh:DeleteRoute appmesh:DeleteVirtualGateway appmesh:DeleteVirtualNode appmesh:DeleteVirtualRouter appmesh:DeleteVirtualService appmesh:DescribeGatewayRoute appmesh:DescribeMesh appmesh:DescribeRoute appmesh:DescribeVirtualGateway appmesh:DescribeVirtualNode appmesh:DescribeVirtualRouter appmesh:DescribeVirtualService appmesh:ListGatewayRoutes appmesh:ListMeshes appmesh:ListRoutes appmesh:ListVirtualGateways appmesh:ListVirtualNodes appmesh:ListVirtualRouters appmesh:ListVirtualServices appmesh:StreamAggregatedResources appmesh:UpdateGatewayRoute appmesh:UpdateMesh appmesh:UpdateRoute appmesh:UpdateVirtualGateway appmesh:UpdateVirtualNode appmesh:UpdateVirtualRouter appmesh:UpdateVirtualService |
| appstream | appstream:AssociateAppBlockBuilderAppBlock appstream:AssociateApplicationFleet appstream:AssociateApplicationToEntitlement appstream:AssociateFleet appstream:AssociateSoftwareToImageBuilder appstream:BatchAssociateUserStack appstream:BatchDisassociateUserStack appstream:CopyImage appstream:CreateAppBlock appstream:CreateAppBlockBuilder appstream:CreateAppBlockBuilderStreamingURL appstream:CreateApplication appstream:CreateDirectoryConfig appstream:CreateEntitlement appstream:CreateFleet appstream:CreateImageBuilder appstream:CreateImageBuilderStreamingURL appstream:CreateStack appstream:CreateStreamingURL appstream:CreateThemeForStack appstream:CreateUpdatedImage appstream:CreateUsageReportSubscription appstream:CreateUser appstream:DeleteAppBlock appstream:DeleteAppBlockBuilder appstream:DeleteApplication appstream:DeleteDirectoryConfig appstream:DeleteEntitlement appstream:DeleteFleet appstream:DeleteImage appstream:DeleteImageBuilder appstream:DeleteImagePermissions appstream:DeleteStack appstream:DeleteThemeForStack appstream:DeleteUsageReportSubscription appstream:DeleteUser appstream:DescribeAppBlockBuilderAppBlockAssociations appstream:DescribeAppBlockBuilders appstream:DescribeAppBlocks appstream:DescribeAppLicenseUsage appstream:DescribeApplicationFleetAssociations appstream:DescribeApplications appstream:DescribeDirectoryConfigs appstream:DescribeEntitlements appstream:DescribeFleets appstream:DescribeImageBuilders appstream:DescribeImagePermissions appstream:DescribeImages appstream:DescribeSessions appstream:DescribeStacks appstream:DescribeThemeForStack appstream:DescribeUsageReportSubscriptions appstream:DescribeUserStackAssociations appstream:DescribeUsers appstream:DisableUser appstream:DisassociateAppBlockBuilderAppBlock appstream:DisassociateApplicationFleet appstream:DisassociateApplicationFromEntitlement appstream:DisassociateFleet appstream:DisassociateSoftwareFromImageBuilder appstream:EnableUser appstream:ExpireSession appstream:GetExportImageTask appstream:ListAssociatedFleets appstream:ListAssociatedStacks appstream:ListEntitledApplications appstream:ListExportImageTasks appstream:StartAppBlockBuilder appstream:StartFleet appstream:StartImageBuilder appstream:StartSoftwareDeploymentToImageBuilder appstream:StopAppBlockBuilder appstream:StopFleet appstream:StopImageBuilder appstream:UpdateAppBlockBuilder appstream:UpdateApplication appstream:UpdateDirectoryConfig appstream:UpdateEntitlement appstream:UpdateFleet appstream:UpdateImagePermissions appstream:UpdateStack appstream:UpdateThemeForStack |
| appsync | appsync:AssociateApi appsync:AssociateMergedGraphqlApi appsync:AssociateSourceGraphqlApi appsync:AssociateWebACL appsync:CreateApi appsync:CreateApiCache appsync:CreateApiKey appsync:CreateChannelNamespace appsync:CreateDataSource appsync:CreateDomainName appsync:CreateFunction appsync:CreateGraphqlApi appsync:CreateResolver appsync:CreateType appsync:DeleteApi appsync:DeleteApiCache appsync:DeleteApiKey appsync:DeleteChannelNamespace appsync:DeleteDataSource appsync:DeleteDomainName appsync:DeleteFunction appsync:DeleteGraphqlApi appsync:DeleteResolver appsync:DeleteType appsync:DisassociateApi appsync:DisassociateMergedGraphqlApi appsync:DisassociateSourceGraphqlApi appsync:DisassociateWebACL appsync:EvaluateCode appsync:EvaluateMappingTemplate appsync:FlushApiCache appsync:GetApi appsync:GetApiAssociation appsync:GetApiCache appsync:GetChannelNamespace appsync:GetDataSource appsync:GetDataSourceIntrospection appsync:GetDomainName appsync:GetFunction appsync:GetGraphqlApi appsync:GetGraphqlApiEnvironmentVariables appsync:GetIntrospectionSchema appsync:GetResolver appsync:GetSchemaCreationStatus appsync:GetSourceApiAssociation appsync:GetType appsync:GetWebACLForResource appsync:ListApiKeys appsync:ListApis appsync:ListChannelNamespaces appsync:ListDataSources appsync:ListDomainNames appsync:ListFunctions appsync:ListGraphqlApis appsync:ListResolvers appsync:ListResolversByFunction appsync:ListResourcesForWebACL appsync:ListSourceApiAssociations appsync:ListTypes appsync:ListTypesByAssociation appsync:PutGraphqlApiEnvironmentVariables appsync:StartDataSourceIntrospection appsync:StartSchemaCreation appsync:StartSchemaMerge appsync:UpdateApi appsync:UpdateApiCache appsync:UpdateApiKey appsync:UpdateChannelNamespace appsync:UpdateDataSource appsync:UpdateDomainName appsync:UpdateFunction appsync:UpdateGraphqlApi appsync:UpdateResolver appsync:UpdateSourceApiAssociation appsync:UpdateType |
| aps | aps:CreateAlertManagerDefinition aps:CreateAnomalyDetector aps:CreateLoggingConfiguration aps:CreateQueryLoggingConfiguration aps:CreateRuleGroupsNamespace aps:CreateWorkspace aps:DeleteAlertManagerDefinition aps:DeleteAnomalyDetector aps:DeleteLoggingConfiguration aps:DeleteQueryLoggingConfiguration aps:DeleteResourcePolicy aps:DeleteRuleGroupsNamespace aps:DeleteScraper aps:DeleteScraperLoggingConfiguration aps:DeleteWorkspace aps:DescribeAlertManagerDefinition aps:DescribeAnomalyDetector aps:DescribeLoggingConfiguration aps:DescribeQueryLoggingConfiguration aps:DescribeResourcePolicy aps:DescribeRuleGroupsNamespace aps:DescribeScraper aps:DescribeScraperLoggingConfiguration aps:DescribeWorkspace aps:DescribeWorkspaceConfiguration aps:GetDefaultScraperConfiguration aps:ListAnomalyDetectors aps:ListRuleGroupsNamespaces aps:ListScrapers aps:ListWorkspaces aps:PutAlertManagerDefinition aps:PutAnomalyDetector aps:PutResourcePolicy aps:PutRuleGroupsNamespace aps:UpdateLoggingConfiguration aps:UpdateQueryLoggingConfiguration aps:UpdateScraper aps:UpdateScraperLoggingConfiguration aps:UpdateWorkspaceAlias aps:UpdateWorkspaceConfiguration |
| athena | athena:BatchGetNamedQuery athena:BatchGetPreparedStatement athena:BatchGetQueryExecution athena:CancelCapacityReservation athena:CreateCapacityReservation athena:CreateDataCatalog athena:CreateNamedQuery athena:CreateNotebook athena:CreatePreparedStatement athena:CreatePresignedNotebookUrl athena:CreateWorkGroup athena:DeleteCapacityReservation athena:DeleteDataCatalog athena:DeleteNamedQuery athena:DeleteNotebook athena:DeletePreparedStatement athena:DeleteWorkGroup athena:ExportNotebook athena:GetCalculationExecution athena:GetCalculationExecutionCode athena:GetCalculationExecutionStatus athena:GetCapacityAssignmentConfiguration athena:GetCapacityReservation athena:GetDataCatalog athena:GetDatabase athena:GetNamedQuery athena:GetNotebookMetadata athena:GetPreparedStatement athena:GetQueryExecution athena:GetQueryResults athena:GetQueryResultsStream athena:GetQueryRuntimeStatistics athena:GetResourceDashboard athena:GetSession athena:GetSessionEndpoint athena:GetSessionStatus athena:GetTableMetadata athena:GetWorkGroup athena:ImportNotebook athena:ListApplicationDPUSizes athena:ListCalculationExecutions athena:ListCapacityReservations athena:ListDataCatalogs athena:ListDatabases athena:ListEngineVersions athena:ListExecutors athena:ListNamedQueries athena:ListNotebookMetadata athena:ListNotebookSessions athena:ListPreparedStatements athena:ListQueryExecutions athena:ListSessions athena:ListTableMetadata athena:ListWorkGroups athena:PutCapacityAssignmentConfiguration athena:StartCalculationExecution athena:StartQueryExecution athena:StartSession athena:StopCalculationExecution athena:StopQueryExecution athena:TerminateSession athena:UpdateCapacityReservation athena:UpdateDataCatalog athena:UpdateNamedQuery athena:UpdateNotebook athena:UpdateNotebookMetadata athena:UpdatePreparedStatement athena:UpdateWorkGroup |
| auditmanager | auditmanager:AssociateAssessmentReportEvidenceFolder auditmanager:BatchAssociateAssessmentReportEvidence auditmanager:BatchCreateDelegationByAssessment auditmanager:BatchDeleteDelegationByAssessment auditmanager:BatchDisassociateAssessmentReportEvidence auditmanager:BatchImportEvidenceToAssessmentControl auditmanager:CreateAssessment auditmanager:CreateAssessmentFramework auditmanager:CreateAssessmentReport auditmanager:CreateControl auditmanager:DeleteAssessment auditmanager:DeleteAssessmentFramework auditmanager:DeleteAssessmentFrameworkShare auditmanager:DeleteAssessmentReport auditmanager:DeleteControl auditmanager:DeregisterAccount auditmanager:DeregisterOrganizationAdminAccount auditmanager:DisassociateAssessmentReportEvidenceFolder auditmanager:GetAccountStatus auditmanager:GetAssessment auditmanager:GetAssessmentFramework auditmanager:GetAssessmentReportUrl auditmanager:GetChangeLogs auditmanager:GetControl auditmanager:GetDelegations auditmanager:GetEvidence auditmanager:GetEvidenceByEvidenceFolder auditmanager:GetEvidenceFileUploadUrl auditmanager:GetEvidenceFolder auditmanager:GetEvidenceFoldersByAssessment auditmanager:GetEvidenceFoldersByAssessmentControl auditmanager:GetInsights auditmanager:GetInsightsByAssessment auditmanager:GetOrganizationAdminAccount auditmanager:GetServicesInScope auditmanager:GetSettings auditmanager:ListAssessmentControlInsightsByControlDomain auditmanager:ListAssessmentFrameworkShareRequests auditmanager:ListAssessmentFrameworks auditmanager:ListAssessmentReports auditmanager:ListAssessments auditmanager:ListControlDomainInsights auditmanager:ListControlDomainInsightsByAssessment auditmanager:ListControlInsightsByControlDomain auditmanager:ListControls auditmanager:ListKeywordsForDataSource auditmanager:ListNotifications auditmanager:RegisterAccount auditmanager:RegisterOrganizationAdminAccount auditmanager:StartAssessmentFrameworkShare auditmanager:UpdateAssessment auditmanager:UpdateAssessmentControl auditmanager:UpdateAssessmentControlSetStatus auditmanager:UpdateAssessmentFramework auditmanager:UpdateAssessmentFrameworkShare auditmanager:UpdateAssessmentStatus auditmanager:UpdateControl auditmanager:UpdateSettings auditmanager:ValidateAssessmentReportIntegrity |
| 自動擴展 | autoscaling:AttachInstances autoscaling:AttachLoadBalancerTargetGroups autoscaling:AttachLoadBalancers autoscaling:AttachTrafficSources autoscaling:BatchDeleteScheduledAction autoscaling:BatchPutScheduledUpdateGroupAction autoscaling:CancelInstanceRefresh autoscaling:CompleteLifecycleAction autoscaling:CreateAutoScalingGroup autoscaling:CreateLaunchConfiguration autoscaling:DeleteAutoScalingGroup autoscaling:DeleteLaunchConfiguration autoscaling:DeleteLifecycleHook autoscaling:DeleteNotificationConfiguration autoscaling:DeletePolicy autoscaling:DeleteScheduledAction autoscaling:DeleteWarmPool autoscaling:DescribeAccountLimits autoscaling:DescribeAdjustmentTypes autoscaling:DescribeAutoScalingGroups autoscaling:DescribeAutoScalingInstances autoscaling:DescribeAutoScalingNotificationTypes autoscaling:DescribeInstanceRefreshes autoscaling:DescribeLaunchConfigurations autoscaling:DescribeLifecycleHookTypes autoscaling:DescribeLifecycleHooks autoscaling:DescribeLoadBalancerTargetGroups autoscaling:DescribeLoadBalancers autoscaling:DescribeMetricCollectionTypes autoscaling:DescribeNotificationConfigurations autoscaling:DescribePolicies autoscaling:DescribeScalingActivities autoscaling:DescribeScalingProcessTypes autoscaling:DescribeScheduledActions autoscaling:DescribeTerminationPolicyTypes autoscaling:DescribeTrafficSources autoscaling:DescribeWarmPool autoscaling:DetachInstances autoscaling:DetachLoadBalancerTargetGroups autoscaling:DetachLoadBalancers autoscaling:DetachTrafficSources autoscaling:DisableMetricsCollection autoscaling:EnableMetricsCollection autoscaling:EnterStandby autoscaling:ExecutePolicy autoscaling:ExitStandby autoscaling:GetPredictiveScalingForecast autoscaling:PutLifecycleHook autoscaling:PutNotificationConfiguration autoscaling:PutScalingPolicy autoscaling:PutScheduledUpdateGroupAction autoscaling:PutWarmPool autoscaling:RecordLifecycleActionHeartbeat autoscaling:ResumeProcesses autoscaling:RollbackInstanceRefresh autoscaling:SetDesiredCapacity autoscaling:SetInstanceHealth autoscaling:SetInstanceProtection autoscaling:StartInstanceRefresh autoscaling:SuspendProcesses autoscaling:TerminateInstanceInAutoScalingGroup autoscaling:UpdateAutoScalingGroup |
| aws-marketplace | aws-marketplace:GetEntitlements |
| 備份 | backup:CancelLegalHold backup:CreateBackupPlan backup:CreateBackupSelection backup:CreateBackupVault backup:CreateFramework backup:CreateLegalHold backup:CreateLogicallyAirGappedBackupVault backup:CreateReportPlan backup:CreateRestoreAccessBackupVault backup:CreateRestoreTestingPlan backup:CreateRestoreTestingSelection 備份:CreateTieringConfiguration backup:DeleteBackupPlan backup:DeleteBackupSelection backup:DeleteBackupVault backup:DeleteBackupVaultAccessPolicy backup:DeleteBackupVaultLockConfiguration backup:DeleteBackupVaultNotifications backup:DeleteFramework backup:DeleteRecoveryPoint backup:DeleteReportPlan backup:DeleteRestoreTestingPlan backup:DeleteRestoreTestingSelection 備份:DeleteTieringConfiguration backup:DescribeBackupJob backup:DescribeBackupVault backup:DescribeCopyJob backup:DescribeFramework backup:DescribeGlobalSettings backup:DescribeProtectedResource backup:DescribeRecoveryPoint backup:DescribeRegionSettings backup:DescribeReportJob backup:DescribeReportPlan backup:DescribeRestoreJob 備份:DescribeScanJob backup:DisassociateRecoveryPoint backup:DisassociateRecoveryPointFromParent backup:ExportBackupPlanTemplate backup:GetBackupPlan backup:GetBackupPlanFromJSON backup:GetBackupPlanFromTemplate backup:GetBackupSelection backup:GetBackupVaultAccessPolicy backup:GetBackupVaultNotifications backup:GetLegalHold backup:GetRecoveryPointRestoreMetadata backup:GetRestoreJobMetadata backup:GetRestoreTestingInferredMetadata backup:GetRestoreTestingPlan backup:GetRestoreTestingSelection backup:GetSupportedResourceTypes 備份:GetTieringConfiguration backup:ListBackupJobSummaries backup:ListBackupJobs backup:ListBackupPlanTemplates backup:ListBackupPlanVersions backup:ListBackupPlans backup:ListBackupSelections backup:ListBackupVaults backup:ListCopyJobSummaries backup:ListCopyJobs backup:ListFrameworks backup:ListIndexedRecoveryPoints backup:ListLegalHolds backup:ListProtectedResources backup:ListRecoveryPointsByBackupVault backup:ListRecoveryPointsByLegalHold backup:ListRecoveryPointsByResource backup:ListReportJobs backup:ListReportPlans backup:ListRestoreAccessBackupVaults backup:ListRestoreJobSummaries backup:ListRestoreJobs backup:ListRestoreJobsByProtectedResource backup:ListRestoreTestingPlans backup:ListRestoreTestingSelections 備份:ListScanJobSummaries 備份:ListScanJobs 備份:ListTieringConfigurations backup:PutBackupVaultAccessPolicy backup:PutBackupVaultLockConfiguration backup:PutBackupVaultNotifications backup:PutRestoreValidationResult backup:StartBackupJob backup:StartCopyJob backup:StartReportJob backup:StartRestoreJob backup:StopBackupJob backup:UpdateBackupPlan backup:UpdateFramework backup:UpdateGlobalSettings backup:UpdateRecoveryPointLifecycle backup:UpdateRegionSettings backup:UpdateReportPlan backup:UpdateRestoreTestingPlan backup:UpdateRestoreTestingSelection 備份:UpdateTieringConfiguration |
| 批次 | batch:CancelJob batch:CreateComputeEnvironment batch:CreateConsumableResource batch:CreateJobQueue batch:CreateSchedulingPolicy batch:CreateServiceEnvironment batch:DeleteComputeEnvironment batch:DeleteConsumableResource batch:DeleteJobQueue batch:DeleteSchedulingPolicy batch:DeleteServiceEnvironment batch:DeregisterJobDefinition batch:DescribeComputeEnvironments batch:DescribeConsumableResource batch:DescribeJobDefinitions batch:DescribeJobQueues batch:DescribeJobs batch:DescribeSchedulingPolicies batch:DescribeServiceEnvironments batch:DescribeServiceJob batch:GetJobQueueSnapshot batch:ListConsumableResources batch:ListJobs batch:ListJobsByConsumableResource batch:ListSchedulingPolicies batch:ListServiceJobs batch:RegisterJobDefinition batch:SubmitJob batch:SubmitServiceJob batch:TerminateJob batch:TerminateServiceJob batch:UpdateComputeEnvironment batch:UpdateConsumableResource batch:UpdateJobQueue batch:UpdateSchedulingPolicy batch:UpdateServiceEnvironment |
| braket | braket:CancelJob braket:CancelQuantumTask braket:CreateJob braket:CreateQuantumTask braket:CreateSpendingLimit braket:GetDevice braket:GetJob braket:GetQuantumTask braket:SearchDevices braket:SearchJobs braket:SearchQuantumTasks braket:SearchSpendingLimits |
| 預算 | budgets:CreateBudgetAction budgets:DeleteBudgetAction budgets:DescribeBudgetAction budgets:DescribeBudgetActionHistories budgets:DescribeBudgetActionsForAccount budgets:DescribeBudgetActionsForBudget budgets:ExecuteBudgetAction budgets:ModifyBudget budgets:UpdateBudgetAction budgets:ViewBudget |
| Cloud9 | cloud9:CreateEnvironmentEC2 cloud9:CreateEnvironmentMembership cloud9:DeleteEnvironment cloud9:DeleteEnvironmentMembership cloud9:DescribeEnvironmentMemberships cloud9:DescribeEnvironmentStatus cloud9:DescribeEnvironments cloud9:ListEnvironments cloud9:UpdateEnvironment cloud9:UpdateEnvironmentMembership |
| cloudformation | cloudformation:BatchDescribeTypeConfigurations cloudformation:CancelUpdateStack cloudformation:ContinueUpdateRollback cloudformation:CreateChangeSet cloudformation:CreateGeneratedTemplate cloudformation:CreateStack cloudformation:CreateStackInstances cloudformation:CreateStackSet cloudformation:DeactivateType cloudformation:DeleteChangeSet cloudformation:DeleteGeneratedTemplate cloudformation:DeleteStack cloudformation:DeleteStackInstances cloudformation:DeleteStackSet cloudformation:DeregisterType cloudformation:DescribeAccountLimits cloudformation:DescribeChangeSet cloudformation:DescribeChangeSetHooks cloudformation:DescribeEvents cloudformation:DescribeGeneratedTemplate cloudformation:DescribeOrganizationsAccess cloudformation:DescribePublisher cloudformation:DescribeResourceScan cloudformation:DescribeStackDriftDetectionStatus cloudformation:DescribeStackEvents cloudformation:DescribeStackInstance cloudformation:DescribeStackResource cloudformation:DescribeStackResourceDrifts cloudformation:DescribeStackResources cloudformation:DescribeStackSet cloudformation:DescribeStackSetOperation cloudformation:DescribeStacks cloudformation:DescribeType cloudformation:DescribeTypeRegistration cloudformation:DetectStackDrift cloudformation:DetectStackResourceDrift cloudformation:DetectStackSetDrift cloudformation:EstimateTemplateCost cloudformation:ExecuteChangeSet cloudformation:GetGeneratedTemplate cloudformation:GetHookResult cloudformation:GetStackPolicy cloudformation:GetTemplate cloudformation:GetTemplateSummary cloudformation:ImportStacksToStackSet cloudformation:ListChangeSets cloudformation:ListExports cloudformation:ListGeneratedTemplates cloudformation:ListHookResults cloudformation:ListImports cloudformation:ListResourceScanRelatedResources cloudformation:ListResourceScanResources cloudformation:ListResourceScans cloudformation:ListStackInstanceResourceDrifts cloudformation:ListStackInstances cloudformation:ListStackRefactors cloudformation:ListStackResources cloudformation:ListStackSetAutoDeploymentTargets cloudformation:ListStackSetOperationResults cloudformation:ListStackSetOperations cloudformation:ListStackSets cloudformation:ListTypeRegistrations cloudformation:ListTypeVersions cloudformation:ListTypes cloudformation:PublishType cloudformation:RecordHandlerProgress cloudformation:RegisterPublisher cloudformation:RegisterType cloudformation:RollbackStack cloudformation:SetStackPolicy cloudformation:SetTypeConfiguration cloudformation:SetTypeDefaultVersion cloudformation:SignalResource cloudformation:StartResourceScan cloudformation:StopStackSetOperation cloudformation:TestType cloudformation:UpdateGeneratedTemplate cloudformation:UpdateStack cloudformation:UpdateStackInstances cloudformation:UpdateStackSet cloudformation:UpdateTerminationProtection cloudformation:ValidateTemplate |
| cloudfront | cloudfront:AssociateAlias cloudfront:AssociateDistributionTenantWebACL cloudfront:AssociateDistributionWebACL cloudfront:CreateCachePolicy cloudfront:CreateCloudFrontOriginAccessIdentity cloudfront:CreateConnectionFunction cloudfront:CreateContinuousDeploymentPolicy cloudfront:CreateDistributionTenant cloudfront:CreateFieldLevelEncryptionConfig cloudfront:CreateFieldLevelEncryptionProfile cloudfront:CreateFunction cloudfront:CreateInvalidation cloudfront:CreateKeyGroup cloudfront:CreateKeyValueStore cloudfront:CreateMonitoringSubscription cloudfront:CreateOriginAccessControl cloudfront:CreateOriginRequestPolicy cloudfront:CreatePublicKey cloudfront:CreateRealtimeLogConfig cloudfront:CreateResponseHeadersPolicy cloudfront:CreateTrustStore cloudfront:DeleteAnycastIpList cloudfront:DeleteCachePolicy cloudfront:DeleteCloudFrontOriginAccessIdentity cloudfront:DeleteConnectionFunction cloudfront:DeleteConnectionGroup cloudfront:DeleteContinuousDeploymentPolicy cloudfront:DeleteDistribution cloudfront:DeleteDistributionTenant cloudfront:DeleteFieldLevelEncryptionConfig cloudfront:DeleteFieldLevelEncryptionProfile cloudfront:DeleteFunction cloudfront:DeleteKeyGroup cloudfront:DeleteKeyValueStore cloudfront:DeleteMonitoringSubscription cloudfront:DeleteOriginAccessControl cloudfront:DeleteOriginRequestPolicy cloudfront:DeletePublicKey cloudfront:DeleteRealtimeLogConfig cloudfront:DeleteResponseHeadersPolicy cloudfront:DeleteStreamingDistribution cloudfront:DeleteTrustStore cloudfront:DeleteVpcOrigin cloudfront:DescribeFunction cloudfront:DescribeKeyValueStore cloudfront:DisassociateDistributionTenantWebACL cloudfront:DisassociateDistributionWebACL cloudfront:GetAnycastIpList cloudfront:GetCachePolicy cloudfront:GetCachePolicyConfig cloudfront:GetCloudFrontOriginAccessIdentity cloudfront:GetCloudFrontOriginAccessIdentityConfig cloudfront:GetContinuousDeploymentPolicy cloudfront:GetContinuousDeploymentPolicyConfig cloudfront:GetDistributionConfig cloudfront:GetFieldLevelEncryption cloudfront:GetFieldLevelEncryptionConfig cloudfront:GetFieldLevelEncryptionProfile cloudfront:GetFieldLevelEncryptionProfileConfig cloudfront:GetFunction cloudfront:GetInvalidation cloudfront:GetInvalidationForDistributionTenant cloudfront:GetKeyGroup cloudfront:GetKeyGroupConfig cloudfront:GetMonitoringSubscription cloudfront:GetOriginAccessControl cloudfront:GetOriginAccessControlConfig cloudfront:GetOriginRequestPolicy cloudfront:GetOriginRequestPolicyConfig cloudfront:GetPublicKey cloudfront:GetPublicKeyConfig cloudfront:GetRealtimeLogConfig cloudfront:GetResponseHeadersPolicy cloudfront:GetResponseHeadersPolicyConfig cloudfront:GetStreamingDistribution cloudfront:GetStreamingDistributionConfig cloudfront:GetVpcOrigin cloudfront:ListAnycastIpLists cloudfront:ListCachePolicies cloudfront:ListCloudFrontOriginAccessIdentities cloudfront:ListConflictingAliases cloudfront:ListConnectionFunctions cloudfront:ListConnectionGroups cloudfront:ListContinuousDeploymentPolicies cloudfront:ListDistributionTenants cloudfront:ListDistributionTenantsByCustomization cloudfront:ListDistributions cloudfront:ListDistributionsByAnycastIpListId cloudfront:ListDistributionsByCachePolicyId cloudfront:ListDistributionsByConnectionMode cloudfront:ListDistributionsByKeyGroup cloudfront:ListDistributionsByOriginRequestPolicyId cloudfront:ListDistributionsByRealtimeLogConfig cloudfront:ListDistributionsByResponseHeadersPolicyId cloudfront:ListDistributionsByVpcOriginId cloudfront:ListDistributionsByWebACLId cloudfront:ListFieldLevelEncryptionConfigs cloudfront:ListFieldLevelEncryptionProfiles cloudfront:ListFunctions cloudfront:ListInvalidations cloudfront:ListInvalidationsForDistributionTenant cloudfront:ListKeyGroups cloudfront:ListKeyValueStores cloudfront:ListOriginAccessControls cloudfront:ListOriginRequestPolicies cloudfront:ListPublicKeys cloudfront:ListRealtimeLogConfigs cloudfront:ListResponseHeadersPolicies cloudfront:ListStreamingDistributions cloudfront:ListTrustStores cloudfront:PublishConnectionFunction cloudfront:PublishFunction cloudfront:TestConnectionFunction cloudfront:TestFunction cloudfront:UpdateAnycastIpList cloudfront:UpdateCachePolicy cloudfront:UpdateCloudFrontOriginAccessIdentity cloudfront:UpdateConnectionFunction cloudfront:UpdateConnectionGroup cloudfront:UpdateContinuousDeploymentPolicy cloudfront:UpdateDistribution cloudfront:UpdateDistributionTenant cloudfront:UpdateFieldLevelEncryptionConfig cloudfront:UpdateFieldLevelEncryptionProfile cloudfront:UpdateFunction cloudfront:UpdateKeyGroup cloudfront:UpdateKeyValueStore cloudfront:UpdateOriginAccessControl cloudfront:UpdateOriginRequestPolicy cloudfront:UpdatePublicKey cloudfront:UpdateRealtimeLogConfig cloudfront:UpdateResponseHeadersPolicy cloudfront:UpdateTrustStore |
| cloudhsm | cloudhsm:CreateHsm cloudhsm:DeleteBackup cloudhsm:DeleteHsm cloudhsm:DeleteResourcePolicy cloudhsm:DescribeBackups cloudhsm:DescribeClusters cloudhsm:GetResourcePolicy cloudhsm:InitializeCluster cloudhsm:ModifyBackupAttributes cloudhsm:ModifyCluster cloudhsm:PutResourcePolicy cloudhsm:RestoreBackup |
| cloudsearch | cloudsearch:BuildSuggesters cloudsearch:CreateDomain cloudsearch:DefineAnalysisScheme cloudsearch:DefineExpression cloudsearch:DefineIndexField cloudsearch:DefineSuggester cloudsearch:DeleteAnalysisScheme cloudsearch:DeleteDomain cloudsearch:DeleteExpression cloudsearch:DeleteIndexField cloudsearch:DeleteSuggester cloudsearch:DescribeAnalysisSchemes cloudsearch:DescribeAvailabilityOptions cloudsearch:DescribeDomainEndpointOptions cloudsearch:DescribeDomains cloudsearch:DescribeExpressions cloudsearch:DescribeIndexFields cloudsearch:DescribeScalingParameters cloudsearch:DescribeServiceAccessPolicies cloudsearch:DescribeSuggesters cloudsearch:IndexDocuments cloudsearch:ListDomainNames cloudsearch:UpdateAvailabilityOptions cloudsearch:UpdateDomainEndpointOptions cloudsearch:UpdateScalingParameters cloudsearch:UpdateServiceAccessPolicies |
| cloudtrail | cloudtrail:CancelQuery cloudtrail:CreateChannel cloudtrail:CreateDashboard cloudtrail:CreateEventDataStore cloudtrail:CreateTrail cloudtrail:DeleteChannel cloudtrail:DeleteDashboard cloudtrail:DeleteEventDataStore cloudtrail:DeleteResourcePolicy cloudtrail:DeleteTrail cloudtrail:DeregisterOrganizationDelegatedAdmin cloudtrail:DescribeQuery cloudtrail:DescribeTrails cloudtrail:DisableFederation cloudtrail:GenerateQuery cloudtrail:GetChannel cloudtrail:GetDashboard cloudtrail:GetEventConfiguration cloudtrail:GetEventDataStore cloudtrail:GetEventDataStoreData cloudtrail:GetEventSelectors cloudtrail:GetImport cloudtrail:GetInsightSelectors cloudtrail:GetResourcePolicy cloudtrail:GetTrail cloudtrail:GetTrailStatus cloudtrail:ListChannels cloudtrail:ListDashboards cloudtrail:ListEventDataStores cloudtrail:ListImportFailures cloudtrail:ListImports cloudtrail:ListInsightsData cloudtrail:ListPublicKeys cloudtrail:ListQueries cloudtrail:ListTrails cloudtrail:LookupEvents cloudtrail:PutEventConfiguration cloudtrail:PutEventSelectors cloudtrail:PutInsightSelectors cloudtrail:PutResourcePolicy cloudtrail:RegisterOrganizationDelegatedAdmin cloudtrail:RestoreEventDataStore cloudtrail:SearchSampleQueries cloudtrail:StartEventDataStoreIngestion cloudtrail:StartImport cloudtrail:StartLogging cloudtrail:StartQuery cloudtrail:StopEventDataStoreIngestion cloudtrail:StopImport cloudtrail:StopLogging cloudtrail:UpdateChannel cloudtrail:UpdateDashboard cloudtrail:UpdateEventDataStore cloudtrail:UpdateTrail |
| cloudwatch | cloudwatch:DeleteAlarms cloudwatch:DeleteAnomalyDetector cloudwatch:DeleteDashboards cloudwatch:DeleteInsightRules cloudwatch:DeleteMetricStream cloudwatch:DescribeAlarmHistory cloudwatch:DescribeAlarms cloudwatch:DescribeAlarmsForMetric cloudwatch:DescribeAnomalyDetectors cloudwatch:DescribeInsightRules cloudwatch:DisableAlarmActions cloudwatch:DisableInsightRules cloudwatch:EnableAlarmActions cloudwatch:EnableInsightRules cloudwatch:GetDashboard cloudwatch:GetInsightRuleReport cloudwatch:GetMetricStatistics cloudwatch:GetMetricStream cloudwatch:ListDashboards cloudwatch:ListManagedInsightRules cloudwatch:ListMetricStreams cloudwatch:PutAnomalyDetector cloudwatch:PutCompositeAlarm cloudwatch:PutDashboard cloudwatch:PutInsightRule cloudwatch:PutManagedInsightRules cloudwatch:PutMetricAlarm cloudwatch:PutMetricStream cloudwatch:SetAlarmState cloudwatch:StartMetricStreams cloudwatch:StopMetricStreams |
| codeartifact | codeartifact:AssociateExternalConnection codeartifact:CopyPackageVersions codeartifact:CreateDomain codeartifact:CreateRepository codeartifact:DeleteDomain codeartifact:DeleteDomainPermissionsPolicy codeartifact:DeletePackage codeartifact:DeletePackageVersions codeartifact:DeleteRepository codeartifact:DeleteRepositoryPermissionsPolicy codeartifact:DescribeDomain codeartifact:DescribePackage codeartifact:DescribePackageVersion codeartifact:DescribeRepository codeartifact:DisassociateExternalConnection codeartifact:DisposePackageVersions codeartifact:GetAssociatedPackageGroup codeartifact:GetAuthorizationToken codeartifact:GetDomainPermissionsPolicy codeartifact:GetPackageVersionAsset codeartifact:GetPackageVersionReadme codeartifact:GetRepositoryEndpoint codeartifact:GetRepositoryPermissionsPolicy codeartifact:ListDomains codeartifact:ListPackageGroups codeartifact:ListPackageVersionAssets codeartifact:ListPackageVersionDependencies codeartifact:ListPackageVersions codeartifact:ListPackages codeartifact:ListRepositories codeartifact:ListRepositoriesInDomain codeartifact:PublishPackageVersion codeartifact:PutDomainPermissionsPolicy codeartifact:PutPackageMetadata codeartifact:PutPackageOriginConfiguration codeartifact:PutRepositoryPermissionsPolicy codeartifact:ReadFromRepository codeartifact:UpdatePackageVersionsStatus codeartifact:UpdateRepository |
| codedeploy | codedeploy:BatchGetApplicationRevisions codedeploy:BatchGetApplications codedeploy:BatchGetDeploymentGroups codedeploy:BatchGetDeploymentInstances codedeploy:BatchGetDeploymentTargets codedeploy:BatchGetDeployments codedeploy:BatchGetOnPremisesInstances codedeploy:ContinueDeployment codedeploy:CreateApplication codedeploy:CreateDeployment codedeploy:CreateDeploymentConfig codedeploy:CreateDeploymentGroup codedeploy:DeleteApplication codedeploy:DeleteDeploymentConfig codedeploy:DeleteDeploymentGroup codedeploy:DeleteGitHubAccountToken codedeploy:DeleteResourcesByExternalId codedeploy:DeregisterOnPremisesInstance codedeploy:GetApplication codedeploy:GetApplicationRevision codedeploy:GetDeployment codedeploy:GetDeploymentConfig codedeploy:GetDeploymentGroup codedeploy:GetDeploymentInstance codedeploy:GetDeploymentTarget codedeploy:GetOnPremisesInstance codedeploy:ListApplicationRevisions codedeploy:ListApplications codedeploy:ListDeploymentConfigs codedeploy:ListDeploymentGroups codedeploy:ListDeploymentInstances codedeploy:ListDeploymentTargets codedeploy:ListDeployments codedeploy:ListGitHubAccountTokenNames codedeploy:ListOnPremisesInstances codedeploy:PutLifecycleEventHookExecutionStatus codedeploy:RegisterApplicationRevision codedeploy:RegisterOnPremisesInstance codedeploy:SkipWaitTimeForInstanceTermination codedeploy:StopDeployment codedeploy:UpdateApplication codedeploy:UpdateDeploymentGroup |
| codeguru-profiler | codeguru-profiler:AddNotificationChannels codeguru-profiler:BatchGetFrameMetricData codeguru-profiler:CreateProfilingGroup codeguru-profiler:DeleteProfilingGroup codeguru-profiler:DescribeProfilingGroup codeguru-profiler:GetFindingsReportAccountSummary codeguru-profiler:GetNotificationConfiguration codeguru-profiler:GetPolicy codeguru-profiler:GetProfile codeguru-profiler:GetRecommendations codeguru-profiler:ListFindingsReports codeguru-profiler:ListProfileTimes codeguru-profiler:ListProfilingGroups codeguru-profiler:PutPermission codeguru-profiler:RemoveNotificationChannel codeguru-profiler:RemovePermission codeguru-profiler:SubmitFeedback codeguru-profiler:UpdateProfilingGroup |
| codeguru-reviewer | codeguru-reviewer:AssociateRepository codeguru-reviewer:CreateCodeReview codeguru-reviewer:DescribeCodeReview codeguru-reviewer:DescribeRecommendationFeedback codeguru-reviewer:DescribeRepositoryAssociation codeguru-reviewer:DisassociateRepository codeguru-reviewer:ListCodeReviews codeguru-reviewer:ListRecommendationFeedback codeguru-reviewer:ListRecommendations codeguru-reviewer:ListRepositoryAssociations codeguru-reviewer:PutRecommendationFeedback |
| codepipeline | codepipeline:AcknowledgeJob codepipeline:AcknowledgeThirdPartyJob codepipeline:CreateCustomActionType codepipeline:CreatePipeline codepipeline:DeleteCustomActionType codepipeline:DeletePipeline codepipeline:DeleteWebhook codepipeline:DeregisterWebhookWithThirdParty codepipeline:GetActionType codepipeline:GetJobDetails codepipeline:GetPipeline codepipeline:GetPipelineExecution codepipeline:GetPipelineState codepipeline:GetThirdPartyJobDetails codepipeline:ListActionExecutions codepipeline:ListActionTypes codepipeline:ListPipelineExecutions codepipeline:ListPipelines codepipeline:ListRuleExecutions codepipeline:ListRuleTypes codepipeline:ListWebhooks codepipeline:OverrideStageCondition codepipeline:PollForJobs codepipeline:PollForThirdPartyJobs codepipeline:PutActionRevision codepipeline:PutApprovalResult codepipeline:PutJobFailureResult codepipeline:PutJobSuccessResult codepipeline:PutThirdPartyJobFailureResult codepipeline:PutThirdPartyJobSuccessResult codepipeline:PutWebhook codepipeline:RegisterWebhookWithThirdParty codepipeline:RollbackStage codepipeline:StartPipelineExecution codepipeline:StopPipelineExecution codepipeline:UpdateActionType codepipeline:UpdatePipeline |
| codestar | codestar:AssociateTeamMember codestar:CreateProject codestar:CreateUserProfile codestar:DeleteProject codestar:DeleteUserProfile codestar:DescribeProject codestar:DescribeUserProfile codestar:DisassociateTeamMember codestar:ListProjects codestar:ListResources codestar:ListTeamMembers codestar:ListUserProfiles codestar:UpdateProject codestar:UpdateTeamMember codestar:UpdateUserProfile |
| codestar-notifications | codestar-notifications:CreateNotificationRule codestar-notifications:DeleteNotificationRule codestar-notifications:DeleteTarget codestar-notifications:DescribeNotificationRule codestar-notifications:ListEventTypes codestar-notifications:ListNotificationRules codestar-notifications:ListTargets codestar-notifications:Subscribe codestar-notifications:Unsubscribe codestar-notifications:UpdateNotificationRule |
| cognito-identity | cognito-identity:CreateIdentityPool cognito-identity:DeleteIdentities cognito-identity:DeleteIdentityPool cognito-identity:DescribeIdentity cognito-identity:DescribeIdentityPool cognito-identity:GetIdentityPoolRoles cognito-identity:ListIdentities cognito-identity:ListIdentityPools cognito-identity:LookupDeveloperIdentity cognito-identity:MergeDeveloperIdentities cognito-identity:SetIdentityPoolRoles cognito-identity:UnlinkDeveloperIdentity cognito-identity:UpdateIdentityPool |
| cognito-idp | cognito-idp:AddCustomAttributes cognito-idp:AdminAddUserToGroup cognito-idp:AdminConfirmSignUp cognito-idp:AdminCreateUser cognito-idp:AdminDeleteUser cognito-idp:AdminDeleteUserAttributes cognito-idp:AdminDisableProviderForUser cognito-idp:AdminDisableUser cognito-idp:AdminEnableUser cognito-idp:AdminForgetDevice cognito-idp:AdminGetDevice cognito-idp:AdminGetUser cognito-idp:AdminInitiateAuth cognito-idp:AdminLinkProviderForUser cognito-idp:AdminListDevices cognito-idp:AdminListGroupsForUser cognito-idp:AdminListUserAuthEvents cognito-idp:AdminRemoveUserFromGroup cognito-idp:AdminResetUserPassword cognito-idp:AdminRespondToAuthChallenge cognito-idp:AdminSetUserMFAPreference cognito-idp:AdminSetUserPassword cognito-idp:AdminSetUserSettings cognito-idp:AdminUpdateAuthEventFeedback cognito-idp:AdminUpdateDeviceStatus cognito-idp:AdminUpdateUserAttributes cognito-idp:AdminUserGlobalSignOut cognito-idp:AssociateSoftwareToken cognito-idp:ChangePassword cognito-idp:ConfirmDevice cognito-idp:ConfirmForgotPassword cognito-idp:ConfirmSignUp cognito-idp:CreateGroup cognito-idp:CreateIdentityProvider cognito-idp:CreateManagedLoginBranding cognito-idp:CreateResourceServer cognito-idp:CreateTerms cognito-idp:CreateUserImportJob cognito-idp:CreateUserPool cognito-idp:CreateUserPoolClient cognito-idp:CreateUserPoolDomain cognito-idp:DeleteGroup cognito-idp:DeleteIdentityProvider cognito-idp:DeleteManagedLoginBranding cognito-idp:DeleteResourceServer cognito-idp:DeleteTerms cognito-idp:DeleteUser cognito-idp:DeleteUserAttributes cognito-idp:DeleteUserPool cognito-idp:DeleteUserPoolClient cognito-idp:DeleteUserPoolDomain cognito-idp:DescribeIdentityProvider cognito-idp:DescribeManagedLoginBranding cognito-idp:DescribeManagedLoginBrandingByClient cognito-idp:DescribeResourceServer cognito-idp:DescribeRiskConfiguration cognito-idp:DescribeTerms cognito-idp:DescribeUserImportJob cognito-idp:DescribeUserPool cognito-idp:DescribeUserPoolClient cognito-idp:DescribeUserPoolDomain cognito-idp:ForgetDevice cognito-idp:ForgotPassword cognito-idp:GetCSVHeader cognito-idp:GetDevice cognito-idp:GetGroup cognito-idp:GetIdentityProviderByIdentifier cognito-idp:GetLogDeliveryConfiguration cognito-idp:GetSigningCertificate cognito-idp:GetUICustomization cognito-idp:GetUser cognito-idp:GetUserAttributeVerificationCode cognito-idp:GetUserPoolMfaConfig cognito-idp:GlobalSignOut cognito-idp:InitiateAuth cognito-idp:ListDevices cognito-idp:ListGroups cognito-idp:ListIdentityProviders cognito-idp:ListResourceServers cognito-idp:ListTerms cognito-idp:ListUserImportJobs cognito-idp:ListUserPoolClients cognito-idp:ListUserPools cognito-idp:ListUsers cognito-idp:ListUsersInGroup cognito-idp:ResendConfirmationCode cognito-idp:RespondToAuthChallenge cognito-idp:RevokeToken cognito-idp:SetLogDeliveryConfiguration cognito-idp:SetRiskConfiguration cognito-idp:SetUICustomization cognito-idp:SetUserMFAPreference cognito-idp:SetUserPoolMfaConfig cognito-idp:SetUserSettings cognito-idp:SignUp cognito-idp:StartUserImportJob cognito-idp:StopUserImportJob cognito-idp:UpdateAuthEventFeedback cognito-idp:UpdateDeviceStatus cognito-idp:UpdateGroup cognito-idp:UpdateIdentityProvider cognito-idp:UpdateResourceServer cognito-idp:UpdateTerms cognito-idp:UpdateUserAttributes cognito-idp:UpdateUserPool cognito-idp:UpdateUserPoolClient cognito-idp:UpdateUserPoolDomain cognito-idp:VerifySoftwareToken cognito-idp:VerifyUserAttribute |
| cognito-sync | cognito-sync:BulkPublish cognito-sync:DeleteDataset cognito-sync:DescribeDataset cognito-sync:DescribeIdentityPoolUsage cognito-sync:DescribeIdentityUsage cognito-sync:GetBulkPublishDetails cognito-sync:GetCognitoEvents cognito-sync:GetIdentityPoolConfiguration cognito-sync:ListDatasets cognito-sync:ListIdentityPoolUsage cognito-sync:ListRecords cognito-sync:RegisterDevice cognito-sync:SetCognitoEvents cognito-sync:SetIdentityPoolConfiguration cognito-sync:SubscribeToDataset cognito-sync:UnsubscribeFromDataset cognito-sync:UpdateRecords |
| comprehendmedical | comprehendmedical:DescribeEntitiesDetectionV2Job comprehendmedical:DescribeICD10CMInferenceJob comprehendmedical:DescribePHIDetectionJob comprehendmedical:DescribeRxNormInferenceJob comprehendmedical:DescribeSNOMEDCTInferenceJob comprehendmedical:DetectEntitiesV2 comprehendmedical:DetectPHI comprehendmedical:InferICD10CM comprehendmedical:InferRxNorm comprehendmedical:InferSNOMEDCT comprehendmedical:ListEntitiesDetectionV2Jobs comprehendmedical:ListICD10CMInferenceJobs comprehendmedical:ListPHIDetectionJobs comprehendmedical:ListRxNormInferenceJobs comprehendmedical:ListSNOMEDCTInferenceJobs comprehendmedical:StartEntitiesDetectionV2Job comprehendmedical:StartICD10CMInferenceJob comprehendmedical:StartPHIDetectionJob comprehendmedical:StartRxNormInferenceJob comprehendmedical:StartSNOMEDCTInferenceJob comprehendmedical:StopEntitiesDetectionV2Job comprehendmedical:StopICD10CMInferenceJob comprehendmedical:StopPHIDetectionJob comprehendmedical:StopRxNormInferenceJob comprehendmedical:StopSNOMEDCTInferenceJob |
| compute-optimizer | compute-optimizer:DeleteRecommendationPreferences compute-optimizer:DescribeRecommendationExportJobs compute-optimizer:ExportAutoScalingGroupRecommendations compute-optimizer:ExportEBSVolumeRecommendations compute-optimizer:ExportEC2InstanceRecommendations compute-optimizer:ExportECSServiceRecommendations compute-optimizer:ExportIdleRecommendations compute-optimizer:ExportLambdaFunctionRecommendations compute-optimizer:ExportLicenseRecommendations compute-optimizer:ExportRDSDatabaseRecommendations compute-optimizer:GetEC2RecommendationProjectedMetrics compute-optimizer:GetECSServiceRecommendationProjectedMetrics compute-optimizer:GetEffectiveRecommendationPreferences compute-optimizer:GetEnrollmentStatus compute-optimizer:GetEnrollmentStatusesForOrganization compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics compute-optimizer:GetRecommendationPreferences compute-optimizer:GetRecommendationSummaries compute-optimizer:PutRecommendationPreferences compute-optimizer:UpdateEnrollmentStatus |
| config | config:BatchGetResourceConfig config:DeleteAggregationAuthorization config:DeleteConfigRule config:DeleteConfigurationAggregator config:DeleteConfigurationRecorder config:DeleteConformancePack config:DeleteDeliveryChannel config:DeleteEvaluationResults config:DeleteOrganizationConfigRule config:DeleteOrganizationConformancePack config:DeletePendingAggregationRequest config:DeleteRemediationConfiguration config:DeleteRemediationExceptions config:DeleteResourceConfig config:DeleteRetentionConfiguration config:DeleteStoredQuery config:DeliverConfigSnapshot config:DescribeAggregateComplianceByConfigRules config:DescribeAggregateComplianceByConformancePacks config:DescribeAggregationAuthorizations config:DescribeComplianceByConfigRule config:DescribeComplianceByResource config:DescribeConfigRuleEvaluationStatus config:DescribeConfigRules config:DescribeConfigurationAggregatorSourcesStatus config:DescribeConfigurationAggregators config:DescribeConfigurationRecorderStatus config:DescribeConfigurationRecorders config:DescribeConformancePackCompliance config:DescribeConformancePackStatus config:DescribeConformancePacks config:DescribeDeliveryChannelStatus config:DescribeDeliveryChannels config:DescribeOrganizationConfigRuleStatuses config:DescribeOrganizationConfigRules config:DescribeOrganizationConformancePackStatuses config:DescribeOrganizationConformancePacks config:DescribePendingAggregationRequests config:DescribeRemediationConfigurations config:DescribeRemediationExceptions config:DescribeRemediationExecutionStatus config:DescribeRetentionConfigurations config:GetComplianceDetailsByConfigRule config:GetComplianceDetailsByResource config:GetComplianceSummaryByConfigRule config:GetComplianceSummaryByResourceType config:GetConformancePackComplianceDetails config:GetConformancePackComplianceSummary config:GetCustomRulePolicy config:GetDiscoveredResourceCounts config:GetOrganizationConfigRuleDetailedStatus config:GetOrganizationConformancePackDetailedStatus config:GetOrganizationCustomRulePolicy config:GetResourceConfigHistory config:GetResourceEvaluationSummary config:GetStoredQuery config:ListConfigurationRecorders config:ListConformancePackComplianceScores config:ListDiscoveredResources config:ListResourceEvaluations config:ListStoredQueries config:PutConfigRule config:PutConfigurationAggregator config:PutConfigurationRecorder config:PutConformancePack config:PutDeliveryChannel config:PutEvaluations config:PutExternalEvaluation config:PutOrganizationConfigRule config:PutOrganizationConformancePack config:PutRemediationConfigurations config:PutRemediationExceptions config:PutResourceConfig config:PutRetentionConfiguration config:PutStoredQuery config:SelectResourceConfig config:StartConfigRulesEvaluation config:StartConfigurationRecorder config:StartRemediationExecution config:StartResourceEvaluation config:StopConfigurationRecorder |
| connect | connect:ActivateEvaluationForm connect:AssociateAnalyticsDataSet connect:AssociateApprovedOrigin connect:AssociateBot connect:AssociateContactWithUser connect:AssociateDefaultVocabulary connect:AssociateEmailAddressAlias connect:AssociateFlow connect:AssociateInstanceStorageConfig connect:AssociateLambdaFunction connect:AssociateLexBot connect:AssociatePhoneNumberContactFlow connect:AssociateQueueQuickConnects connect:AssociateRoutingProfileQueues connect:AssociateSecurityKey connect:AssociateUserProficiencies connect:BatchAssociateAnalyticsDataSet connect:BatchCreateDataTableValue connect:BatchDeleteDataTableValue connect:BatchDescribeDataTableValue connect:BatchDisassociateAnalyticsDataSet connect:BatchGetFlowAssociation connect:BatchPutContact connect:BatchUpdateDataTableValue connect:ClaimPhoneNumber connect:CreateAgentStatus connect:CreateContact connect:CreateContactFlow connect:CreateContactFlowModule connect:CreateContactFlowModuleAlias connect:CreateContactFlowModuleVersion connect:CreateContactFlowVersion connect:CreateDataTable connect:CreateDataTableAttribute connect:CreateEmailAddress connect:CreateEvaluationForm connect:CreateHoursOfOperation connect:CreateInstance connect:CreateIntegrationAssociation connect:CreateParticipant connect:CreatePersistentContactAssociation connect:CreatePredefinedAttribute connect:CreatePrompt connect:CreatePushNotificationRegistration connect:CreateQueue connect:CreateQuickConnect connect:CreateRoutingProfile connect:CreateRule connect:CreateSecurityProfile connect:CreateTaskTemplate connect:CreateTrafficDistributionGroup connect:CreateUseCase connect:CreateUser connect:CreateUserHierarchyGroup connect:CreateView connect:CreateViewVersion connect:CreateVocabulary connect:CreateWorkspace connect:DeactivateEvaluationForm connect:DeleteContactEvaluation connect:DeleteContactFlow connect:DeleteContactFlowModule connect:DeleteContactFlowModuleAlias connect:DeleteContactFlowModuleVersion connect:DeleteContactFlowVersion connect:DeleteDataTable connect:DeleteDataTableAttribute connect:DeleteEmailAddress connect:DeleteEvaluationForm connect:DeleteHoursOfOperation connect:DeleteHoursOfOperationOverride connect:DeleteInstance connect:DeleteIntegrationAssociation connect:DeletePredefinedAttribute connect:DeletePrompt connect:DeletePushNotificationRegistration connect:DeleteQueue connect:DeleteQuickConnect connect:DeleteRoutingProfile connect:DeleteRule connect:DeleteSecurityProfile connect:DeleteTaskTemplate connect:DeleteTrafficDistributionGroup connect:DeleteUseCase connect:DeleteUser connect:DeleteUserHierarchyGroup connect:DeleteView connect:DeleteVocabulary connect:DeleteWorkspace connect:DeleteWorkspaceMedia connect:DescribeAuthenticationProfile connect:DescribeContactFlowModuleAlias connect:DescribeDataTableAttribute connect:DescribeHoursOfOperationOverride connect:DescribeInstanceAttribute connect:DescribeInstanceStorageConfig connect:DescribePhoneNumber connect:DescribeRule connect:DescribeTrafficDistributionGroup connect:DescribeUserHierarchyStructure connect:DescribeVocabulary connect:DisassociateAnalyticsDataSet connect:DisassociateApprovedOrigin connect:DisassociateBot connect:DisassociateEmailAddressAlias connect:DisassociateFlow connect:DisassociateInstanceStorageConfig connect:DisassociateLambdaFunction connect:DisassociateLexBot connect:DisassociatePhoneNumberContactFlow connect:DisassociateQueueQuickConnects connect:DisassociateRoutingProfileQueues connect:DisassociateSecurityKey connect:DisassociateUserProficiencies connect:DismissUserContact connect:EvaluateDataTableValues connect:GetContactAttributes connect:GetContactMetrics connect:GetCurrentMetricData connect:GetCurrentUserData connect:GetEffectiveHoursOfOperations connect:GetFederationToken connect:GetFlowAssociation connect:GetMetricData connect:GetMetricDataV2 connect:GetPromptFile connect:GetTaskTemplate connect:GetTrafficDistribution connect:ImportPhoneNumber connect:ImportWorkspaceMedia connect:ListAnalyticsDataAssociations connect:ListAnalyticsDataLakeDataSets connect:ListApprovedOrigins connect:ListAssociatedContacts connect:ListAuthenticationProfiles connect:ListBots connect:ListContactEvaluations connect:ListContactFlowModuleAliases connect:ListContactFlowModuleVersions connect:ListContactFlowModules connect:ListContactFlowVersions connect:ListContactFlows connect:ListContactReferences connect:ListDataTableAttributes connect:ListDataTablePrimaryValues connect:ListDataTableValues connect:ListDataTables connect:ListDefaultVocabularies connect:ListEvaluationFormVersions connect:ListEvaluationForms connect:ListFlowAssociations connect:ListHoursOfOperations connect:ListInstanceAttributes connect:ListInstanceStorageConfigs connect:ListIntegrationAssociations connect:ListLambdaFunctions connect:ListLexBots connect:ListPhoneNumbers connect:ListPhoneNumbersV2 connect:ListPredefinedAttributes connect:ListPrompts connect:ListQueueQuickConnects connect:ListQueues connect:ListQuickConnects connect:ListRealtimeContactAnalysisSegmentsV2 connect:ListRoutingProfileManualAssignmentQueues connect:ListRoutingProfileQueues connect:ListRoutingProfiles connect:ListRules connect:ListSecurityKeys connect:ListSecurityProfileApplications connect:ListSecurityProfileFlowModules connect:ListSecurityProfilePermissions connect:ListSecurityProfiles connect:ListTaskTemplates connect:ListTrafficDistributionGroups connect:ListUseCases connect:ListUserHierarchyGroups connect:ListUsers connect:ListViewVersions connect:ListViews connect:ListWorkspaceMedia connect:ListWorkspacePages connect:ListWorkspaces connect:MonitorContact connect:PauseContact connect:PutUserStatus connect:ReleasePhoneNumber connect:ReplicateInstance connect:ResumeContact connect:ResumeContactRecording connect:SearchAgentStatuses connect:SearchAvailablePhoneNumbers connect:SearchContactEvaluations connect:SearchContactFlowModules connect:SearchContactFlows connect:SearchContacts connect:SearchDataTables connect:SearchEmailAddresses connect:SearchEvaluationForms connect:SearchHoursOfOperations connect:SearchPredefinedAttributes connect:SearchPrompts connect:SearchQueues connect:SearchQuickConnects connect:SearchRoutingProfiles connect:SearchSecurityProfiles connect:SearchUserHierarchyGroups connect:SearchViews connect:SearchVocabularies connect:SearchWorkspaceAssociations connect:SearchWorkspaces connect:SendChatIntegrationEvent connect:SendOutboundEmail connect:StartChatContact connect:StartContactEvaluation connect:StartContactMediaProcessing connect:StartContactRecording connect:StartContactStreaming connect:StartEmailContact connect:StartOutboundChatContact connect:StartOutboundEmailContact connect:StartOutboundVoiceContact connect:StartScreenSharing connect:StartTaskContact connect:StartWebRTCContact connect:StopContact connect:StopContactMediaProcessing connect:StopContactRecording connect:StopContactStreaming connect:SubmitContactEvaluation connect:SuspendContactRecording connect:TransferContact connect:UpdateAgentStatus connect:UpdateAuthenticationProfile connect:UpdateContact connect:UpdateContactAttributes connect:UpdateContactEvaluation connect:UpdateContactFlowContent connect:UpdateContactFlowMetadata connect:UpdateContactFlowModuleAlias connect:UpdateContactFlowModuleContent connect:UpdateContactFlowModuleMetadata connect:UpdateContactFlowName connect:UpdateContactRoutingData connect:UpdateContactSchedule connect:UpdateDataTableAttribute connect:UpdateDataTableMetadata connect:UpdateDataTablePrimaryValues connect:UpdateEmailAddressMetadata connect:UpdateEvaluationForm connect:UpdateHoursOfOperation connect:UpdateHoursOfOperationOverride connect:UpdateInstanceAttribute connect:UpdateInstanceStorageConfig connect:UpdateParticipantAuthentication connect:UpdateParticipantRoleConfig connect:UpdatePhoneNumber connect:UpdatePhoneNumberMetadata connect:UpdatePredefinedAttribute connect:UpdatePrompt connect:UpdateQueueHoursOfOperation connect:UpdateQueueMaxContacts connect:UpdateQueueName connect:UpdateQueueOutboundCallerConfig connect:UpdateQueueOutboundEmailConfig connect:UpdateQueueStatus connect:UpdateQuickConnectConfig connect:UpdateQuickConnectName connect:UpdateRoutingProfileAgentAvailabilityTimer connect:UpdateRoutingProfileConcurrency connect:UpdateRoutingProfileDefaultOutboundQueue connect:UpdateRoutingProfileName connect:UpdateRoutingProfileQueues connect:UpdateRule connect:UpdateSecurityProfile connect:UpdateTaskTemplate connect:UpdateTrafficDistribution connect:UpdateUserHierarchy connect:UpdateUserHierarchyGroupName connect:UpdateUserHierarchyStructure connect:UpdateUserIdentityInfo connect:UpdateUserPhoneConfig connect:UpdateUserProficiencies connect:UpdateUserRoutingProfile connect:UpdateUserSecurityProfiles connect:UpdateViewContent connect:UpdateViewMetadata connect:UpdateWorkspaceMetadata connect:UpdateWorkspaceTheme connect:UpdateWorkspaceVisibility |
| cur | cur:DeleteReportDefinition cur:DescribeReportDefinitions cur:ModifyReportDefinition cur:PutReportDefinition |
| databrew | databrew:BatchDeleteRecipeVersion databrew:CreateDataset databrew:CreateProfileJob databrew:CreateProject databrew:CreateRecipe databrew:CreateRecipeJob databrew:CreateRuleset databrew:CreateSchedule databrew:DeleteDataset databrew:DeleteJob databrew:DeleteProject databrew:DeleteRecipeVersion databrew:DeleteRuleset databrew:DeleteSchedule databrew:DescribeDataset databrew:DescribeJob databrew:DescribeJobRun databrew:DescribeProject databrew:DescribeRecipe databrew:DescribeRuleset databrew:DescribeSchedule databrew:ListDatasets databrew:ListJobRuns databrew:ListJobs databrew:ListProjects databrew:ListRecipeVersions databrew:ListRecipes databrew:ListRulesets databrew:ListSchedules databrew:PublishRecipe databrew:SendProjectSessionAction databrew:StartJobRun databrew:StartProjectSession databrew:StopJobRun databrew:UpdateDataset databrew:UpdateProfileJob databrew:UpdateProject databrew:UpdateRecipe databrew:UpdateRecipeJob databrew:UpdateRuleset databrew:UpdateSchedule |
| dataexchange | dataexchange:AcceptDataGrant dataexchange:CancelJob dataexchange:CreateDataGrant dataexchange:CreateDataSet dataexchange:CreateEventAction dataexchange:CreateJob dataexchange:CreateRevision dataexchange:DeleteAsset dataexchange:DeleteDataGrant dataexchange:DeleteEventAction dataexchange:DeleteRevision dataexchange:GetDataGrant dataexchange:GetEventAction dataexchange:GetJob dataexchange:GetReceivedDataGrant dataexchange:ListDataGrants dataexchange:ListDataSetRevisions dataexchange:ListDataSets dataexchange:ListEventActions dataexchange:ListJobs dataexchange:ListReceivedDataGrants dataexchange:ListRevisionAssets dataexchange:RevokeRevision dataexchange:SendDataSetNotification dataexchange:StartJob dataexchange:UpdateAsset dataexchange:UpdateDataSet dataexchange:UpdateEventAction dataexchange:UpdateRevision |
| datapipeline | datapipeline:ActivatePipeline datapipeline:CreatePipeline datapipeline:DeactivatePipeline datapipeline:DeletePipeline datapipeline:DescribeObjects datapipeline:DescribePipelines datapipeline:EvaluateExpression datapipeline:GetPipelineDefinition datapipeline:ListPipelines datapipeline:PollForTask datapipeline:PutPipelineDefinition datapipeline:QueryObjects datapipeline:ReportTaskProgress datapipeline:ReportTaskRunnerHeartbeat datapipeline:SetStatus datapipeline:SetTaskStatus datapipeline:ValidatePipelineDefinition |
| dax | dax:CreateCluster dax:DecreaseReplicationFactor dax:DeleteCluster dax:DeleteParameterGroup dax:DeleteSubnetGroup dax:DescribeClusters dax:DescribeDefaultParameters dax:DescribeEvents dax:DescribeParameterGroups dax:DescribeParameters dax:DescribeSubnetGroups dax:IncreaseReplicationFactor dax:RebootNode dax:UpdateCluster dax:UpdateParameterGroup dax:UpdateSubnetGroup |
| devicefarm | devicefarm:CreateDevicePool devicefarm:CreateInstanceProfile devicefarm:CreateNetworkProfile devicefarm:CreateProject devicefarm:CreateRemoteAccessSession devicefarm:CreateTestGridProject devicefarm:CreateTestGridUrl devicefarm:CreateUpload devicefarm:CreateVPCEConfiguration devicefarm:DeleteDevicePool devicefarm:DeleteInstanceProfile devicefarm:DeleteNetworkProfile devicefarm:DeleteProject devicefarm:DeleteRemoteAccessSession devicefarm:DeleteRun devicefarm:DeleteTestGridProject devicefarm:DeleteUpload devicefarm:DeleteVPCEConfiguration devicefarm:GetAccountSettings devicefarm:GetDevice devicefarm:GetDeviceInstance devicefarm:GetDevicePool devicefarm:GetDevicePoolCompatibility devicefarm:GetInstanceProfile devicefarm:GetJob devicefarm:GetNetworkProfile devicefarm:GetOfferingStatus devicefarm:GetProject devicefarm:GetRemoteAccessSession devicefarm:GetRun devicefarm:GetSuite devicefarm:GetTest devicefarm:GetTestGridProject devicefarm:GetTestGridSession devicefarm:GetUpload devicefarm:GetVPCEConfiguration devicefarm:ListArtifacts devicefarm:ListDeviceInstances devicefarm:ListDevicePools devicefarm:ListDevices devicefarm:ListInstanceProfiles devicefarm:ListJobs devicefarm:ListNetworkProfiles devicefarm:ListOfferingPromotions devicefarm:ListOfferingTransactions devicefarm:ListOfferings devicefarm:ListProjects devicefarm:ListRemoteAccessSessions devicefarm:ListRuns devicefarm:ListSamples devicefarm:ListSuites devicefarm:ListTestGridProjects devicefarm:ListTestGridSessionActions devicefarm:ListTestGridSessionArtifacts devicefarm:ListTestGridSessions devicefarm:ListTests devicefarm:ListUniqueProblems devicefarm:ListUploads devicefarm:ListVPCEConfigurations devicefarm:PurchaseOffering devicefarm:RenewOffering devicefarm:ScheduleRun devicefarm:StopJob devicefarm:StopRemoteAccessSession devicefarm:StopRun devicefarm:UpdateDeviceInstance devicefarm:UpdateDevicePool devicefarm:UpdateInstanceProfile devicefarm:UpdateNetworkProfile devicefarm:UpdateProject devicefarm:UpdateTestGridProject devicefarm:UpdateUpload devicefarm:UpdateVPCEConfiguration |
| devops-guru | devops-guru:AddNotificationChannel devops-guru:DeleteInsight devops-guru:DescribeAccountHealth devops-guru:DescribeAccountOverview devops-guru:DescribeAnomaly devops-guru:DescribeEventSourcesConfig devops-guru:DescribeFeedback devops-guru:DescribeInsight devops-guru:DescribeOrganizationHealth devops-guru:DescribeOrganizationOverview devops-guru:DescribeOrganizationResourceCollectionHealth devops-guru:DescribeResourceCollectionHealth devops-guru:DescribeServiceIntegration devops-guru:GetCostEstimation devops-guru:GetResourceCollection devops-guru:ListAnomaliesForInsight devops-guru:ListAnomalousLogGroups devops-guru:ListEvents devops-guru:ListInsights devops-guru:ListMonitoredResources devops-guru:ListNotificationChannels devops-guru:ListOrganizationInsights devops-guru:ListRecommendations devops-guru:PutFeedback devops-guru:RemoveNotificationChannel devops-guru:SearchInsights devops-guru:SearchOrganizationInsights devops-guru:StartCostEstimation devops-guru:UpdateEventSourcesConfig devops-guru:UpdateResourceCollection devops-guru:UpdateServiceIntegration |
| directconnect | directconnect:AcceptDirectConnectGatewayAssociationProposal directconnect:AllocateConnectionOnInterconnect directconnect:AllocateHostedConnection directconnect:AllocatePrivateVirtualInterface directconnect:AllocatePublicVirtualInterface directconnect:AllocateTransitVirtualInterface directconnect:AssociateConnectionWithLag directconnect:AssociateHostedConnection directconnect:AssociateMacSecKey directconnect:AssociateVirtualInterface directconnect:ConfirmConnection directconnect:ConfirmCustomerAgreement directconnect:ConfirmPrivateVirtualInterface directconnect:ConfirmPublicVirtualInterface directconnect:ConfirmTransitVirtualInterface directconnect:CreateBGPPeer directconnect:CreateConnection directconnect:CreateDirectConnectGateway directconnect:CreateDirectConnectGatewayAssociation directconnect:CreateDirectConnectGatewayAssociationProposal directconnect:CreateInterconnect directconnect:CreateLag directconnect:CreatePrivateVirtualInterface directconnect:CreatePublicVirtualInterface directconnect:CreateTransitVirtualInterface directconnect:DeleteBGPPeer directconnect:DeleteConnection directconnect:DeleteDirectConnectGateway directconnect:DeleteDirectConnectGatewayAssociation directconnect:DeleteDirectConnectGatewayAssociationProposal directconnect:DeleteInterconnect directconnect:DeleteLag directconnect:DeleteVirtualInterface directconnect:DescribeConnectionLoa directconnect:DescribeConnections directconnect:DescribeConnectionsOnInterconnect directconnect:DescribeCustomerMetadata directconnect:DescribeDirectConnectGatewayAssociationProposals directconnect:DescribeDirectConnectGatewayAssociations directconnect:DescribeDirectConnectGatewayAttachments directconnect:DescribeDirectConnectGateways directconnect:DescribeHostedConnections directconnect:DescribeInterconnectLoa directconnect:DescribeInterconnects directconnect:DescribeLags directconnect:DescribeLoa directconnect:DescribeLocations directconnect:DescribeRouterConfiguration directconnect:DescribeVirtualGateways directconnect:DescribeVirtualInterfaces directconnect:DisassociateConnectionFromLag directconnect:DisassociateMacSecKey directconnect:ListVirtualInterfaceTestHistory directconnect:StartBgpFailoverTest directconnect:StopBgpFailoverTest directconnect:UpdateConnection directconnect:UpdateDirectConnectGateway directconnect:UpdateDirectConnectGatewayAssociation directconnect:UpdateLag directconnect:UpdateVirtualInterfaceAttributes |
| dlm | dlm:CreateLifecyclePolicy dlm:DeleteLifecyclePolicy dlm:GetLifecyclePolicies dlm:GetLifecyclePolicy dlm:UpdateLifecyclePolicy |
| dms | dms:ApplyPendingMaintenanceAction dms:AssociateExtensionPack dms:BatchStartRecommendations dms:CancelMetadataModelCreation dms:CancelReplicationTaskAssessmentRun dms:CreateDataProvider dms:CreateEndpoint dms:CreateEventSubscription dms:CreateInstanceProfile dms:CreateMigrationProject dms:CreateReplicationConfig dms:CreateReplicationInstance dms:CreateReplicationSubnetGroup dms:CreateReplicationTask dms:DeleteCertificate dms:DeleteConnection dms:DeleteDataMigration dms:DeleteDataProvider dms:DeleteEndpoint dms:DeleteEventSubscription dms:DeleteFleetAdvisorCollector dms:DeleteFleetAdvisorDatabases dms:DeleteInstanceProfile dms:DeleteMigrationProject dms:DeleteReplicationConfig dms:DeleteReplicationInstance dms:DeleteReplicationSubnetGroup dms:DeleteReplicationTask dms:DeleteReplicationTaskAssessmentRun dms:DescribeAccountAttributes dms:DescribeApplicableIndividualAssessments dms:DescribeCertificates dms:DescribeConnections dms:DescribeDataMigrations dms:DescribeEndpointSettings dms:DescribeEndpointTypes dms:DescribeEndpoints dms:DescribeEngineVersions dms:DescribeEventCategories dms:DescribeEventSubscriptions dms:DescribeEvents dms:DescribeFleetAdvisorCollectors dms:DescribeFleetAdvisorDatabases dms:DescribeFleetAdvisorLsaAnalysis dms:DescribeFleetAdvisorSchemaObjectSummary dms:DescribeFleetAdvisorSchemas dms:DescribeMetadataModel dms:DescribeMetadataModelChildren dms:DescribeMetadataModelCreations dms:DescribeMetadataModelImports dms:DescribeOrderableReplicationInstances dms:DescribePendingMaintenanceActions dms:DescribeRecommendationLimitations dms:DescribeRecommendations dms:DescribeRefreshSchemasStatus dms:DescribeReplicationConfigs dms:DescribeReplicationInstanceTaskLogs dms:DescribeReplicationInstances dms:DescribeReplicationSubnetGroups dms:DescribeReplicationTableStatistics dms:DescribeReplicationTaskAssessmentResults dms:DescribeReplicationTaskAssessmentRuns dms:DescribeReplicationTaskIndividualAssessments dms:DescribeReplicationTasks dms:DescribeReplications dms:DescribeSchemas dms:DescribeTableStatistics dms:ExportMetadataModelAssessment dms:ImportCertificate dms:ListDataProviders dms:ListExtensionPacks dms:ListInstanceProfiles dms:ListMetadataModelAssessments dms:ListMetadataModelConversions dms:ListMetadataModelExports dms:ListMigrationProjects dms:ModifyDataMigration dms:ModifyEndpoint dms:ModifyEventSubscription dms:ModifyReplicationConfig dms:ModifyReplicationInstance dms:ModifyReplicationSubnetGroup dms:ModifyReplicationTask dms:MoveReplicationTask dms:RebootReplicationInstance dms:RefreshSchemas dms:ReloadReplicationTables dms:ReloadTables dms:RunFleetAdvisorLsaAnalysis dms:StartMetadataModelAssessment dms:StartMetadataModelConversion dms:StartMetadataModelCreation dms:StartMetadataModelExportAsScripts dms:StartMetadataModelExportToTarget dms:StartRecommendations dms:StartReplication dms:StartReplicationTask dms:StartReplicationTaskAssessment dms:StopDataMigration dms:StopReplicationTask dms:TestConnection dms:UpdateConversionConfiguration dms:UpdateDataProvider dms:UpdateInstanceProfile dms:UpdateMigrationProject dms:UpdateSubscriptionsToEventBridge |
| docdb-elastic | docdb-elastic:ApplyPendingMaintenanceAction docdb-elastic:CopyClusterSnapshot docdb-elastic:DeleteCluster docdb-elastic:DeleteClusterSnapshot docdb-elastic:GetCluster docdb-elastic:GetClusterSnapshot docdb-elastic:GetPendingMaintenanceAction docdb-elastic:ListClusterSnapshots docdb-elastic:ListClusters docdb-elastic:ListPendingMaintenanceActions docdb-elastic:RestoreClusterFromSnapshot docdb-elastic:StartCluster docdb-elastic:StopCluster docdb-elastic:UpdateCluster |
| dynamodb | dynamodb:AssociateTableReplica dynamodb:CreateBackup dynamodb:CreateGlobalTable dynamodb:CreateTable dynamodb:DeleteBackup dynamodb:DeleteTable dynamodb:DescribeBackup dynamodb:DescribeContinuousBackups dynamodb:DescribeContributorInsights dynamodb:DescribeEndpoints dynamodb:DescribeExport dynamodb:DescribeGlobalTable dynamodb:DescribeGlobalTableSettings dynamodb:DescribeImport dynamodb:DescribeKinesisStreamingDestination dynamodb:DescribeLimits dynamodb:DescribeStream dynamodb:DescribeTable dynamodb:DescribeTableReplicaAutoScaling dynamodb:DescribeTimeToLive dynamodb:DisableKinesisStreamingDestination dynamodb:EnableKinesisStreamingDestination dynamodb:ExportTableToPointInTime dynamodb:GetResourcePolicy dynamodb:ImportTable dynamodb:ListBackups dynamodb:ListContributorInsights dynamodb:ListExports dynamodb:ListGlobalTables dynamodb:ListImports dynamodb:ListStreams dynamodb:ListTables dynamodb:ReadDataForReplication dynamodb:ReplicateSettings dynamodb:RestoreTableFromBackup dynamodb:RestoreTableToPointInTime dynamodb:UpdateContinuousBackups dynamodb:UpdateContributorInsights dynamodb:UpdateGlobalTable dynamodb:UpdateGlobalTableSettings dynamodb:UpdateKinesisStreamingDestination dynamodb:UpdateTable dynamodb:UpdateTableReplicaAutoScaling dynamodb:UpdateTimeToLive dynamodb:WriteDataForReplication |
| ebs | ebs:CompleteSnapshot ebs:StartSnapshot |
| ec2 | ec2:AcceptAddressTransfer ec2:AcceptCapacityReservationBillingOwnership ec2:AcceptReservedInstancesExchangeQuote ec2:AcceptTransitGatewayMulticastDomainAssociations ec2:AcceptTransitGatewayPeeringAttachment ec2:AcceptTransitGatewayVpcAttachment ec2:AcceptVpcEndpointConnections ec2:AcceptVpcPeeringConnection ec2:AdvertiseByoipCidr ec2:AllocateAddress ec2:AllocateHosts ec2:AllocateIpamPoolCidr ec2:ApplySecurityGroupsToClientVpnTargetNetwork ec2:AssignIpv6Addresses ec2:AssignPrivateIpAddresses ec2:AssignPrivateNatGatewayAddress ec2:AssociateAddress ec2:AssociateCapacityReservationBillingOwner ec2:AssociateClientVpnTargetNetwork ec2:AssociateDhcpOptions ec2:AssociateEnclaveCertificateIamRole ec2:AssociateIamInstanceProfile ec2:AssociateInstanceEventWindow ec2:AssociateIpamByoasn ec2:AssociateIpamResourceDiscovery ec2:AssociateNatGatewayAddress ec2:AssociateRouteServer ec2:AssociateRouteTable ec2:AssociateSecurityGroupVpc ec2:AssociateSubnetCidrBlock ec2:AssociateTransitGatewayMulticastDomain ec2:AssociateTransitGatewayPolicyTable ec2:AssociateTransitGatewayRouteTable ec2:AssociateTrunkInterface ec2:AssociateVpcCidrBlock ec2:AttachClassicLinkVpc ec2:AttachInternetGateway ec2:AttachNetworkInterface ec2:AttachVerifiedAccessTrustProvider ec2:AttachVolume ec2:AttachVpnGateway ec2:AuthorizeClientVpnIngress ec2:AuthorizeSecurityGroupEgress ec2:AuthorizeSecurityGroupIngress ec2:BundleInstance ec2:CancelBundleTask ec2:CancelCapacityReservation ec2:CancelCapacityReservationFleets ec2:CancelConversionTask ec2:CancelDeclarativePoliciesReport ec2:CancelExportTask ec2:CancelImageLaunchPermission ec2:CancelImportTask ec2:CancelReservedInstancesListing ec2:CancelSpotFleetRequests ec2:CancelSpotInstanceRequests ec2:ConfirmProductInstance ec2:CopyFpgaImage ec2:CopyImage ec2:CopySnapshot ec2:CopyVolumes ec2:CreateCapacityManagerDataExport ec2:CreateCapacityReservation ec2:CreateCapacityReservationBySplitting ec2:CreateCapacityReservationFleet ec2:CreateCarrierGateway ec2:CreateClientVpnEndpoint ec2:CreateClientVpnRoute ec2:CreateCoipCidr ec2:CreateCoipPool ec2:CreateCustomerGateway ec2:CreateDefaultSubnet ec2:CreateDefaultVpc ec2:CreateDelegateMacVolumeOwnershipTask ec2:CreateDhcpOptions ec2:CreateEgressOnlyInternetGateway ec2:CreateFleet ec2:CreateFlowLogs ec2:CreateFpgaImage ec2:CreateImage ec2:CreateImageUsageReport ec2:CreateInstanceConnectEndpoint ec2:CreateInstanceEventWindow ec2:CreateInstanceExportTask ec2:CreateInternetGateway ec2:CreateInterruptibleCapacityReservationAllocation ec2:CreateIpam ec2:CreateIpamExternalResourceVerificationToken ec2:CreateIpamPolicy ec2:CreateIpamPool ec2:CreateIpamPrefixListResolver ec2:CreateIpamPrefixListResolverTarget ec2:CreateIpamResourceDiscovery ec2:CreateIpamScope ec2:CreateKeyPair ec2:CreateLaunchTemplateVersion ec2:CreateLocalGatewayRoute ec2:CreateLocalGatewayRouteTable ec2:CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation ec2:CreateLocalGatewayRouteTableVpcAssociation ec2:CreateLocalGatewayVirtualInterface ec2:CreateLocalGatewayVirtualInterfaceGroup ec2:CreateMacSystemIntegrityProtectionModificationTask ec2:CreateManagedPrefixList ec2:CreateNatGateway ec2:CreateNetworkAcl ec2:CreateNetworkAclEntry ec2:CreateNetworkInsightsAccessScope ec2:CreateNetworkInsightsPath ec2:CreateNetworkInterface ec2:CreateNetworkInterfacePermission ec2:CreatePlacementGroup ec2:CreatePublicIpv4Pool ec2:CreateReplaceRootVolumeTask ec2:CreateReservedInstancesListing ec2:CreateRestoreImageTask ec2:CreateRoute ec2:CreateRouteServer ec2:CreateRouteServerEndpoint ec2:CreateRouteServerPeer ec2:CreateRouteTable ec2:CreateSecurityGroup ec2:CreateSnapshots ec2:CreateSpotDatafeedSubscription ec2:CreateStoreImageTask ec2:CreateSubnet ec2:CreateSubnetCidrReservation ec2:CreateTrafficMirrorFilter ec2:CreateTrafficMirrorFilterRule ec2:CreateTrafficMirrorSession ec2:CreateTrafficMirrorTarget ec2:CreateTransitGateway ec2:CreateTransitGatewayConnect ec2:CreateTransitGatewayConnectPeer ec2:CreateTransitGatewayMeteringPolicy ec2:CreateTransitGatewayMeteringPolicyEntry ec2:CreateTransitGatewayMulticastDomain ec2:CreateTransitGatewayPeeringAttachment ec2:CreateTransitGatewayPolicyTable ec2:CreateTransitGatewayPrefixListReference ec2:CreateTransitGatewayRoute ec2:CreateTransitGatewayRouteTable ec2:CreateTransitGatewayRouteTableAnnouncement ec2:CreateTransitGatewayVpcAttachment ec2:CreateVerifiedAccessEndpoint ec2:CreateVerifiedAccessGroup ec2:CreateVerifiedAccessInstance ec2:CreateVerifiedAccessTrustProvider ec2:CreateVolume ec2:CreateVpc ec2:CreateVpcBlockPublicAccessExclusion ec2:CreateVpcEncryptionControl ec2:CreateVpcEndpoint ec2:CreateVpcEndpointConnectionNotification ec2:CreateVpcEndpointServiceConfiguration ec2:CreateVpcPeeringConnection ec2:CreateVpnConcentrator ec2:CreateVpnConnection ec2:CreateVpnConnectionRoute ec2:CreateVpnGateway ec2:DeleteCapacityManagerDataExport ec2:DeleteCarrierGateway ec2:DeleteClientVpnEndpoint ec2:DeleteClientVpnRoute ec2:DeleteCoipCidr ec2:DeleteCoipPool ec2:DeleteCustomerGateway ec2:DeleteDhcpOptions ec2:DeleteEgressOnlyInternetGateway ec2:DeleteFleets ec2:DeleteFlowLogs ec2:DeleteFpgaImage ec2:DeleteImageUsageReport ec2:DeleteInstanceConnectEndpoint ec2:DeleteInstanceEventWindow ec2:DeleteInternetGateway ec2:DeleteIpam ec2:DeleteIpamExternalResourceVerificationToken ec2:DeleteIpamPolicy ec2:DeleteIpamPool ec2:DeleteIpamPrefixListResolver ec2:DeleteIpamPrefixListResolverTarget ec2:DeleteIpamResourceDiscovery ec2:DeleteIpamScope ec2:DeleteKeyPair ec2:DeleteLaunchTemplate ec2:DeleteLaunchTemplateVersions ec2:DeleteLocalGatewayRoute ec2:DeleteLocalGatewayRouteTable ec2:DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation ec2:DeleteLocalGatewayRouteTableVpcAssociation ec2:DeleteLocalGatewayVirtualInterface ec2:DeleteLocalGatewayVirtualInterfaceGroup ec2:DeleteManagedPrefixList ec2:DeleteNatGateway ec2:DeleteNetworkAcl ec2:DeleteNetworkAclEntry ec2:DeleteNetworkInsightsAccessScope ec2:DeleteNetworkInsightsAccessScopeAnalysis ec2:DeleteNetworkInsightsAnalysis ec2:DeleteNetworkInsightsPath ec2:DeleteNetworkInterface ec2:DeleteNetworkInterfacePermission ec2:DeletePlacementGroup ec2:DeletePublicIpv4Pool ec2:DeleteQueuedReservedInstances ec2:DeleteRoute ec2:DeleteRouteServer ec2:DeleteRouteServerEndpoint ec2:DeleteRouteServerPeer ec2:DeleteRouteTable ec2:DeleteSecurityGroup ec2:DeleteSpotDatafeedSubscription ec2:DeleteSubnet ec2:DeleteSubnetCidrReservation ec2:DeleteTrafficMirrorFilter ec2:DeleteTrafficMirrorFilterRule ec2:DeleteTrafficMirrorSession ec2:DeleteTrafficMirrorTarget ec2:DeleteTransitGateway ec2:DeleteTransitGatewayConnect ec2:DeleteTransitGatewayConnectPeer ec2:DeleteTransitGatewayMeteringPolicy ec2:DeleteTransitGatewayMeteringPolicyEntry ec2:DeleteTransitGatewayMulticastDomain ec2:DeleteTransitGatewayPeeringAttachment ec2:DeleteTransitGatewayPolicyTable ec2:DeleteTransitGatewayPrefixListReference ec2:DeleteTransitGatewayRoute ec2:DeleteTransitGatewayRouteTable ec2:DeleteTransitGatewayRouteTableAnnouncement ec2:DeleteTransitGatewayVpcAttachment ec2:DeleteVerifiedAccessEndpoint ec2:DeleteVerifiedAccessGroup ec2:DeleteVerifiedAccessInstance ec2:DeleteVerifiedAccessTrustProvider ec2:DeleteVolume ec2:DeleteVpc ec2:DeleteVpcBlockPublicAccessExclusion ec2:DeleteVpcEncryptionControl ec2:DeleteVpcEndpointConnectionNotifications ec2:DeleteVpcEndpointServiceConfigurations ec2:DeleteVpcEndpoints ec2:DeleteVpcPeeringConnection ec2:DeleteVpnConcentrator ec2:DeleteVpnConnection ec2:DeleteVpnConnectionRoute ec2:DeleteVpnGateway ec2:DeprovisionByoipCidr ec2:DeprovisionIpamByoasn ec2:DeprovisionIpamPoolCidr ec2:DeprovisionPublicIpv4PoolCidr ec2:DeregisterImage ec2:DeregisterInstanceEventNotificationAttributes ec2:DeregisterTransitGatewayMulticastGroupMembers ec2:DeregisterTransitGatewayMulticastGroupSources ec2:DescribeAccountAttributes ec2:DescribeAddressTransfers ec2:DescribeAddresses ec2:DescribeAddressesAttribute ec2:DescribeAggregateIdFormat ec2:DescribeAvailabilityZones ec2:DescribeAwsNetworkPerformanceMetricSubscriptions ec2:DescribeBundleTasks ec2:DescribeByoipCidrs ec2:DescribeCapacityBlockExtensionHistory ec2:DescribeCapacityBlockExtensionOfferings ec2:DescribeCapacityBlockStatus ec2:DescribeCapacityBlocks ec2:DescribeCapacityManagerDataExports ec2:DescribeCapacityReservationBillingRequests ec2:DescribeCapacityReservationFleets ec2:DescribeCapacityReservationTopology ec2:DescribeCapacityReservations ec2:DescribeCarrierGateways ec2:DescribeClassicLinkInstances ec2:DescribeClientVpnAuthorizationRules ec2:DescribeClientVpnConnections ec2:DescribeClientVpnEndpoints ec2:DescribeClientVpnRoutes ec2:DescribeClientVpnTargetNetworks ec2:DescribeCoipPools ec2:DescribeConversionTasks ec2:DescribeCustomerGateways ec2:DescribeDeclarativePoliciesReports ec2:DescribeDhcpOptions ec2:DescribeEgressOnlyInternetGateways ec2:DescribeElasticGpus ec2:DescribeExportImageTasks ec2:DescribeExportTasks ec2:DescribeFastLaunchImages ec2:DescribeFastSnapshotRestores ec2:DescribeFleetHistory ec2:DescribeFleetInstances ec2:DescribeFleets ec2:DescribeFlowLogs ec2:DescribeFpgaImageAttribute ec2:DescribeFpgaImages ec2:DescribeHostReservationOfferings ec2:DescribeHostReservations ec2:DescribeHosts ec2:DescribeIamInstanceProfileAssociations ec2:DescribeIdFormat ec2:DescribeIdentityIdFormat ec2:DescribeImageAttribute ec2:DescribeImageReferences ec2:DescribeImageUsageReportEntries ec2:DescribeImageUsageReports ec2:DescribeImportImageTasks ec2:DescribeImportSnapshotTasks ec2:DescribeInstanceConnectEndpoints ec2:DescribeInstanceCreditSpecifications ec2:DescribeInstanceEventNotificationAttributes ec2:DescribeInstanceEventWindows ec2:DescribeInstanceImageMetadata ec2:DescribeInstanceSqlHaHistoryStates ec2:DescribeInstanceSqlHaStates ec2:DescribeInstanceTopology ec2:DescribeInstanceTypes ec2:DescribeInternetGateways ec2:DescribeIpamByoasn ec2:DescribeIpamExternalResourceVerificationTokens ec2:DescribeIpamPolicies ec2:DescribeIpamPools ec2:DescribeIpamPrefixListResolverTargets ec2:DescribeIpamPrefixListResolvers ec2:DescribeIpamResourceDiscoveries ec2:DescribeIpamResourceDiscoveryAssociations ec2:DescribeIpamScopes ec2:DescribeIpams ec2:DescribeIpv6Pools ec2:DescribeKeyPairs ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations ec2:DescribeLocalGatewayRouteTableVpcAssociations ec2:DescribeLocalGatewayRouteTables ec2:DescribeLocalGatewayVirtualInterfaceGroups ec2:DescribeLocalGatewayVirtualInterfaces ec2:DescribeLocalGateways ec2:DescribeLockedSnapshots ec2:DescribeMacHosts ec2:DescribeMacModificationTasks ec2:DescribeManagedPrefixLists ec2:DescribeMovingAddresses ec2:DescribeNatGateways ec2:DescribeNetworkAcls ec2:DescribeNetworkInsightsAccessScopeAnalyses ec2:DescribeNetworkInsightsAccessScopes ec2:DescribeNetworkInsightsAnalyses ec2:DescribeNetworkInsightsPaths ec2:DescribeNetworkInterfaceAttribute ec2:DescribeNetworkInterfacePermissions ec2:DescribeNetworkInterfaces ec2:DescribeOutpostLags ec2:DescribePlacementGroups ec2:DescribePrefixLists ec2:DescribePrincipalIdFormat ec2:DescribePublicIpv4Pools ec2:DescribeRegions ec2:DescribeReplaceRootVolumeTasks ec2:DescribeReservedInstances ec2:DescribeReservedInstancesListings ec2:DescribeReservedInstancesModifications ec2:DescribeReservedInstancesOfferings ec2:DescribeRouteServerEndpoints ec2:DescribeRouteServerPeers ec2:DescribeRouteServers ec2:DescribeRouteTables ec2:DescribeScheduledInstanceAvailability ec2:DescribeScheduledInstances ec2:DescribeSecurityGroupReferences ec2:DescribeSecurityGroupRules ec2:DescribeSecurityGroupVpcAssociations ec2:DescribeSecurityGroups ec2:DescribeServiceLinkVirtualInterfaces ec2:DescribeSnapshotAttribute ec2:DescribeSnapshotTierStatus ec2:DescribeSpotDatafeedSubscription ec2:DescribeSpotFleetInstances ec2:DescribeSpotFleetRequestHistory ec2:DescribeSpotFleetRequests ec2:DescribeSpotInstanceRequests ec2:DescribeSpotPriceHistory ec2:DescribeStaleSecurityGroups ec2:DescribeStoreImageTasks ec2:DescribeTrafficMirrorFilterRules ec2:DescribeTrafficMirrorFilters ec2:DescribeTrafficMirrorSessions ec2:DescribeTrafficMirrorTargets ec2:DescribeTransitGatewayAttachments ec2:DescribeTransitGatewayConnectPeers ec2:DescribeTransitGatewayConnects ec2:DescribeTransitGatewayMeteringPolicies ec2:DescribeTransitGatewayMulticastDomains ec2:DescribeTransitGatewayPeeringAttachments ec2:DescribeTransitGatewayPolicyTables ec2:DescribeTransitGatewayRouteTableAnnouncements ec2:DescribeTransitGatewayRouteTables ec2:DescribeTransitGatewayVpcAttachments ec2:DescribeTransitGateways ec2:DescribeTrunkInterfaceAssociations ec2:DescribeVerifiedAccessEndpoints ec2:DescribeVerifiedAccessGroups ec2:DescribeVerifiedAccessInstanceLoggingConfigurations ec2:DescribeVerifiedAccessInstances ec2:DescribeVerifiedAccessTrustProviders ec2:DescribeVolumeAttribute ec2:DescribeVolumeStatus ec2:DescribeVolumes ec2:DescribeVolumesModifications ec2:DescribeVpcAttribute ec2:DescribeVpcBlockPublicAccessExclusions ec2:DescribeVpcBlockPublicAccessOptions ec2:DescribeVpcClassicLink ec2:DescribeVpcClassicLinkDnsSupport ec2:DescribeVpcEncryptionControls ec2:DescribeVpcEndpointAssociations ec2:DescribeVpcEndpointConnectionNotifications ec2:DescribeVpcEndpointConnections ec2:DescribeVpcEndpointServiceConfigurations ec2:DescribeVpcEndpointServicePermissions ec2:DescribeVpcEndpointServices ec2:DescribeVpcEndpoints ec2:DescribeVpcPeeringConnections ec2:DescribeVpcs ec2:DescribeVpnConcentrators ec2:DescribeVpnConnections ec2:DescribeVpnGateways ec2:DetachClassicLinkVpc ec2:DetachInternetGateway ec2:DetachNetworkInterface ec2:DetachVerifiedAccessTrustProvider ec2:DetachVolume ec2:DetachVpnGateway ec2:DisableAddressTransfer ec2:DisableAllowedImagesSettings ec2:DisableAwsNetworkPerformanceMetricSubscription ec2:DisableCapacityManager ec2:DisableEbsEncryptionByDefault ec2:DisableFastLaunch ec2:DisableFastSnapshotRestores ec2:DisableImage ec2:DisableImageBlockPublicAccess ec2:DisableImageDeprecation ec2:DisableImageDeregistrationProtection ec2:DisableInstanceSqlHaStandbyDetections ec2:DisableIpamOrganizationAdminAccount ec2:DisableIpamPolicy ec2:DisableRouteServerPropagation ec2:DisableSerialConsoleAccess ec2:DisableSnapshotBlockPublicAccess ec2:DisableTransitGatewayRouteTablePropagation ec2:DisableVgwRoutePropagation ec2:DisableVpcClassicLink ec2:DisableVpcClassicLinkDnsSupport ec2:DisassociateAddress ec2:DisassociateCapacityReservationBillingOwner ec2:DisassociateClientVpnTargetNetwork ec2:DisassociateEnclaveCertificateIamRole ec2:DisassociateIamInstanceProfile ec2:DisassociateInstanceEventWindow ec2:DisassociateIpamByoasn ec2:DisassociateIpamResourceDiscovery ec2:DisassociateNatGatewayAddress ec2:DisassociateRouteServer ec2:DisassociateRouteTable ec2:DisassociateSecurityGroupVpc ec2:DisassociateSubnetCidrBlock ec2:DisassociateTransitGatewayMulticastDomain ec2:DisassociateTransitGatewayPolicyTable ec2:DisassociateTransitGatewayRouteTable ec2:DisassociateTrunkInterface ec2:DisassociateVpcCidrBlock ec2:EnableAddressTransfer ec2:EnableAllowedImagesSettings ec2:EnableAwsNetworkPerformanceMetricSubscription ec2:EnableCapacityManager ec2:EnableEbsEncryptionByDefault ec2:EnableFastLaunch ec2:EnableFastSnapshotRestores ec2:EnableImage ec2:EnableImageBlockPublicAccess ec2:EnableImageDeprecation ec2:EnableImageDeregistrationProtection ec2:EnableInstanceSqlHaStandbyDetections ec2:EnableIpamOrganizationAdminAccount ec2:EnableIpamPolicy ec2:EnableReachabilityAnalyzerOrganizationSharing ec2:EnableRouteServerPropagation ec2:EnableSerialConsoleAccess ec2:EnableSnapshotBlockPublicAccess ec2:EnableTransitGatewayRouteTablePropagation ec2:EnableVgwRoutePropagation ec2:EnableVolumeIO ec2:EnableVpcClassicLink ec2:EnableVpcClassicLinkDnsSupport ec2:ExportClientVpnClientCertificateRevocationList ec2:ExportClientVpnClientConfiguration ec2:ExportImage ec2:ExportTransitGatewayRoutes ec2:ExportVerifiedAccessInstanceClientConfiguration ec2:GetActiveVpnTunnelStatus ec2:GetAllowedImagesSettings ec2:GetAssociatedEnclaveCertificateIamRoles ec2:GetAssociatedIpv6PoolCidrs ec2:GetAwsNetworkPerformanceData ec2:GetCapacityManagerAttributes ec2:GetCapacityManagerMetricData ec2:GetCapacityManagerMetricDimensions ec2:GetCapacityReservationUsage ec2:GetCoipPoolUsage ec2:GetConsoleOutput ec2:GetConsoleScreenshot ec2:GetDeclarativePoliciesReportSummary ec2:GetDefaultCreditSpecification ec2:GetEbsDefaultKmsKeyId ec2:GetEbsEncryptionByDefault ec2:GetEnabledIpamPolicy ec2:GetFlowLogsIntegrationTemplate ec2:GetGroupsForCapacityReservation ec2:GetHostReservationPurchasePreview ec2:GetImageAncestry ec2:GetImageBlockPublicAccessState ec2:GetInstanceMetadataDefaults ec2:GetInstanceTpmEkPub ec2:GetInstanceTypesFromInstanceRequirements ec2:GetInstanceUefiData ec2:GetIpamAddressHistory ec2:GetIpamDiscoveredAccounts ec2:GetIpamDiscoveredPublicAddresses ec2:GetIpamDiscoveredResourceCidrs ec2:GetIpamPolicyAllocationRules ec2:GetIpamPolicyOrganizationTargets ec2:GetIpamPoolAllocations ec2:GetIpamPoolCidrs ec2:GetIpamPrefixListResolverRules ec2:GetIpamPrefixListResolverVersionEntries ec2:GetIpamPrefixListResolverVersions ec2:GetIpamResourceCidrs ec2:GetLaunchTemplateData ec2:GetManagedPrefixListAssociations ec2:GetManagedPrefixListEntries ec2:GetNetworkInsightsAccessScopeAnalysisFindings ec2:GetNetworkInsightsAccessScopeContent ec2:GetPasswordData ec2:GetReservedInstancesExchangeQuote ec2:GetRouteServerAssociations ec2:GetRouteServerPropagations ec2:GetRouteServerRoutingDatabase ec2:GetSecurityGroupsForVpc ec2:GetSerialConsoleAccessStatus ec2:GetSnapshotBlockPublicAccessState ec2:GetSpotPlacementScores ec2:GetSubnetCidrReservations ec2:GetTransitGatewayAttachmentPropagations ec2:GetTransitGatewayMeteringPolicyEntries ec2:GetTransitGatewayMulticastDomainAssociations ec2:GetTransitGatewayPolicyTableAssociations ec2:GetTransitGatewayPolicyTableEntries ec2:GetTransitGatewayPrefixListReferences ec2:GetTransitGatewayRouteTableAssociations ec2:GetTransitGatewayRouteTablePropagations ec2:GetVerifiedAccessEndpointPolicy ec2:GetVerifiedAccessEndpointTargets ec2:GetVerifiedAccessGroupPolicy ec2:GetVpcResourcesBlockingEncryptionEnforcement ec2:GetVpnConnectionDeviceSampleConfiguration ec2:GetVpnConnectionDeviceTypes ec2:GetVpnTunnelReplacementStatus ec2:ImportClientVpnClientCertificateRevocationList ec2:ImportImage ec2:ImportInstance ec2:ImportKeyPair ec2:ImportSnapshot ec2:ImportVolume ec2:InjectVolumeIOLatency ec2:ListImagesInRecycleBin ec2:ListSnapshotsInRecycleBin ec2:ListVolumesInRecycleBin ec2:LockSnapshot ec2:ModifyAddressAttribute ec2:ModifyAvailabilityZoneGroup ec2:ModifyCapacityReservation ec2:ModifyCapacityReservationFleet ec2:ModifyClientVpnEndpoint ec2:ModifyDefaultCreditSpecification ec2:ModifyEbsDefaultKmsKeyId ec2:ModifyFleet ec2:ModifyFpgaImageAttribute ec2:ModifyHosts ec2:ModifyIdFormat ec2:ModifyIdentityIdFormat ec2:ModifyImageAttribute ec2:ModifyInstanceAttribute ec2:ModifyInstanceCapacityReservationAttributes ec2:ModifyInstanceConnectEndpoint ec2:ModifyInstanceCpuOptions ec2:ModifyInstanceCreditSpecification ec2:ModifyInstanceEventStartTime ec2:ModifyInstanceEventWindow ec2:ModifyInstanceMaintenanceOptions ec2:ModifyInstanceMetadataDefaults ec2:ModifyInstanceMetadataOptions ec2:ModifyInstanceNetworkPerformanceOptions ec2:ModifyInstancePlacement ec2:ModifyIpam ec2:ModifyIpamPolicyAllocationRules ec2:ModifyIpamPool ec2:ModifyIpamPrefixListResolver ec2:ModifyIpamPrefixListResolverTarget ec2:ModifyIpamResourceCidr ec2:ModifyIpamResourceDiscovery ec2:ModifyIpamScope ec2:ModifyLaunchTemplate ec2:ModifyLocalGatewayRoute ec2:ModifyManagedPrefixList ec2:ModifyNetworkInterfaceAttribute ec2:ModifyPrivateDnsNameOptions ec2:ModifyPublicIpDnsNameOptions ec2:ModifyReservedInstances ec2:ModifyRouteServer ec2:ModifySecurityGroupRules ec2:ModifySnapshotAttribute ec2:ModifySnapshotTier ec2:ModifySpotFleetRequest ec2:ModifySubnetAttribute ec2:ModifyTrafficMirrorFilterNetworkServices ec2:ModifyTrafficMirrorFilterRule ec2:ModifyTrafficMirrorSession ec2:ModifyTransitGateway ec2:ModifyTransitGatewayMeteringPolicy ec2:ModifyTransitGatewayPrefixListReference ec2:ModifyTransitGatewayVpcAttachment ec2:ModifyVerifiedAccessEndpoint ec2:ModifyVerifiedAccessEndpointPolicy ec2:ModifyVerifiedAccessGroup ec2:ModifyVerifiedAccessGroupPolicy ec2:ModifyVerifiedAccessInstance ec2:ModifyVerifiedAccessInstanceLoggingConfiguration ec2:ModifyVerifiedAccessTrustProvider ec2:ModifyVolume ec2:ModifyVolumeAttribute ec2:ModifyVpcAttribute ec2:ModifyVpcBlockPublicAccessExclusion ec2:ModifyVpcBlockPublicAccessOptions ec2:ModifyVpcEncryptionControl ec2:ModifyVpcEndpoint ec2:ModifyVpcEndpointConnectionNotification ec2:ModifyVpcEndpointServiceConfiguration ec2:ModifyVpcEndpointServicePayerResponsibility ec2:ModifyVpcEndpointServicePermissions ec2:ModifyVpcPeeringConnectionOptions ec2:ModifyVpcTenancy ec2:ModifyVpnConnection ec2:ModifyVpnConnectionOptions ec2:ModifyVpnTunnelCertificate ec2:ModifyVpnTunnelOptions ec2:MonitorInstances ec2:MoveAddressToVpc ec2:MoveByoipCidrToIpam ec2:MoveCapacityReservationInstances ec2:ProvisionByoipCidr ec2:ProvisionIpamByoasn ec2:ProvisionIpamPoolCidr ec2:ProvisionPublicIpv4PoolCidr ec2:PurchaseCapacityBlockExtension ec2:PurchaseHostReservation ec2:PurchaseReservedInstancesOffering ec2:PurchaseScheduledInstances ec2:RebootInstances ec2:RegisterImage ec2:RegisterInstanceEventNotificationAttributes ec2:RegisterTransitGatewayMulticastGroupMembers ec2:RegisterTransitGatewayMulticastGroupSources ec2:RejectCapacityReservationBillingOwnership ec2:RejectTransitGatewayMulticastDomainAssociations ec2:RejectTransitGatewayPeeringAttachment ec2:RejectTransitGatewayVpcAttachment ec2:RejectVpcEndpointConnections ec2:RejectVpcPeeringConnection ec2:ReleaseAddress ec2:ReleaseHosts ec2:ReleaseIpamPoolAllocation ec2:ReplaceIamInstanceProfileAssociation ec2:ReplaceImageCriteriaInAllowedImagesSettings ec2:ReplaceNetworkAclAssociation ec2:ReplaceNetworkAclEntry ec2:ReplaceRoute ec2:ReplaceRouteTableAssociation ec2:ReplaceTransitGatewayRoute ec2:ReplaceVpnTunnel ec2:ReportInstanceStatus ec2:RequestSpotFleet ec2:RequestSpotInstances ec2:ResetAddressAttribute ec2:ResetEbsDefaultKmsKeyId ec2:ResetFpgaImageAttribute ec2:ResetImageAttribute ec2:ResetInstanceAttribute ec2:ResetNetworkInterfaceAttribute ec2:ResetSnapshotAttribute ec2:RestoreAddressToClassic ec2:RestoreImageFromRecycleBin ec2:RestoreManagedPrefixListVersion ec2:RestoreSnapshotFromRecycleBin ec2:RestoreSnapshotTier ec2:RestoreVolumeFromRecycleBin ec2:RevokeClientVpnIngress ec2:RevokeSecurityGroupEgress ec2:RevokeSecurityGroupIngress ec2:RunInstances ec2:RunScheduledInstances ec2:SearchLocalGatewayRoutes ec2:SearchTransitGatewayMulticastGroups ec2:SearchTransitGatewayRoutes ec2:SendDiagnosticInterrupt ec2:StartDeclarativePoliciesReport ec2:StartInstances ec2:StartNetworkInsightsAccessScopeAnalysis ec2:StartNetworkInsightsAnalysis ec2:StartVpcEndpointServicePrivateDnsVerification ec2:TerminateClientVpnConnections ec2:UnassignIpv6Addresses ec2:UnassignPrivateIpAddresses ec2:UnassignPrivateNatGatewayAddress ec2:UnlockSnapshot ec2:UnmonitorInstances ec2:UpdateCapacityManagerOrganizationsAccess ec2:UpdateInterruptibleCapacityReservationAllocation ec2:UpdateSecurityGroupRuleDescriptionsEgress ec2:UpdateSecurityGroupRuleDescriptionsIngress ec2:WithdrawByoipCidr |
| ecr | ecr:BatchCheckLayerAvailability ecr:BatchDeleteImage ecr:BatchGetImage ecr:BatchGetRepositoryScanningConfiguration ecr:CompleteLayerUpload ecr:CreatePullThroughCacheRule ecr:CreateRepositoryCreationTemplate ecr:DeleteLifecyclePolicy ecr:DeletePullThroughCacheRule ecr:DeleteRegistryPolicy ecr:DeleteRepository ecr:DeleteRepositoryCreationTemplate ecr:DeleteRepositoryPolicy ecr:DeleteSigningConfiguration ecr:DescribeImageReplicationStatus ecr:DescribeImageScanFindings ecr:DescribeImages ecr:DescribePullThroughCacheRules ecr:DescribeRegistry ecr:DescribeRepositories ecr:DescribeRepositoryCreationTemplates ecr:GetAccountSetting ecr:GetAuthorizationToken ecr:GetDownloadUrlForLayer ecr:GetLifecyclePolicy ecr:GetLifecyclePolicyPreview ecr:GetRegistryPolicy ecr:GetRegistryScanningConfiguration ecr:GetRepositoryPolicy ecr:GetSigningConfiguration ecr:InitiateLayerUpload ecr:ListImages ecr:ListPullTimeUpdateExclusions ecr:PutAccountSetting ecr:PutImage ecr:PutImageScanningConfiguration ecr:PutRegistryPolicy ecr:PutRegistryScanningConfiguration ecr:PutReplicationConfiguration ecr:StartImageScan ecr:StartLifecyclePolicyPreview ecr:UpdatePullThroughCacheRule ecr:UpdateRepositoryCreationTemplate ecr:UploadLayerPart ecr:ValidatePullThroughCacheRule |
| ecr-public | ecr-public:BatchCheckLayerAvailability ecr-public:BatchDeleteImage ecr-public:CompleteLayerUpload ecr-public:CreateRepository ecr-public:DeleteRepository ecr-public:DeleteRepositoryPolicy ecr-public:DescribeImages ecr-public:DescribeRegistries ecr-public:DescribeRepositories ecr-public:GetAuthorizationToken ecr-public:GetRegistryCatalogData ecr-public:GetRepositoryCatalogData ecr-public:GetRepositoryPolicy ecr-public:InitiateLayerUpload ecr-public:PutImage ecr-public:PutRegistryCatalogData ecr-public:PutRepositoryCatalogData ecr-public:SetRepositoryPolicy ecr-public:UploadLayerPart |
| ecs | ecs:CreateCapacityProvider ecs:CreateCluster ecs:CreateService ecs:CreateTaskSet ecs:DeleteAccountSetting ecs:DeleteAttributes ecs:DeleteCapacityProvider ecs:DeleteCluster ecs:DeleteExpressGatewayService ecs:DeleteService ecs:DeleteTaskDefinitions ecs:DeleteTaskSet ecs:DeregisterContainerInstance ecs:DeregisterTaskDefinition ecs:DescribeCapacityProviders ecs:DescribeClusters ecs:DescribeContainerInstances ecs:DescribeExpressGatewayService ecs:DescribeServiceDeployments ecs:DescribeServiceRevisions ecs:DescribeServices ecs:DescribeTaskDefinition ecs:DescribeTaskSets ecs:DescribeTasks ecs:DiscoverPollEndpoint ecs:ExecuteCommand ecs:GetTaskProtection ecs:ListAccountSettings ecs:ListAttributes ecs:ListClusters ecs:ListContainerInstances ecs:ListServiceDeployments ecs:ListServices ecs:ListServicesByNamespace ecs:ListTaskDefinitionFamilies ecs:ListTaskDefinitions ecs:ListTasks ecs:PutAccountSetting ecs:PutAccountSettingDefault ecs:PutAttributes ecs:PutClusterCapacityProviders ecs:RegisterContainerInstance ecs:RunTask ecs:StartTask ecs:StopServiceDeployment ecs:StopTask ecs:SubmitAttachmentStateChanges ecs:SubmitContainerStateChange ecs:SubmitTaskStateChange ecs:UpdateCapacityProvider ecs:UpdateCluster ecs:UpdateClusterSettings ecs:UpdateContainerAgent ecs:UpdateContainerInstancesState ecs:UpdateExpressGatewayService ecs:UpdateService ecs:UpdateServicePrimaryTaskSet ecs:UpdateTaskProtection ecs:UpdateTaskSet |
| eks | eks:AssociateAccessPolicy eks:AssociateEncryptionConfig eks:AssociateIdentityProviderConfig eks:CreateAccessEntry eks:CreateAddon eks:CreateCluster eks:CreateEksAnywhereSubscription eks:CreateFargateProfile eks:CreateNodegroup eks:DeleteAccessEntry eks:DeleteAddon eks:DeleteCapability eks:DeleteCluster eks:DeleteEksAnywhereSubscription eks:DeleteFargateProfile eks:DeleteNodegroup eks:DeletePodIdentityAssociation eks:DeregisterCluster eks:DescribeAccessEntry eks:DescribeAddon eks:DescribeAddonConfiguration eks:DescribeAddonVersions eks:DescribeCapability eks:DescribeCluster eks:DescribeClusterVersions eks:DescribeEksAnywhereSubscription eks:DescribeFargateProfile eks:DescribeIdentityProviderConfig eks:DescribeInsight eks:DescribeInsightsRefresh eks:DescribeNodegroup eks:DescribePodIdentityAssociation eks:DescribeUpdate eks:DisassociateAccessPolicy eks:DisassociateIdentityProviderConfig eks:ListAccessEntries eks:ListAccessPolicies eks:ListAddons eks:ListAssociatedAccessPolicies eks:ListCapabilities eks:ListClusters eks:ListEksAnywhereSubscriptions eks:ListFargateProfiles eks:ListIdentityProviderConfigs eks:ListInsights eks:ListNodegroups eks:ListPodIdentityAssociations eks:ListUpdates eks:RegisterCluster eks:StartInsightsRefresh eks:UpdateAccessEntry eks:UpdateAddon eks:UpdateCapability eks:UpdateClusterConfig eks:UpdateClusterVersion eks:UpdateEksAnywhereSubscription eks:UpdateNodegroupConfig eks:UpdateNodegroupVersion eks:UpdatePodIdentityAssociation |
| elasticache | elasticache:AuthorizeCacheSecurityGroupIngress elasticache:BatchApplyUpdateAction elasticache:BatchStopUpdateAction elasticache:CompleteMigration elasticache:CopyServerlessCacheSnapshot elasticache:CopySnapshot elasticache:CreateCacheCluster elasticache:CreateCacheParameterGroup elasticache:CreateCacheSecurityGroup elasticache:CreateCacheSubnetGroup elasticache:CreateGlobalReplicationGroup elasticache:CreateReplicationGroup elasticache:CreateServerlessCache elasticache:CreateServerlessCacheSnapshot elasticache:CreateSnapshot elasticache:CreateUser elasticache:CreateUserGroup elasticache:DecreaseNodeGroupsInGlobalReplicationGroup elasticache:DecreaseReplicaCount elasticache:DeleteCacheCluster elasticache:DeleteCacheParameterGroup elasticache:DeleteCacheSecurityGroup elasticache:DeleteCacheSubnetGroup elasticache:DeleteGlobalReplicationGroup elasticache:DeleteReplicationGroup elasticache:DeleteServerlessCache elasticache:DeleteServerlessCacheSnapshot elasticache:DeleteSnapshot elasticache:DeleteUser elasticache:DeleteUserGroup elasticache:DescribeCacheClusters elasticache:DescribeCacheEngineVersions elasticache:DescribeCacheParameterGroups elasticache:DescribeCacheParameters elasticache:DescribeCacheSecurityGroups elasticache:DescribeCacheSubnetGroups elasticache:DescribeEngineDefaultParameters elasticache:DescribeEvents elasticache:DescribeGlobalReplicationGroups elasticache:DescribeReplicationGroups elasticache:DescribeReservedCacheNodes elasticache:DescribeReservedCacheNodesOfferings elasticache:DescribeServerlessCacheSnapshots elasticache:DescribeServerlessCaches elasticache:DescribeServiceUpdates elasticache:DescribeSnapshots elasticache:DescribeUpdateActions elasticache:DescribeUserGroups elasticache:DescribeUsers elasticache:DisassociateGlobalReplicationGroup elasticache:ExportServerlessCacheSnapshot elasticache:FailoverGlobalReplicationGroup elasticache:IncreaseNodeGroupsInGlobalReplicationGroup elasticache:IncreaseReplicaCount elasticache:ListAllowedNodeTypeModifications elasticache:ModifyCacheCluster elasticache:ModifyCacheParameterGroup elasticache:ModifyCacheSubnetGroup elasticache:ModifyGlobalReplicationGroup elasticache:ModifyReplicationGroup elasticache:ModifyReplicationGroupShardConfiguration elasticache:ModifyServerlessCache elasticache:ModifyUser elasticache:ModifyUserGroup elasticache:PurchaseReservedCacheNodesOffering elasticache:RebalanceSlotsInGlobalReplicationGroup elasticache:RebootCacheCluster elasticache:ResetCacheParameterGroup elasticache:RevokeCacheSecurityGroupIngress elasticache:StartMigration elasticache:TestFailover elasticache:TestMigration |
| elasticbeanstalk | elasticbeanstalk:AbortEnvironmentUpdate elasticbeanstalk:ApplyEnvironmentManagedAction elasticbeanstalk:AssociateEnvironmentOperationsRole elasticbeanstalk:CheckDNSAvailability elasticbeanstalk:ComposeEnvironments elasticbeanstalk:CreateApplication elasticbeanstalk:CreateApplicationVersion elasticbeanstalk:CreateConfigurationTemplate elasticbeanstalk:CreateEnvironment elasticbeanstalk:CreatePlatformVersion elasticbeanstalk:CreateStorageLocation elasticbeanstalk:DeleteApplication elasticbeanstalk:DeleteApplicationVersion elasticbeanstalk:DeleteConfigurationTemplate elasticbeanstalk:DeleteEnvironmentConfiguration elasticbeanstalk:DeletePlatformVersion elasticbeanstalk:DescribeAccountAttributes elasticbeanstalk:DescribeApplicationVersions elasticbeanstalk:DescribeApplications elasticbeanstalk:DescribeConfigurationOptions elasticbeanstalk:DescribeConfigurationSettings elasticbeanstalk:DescribeEnvironmentHealth elasticbeanstalk:DescribeEnvironmentManagedActionHistory elasticbeanstalk:DescribeEnvironmentManagedActions elasticbeanstalk:DescribeEnvironmentResources elasticbeanstalk:DescribeEnvironments elasticbeanstalk:DescribeEvents elasticbeanstalk:DescribeInstancesHealth elasticbeanstalk:DescribePlatformVersion elasticbeanstalk:DisassociateEnvironmentOperationsRole elasticbeanstalk:ListAvailableSolutionStacks elasticbeanstalk:ListPlatformBranches elasticbeanstalk:ListPlatformVersions elasticbeanstalk:RebuildEnvironment elasticbeanstalk:RequestEnvironmentInfo elasticbeanstalk:RestartAppServer elasticbeanstalk:RetrieveEnvironmentInfo elasticbeanstalk:SwapEnvironmentCNAMEs elasticbeanstalk:TerminateEnvironment elasticbeanstalk:UpdateApplication elasticbeanstalk:UpdateApplicationResourceLifecycle elasticbeanstalk:UpdateApplicationVersion elasticbeanstalk:UpdateConfigurationTemplate elasticbeanstalk:UpdateEnvironment elasticbeanstalk:ValidateConfigurationSettings |
| elasticfilesystem | elasticfilesystem:CreateAccessPoint elasticfilesystem:CreateFileSystem elasticfilesystem:CreateMountTarget elasticfilesystem:CreateReplicationConfiguration elasticfilesystem:DeleteAccessPoint elasticfilesystem:DeleteFileSystem elasticfilesystem:DeleteFileSystemPolicy elasticfilesystem:DeleteMountTarget elasticfilesystem:DeleteReplicationConfiguration elasticfilesystem:DescribeAccessPoints elasticfilesystem:DescribeAccountPreferences elasticfilesystem:DescribeBackupPolicy elasticfilesystem:DescribeFileSystemPolicy elasticfilesystem:DescribeFileSystems elasticfilesystem:DescribeLifecycleConfiguration elasticfilesystem:DescribeMountTargetSecurityGroups elasticfilesystem:DescribeMountTargets elasticfilesystem:DescribeReplicationConfigurations elasticfilesystem:ModifyMountTargetSecurityGroups elasticfilesystem:PutAccountPreferences elasticfilesystem:PutBackupPolicy elasticfilesystem:PutFileSystemPolicy elasticfilesystem:PutLifecycleConfiguration elasticfilesystem:UpdateFileSystem elasticfilesystem:UpdateFileSystemProtection |
| elasticloadbalancing | elasticloadbalancing:AddListenerCertificates elasticloadbalancing:AddTrustStoreRevocations elasticloadbalancing:ApplySecurityGroupsToLoadBalancer elasticloadbalancing:AttachLoadBalancerToSubnets elasticloadbalancing:ConfigureHealthCheck elasticloadbalancing:CreateAppCookieStickinessPolicy elasticloadbalancing:CreateLBCookieStickinessPolicy elasticloadbalancing:CreateListener elasticloadbalancing:CreateLoadBalancer elasticloadbalancing:CreateLoadBalancerListeners elasticloadbalancing:CreateLoadBalancerPolicy elasticloadbalancing:CreateRule elasticloadbalancing:CreateTargetGroup elasticloadbalancing:CreateTrustStore elasticloadbalancing:CreateWebACLAssociation elasticloadbalancing:DeleteListener elasticloadbalancing:DeleteLoadBalancer elasticloadbalancing:DeleteLoadBalancerListeners elasticloadbalancing:DeleteLoadBalancerPolicy elasticloadbalancing:DeleteRule elasticloadbalancing:DeleteSharedTrustStoreAssociation elasticloadbalancing:DeleteTargetGroup elasticloadbalancing:DeleteTrustStore elasticloadbalancing:DeleteWebACLAssociation elasticloadbalancing:DeregisterInstancesFromLoadBalancer elasticloadbalancing:DeregisterTargets elasticloadbalancing:DescribeAccountLimits elasticloadbalancing:DescribeCapacityReservation elasticloadbalancing:DescribeInstanceHealth elasticloadbalancing:DescribeListenerAttributes elasticloadbalancing:DescribeListenerCertificates elasticloadbalancing:DescribeListeners elasticloadbalancing:DescribeLoadBalancerAttributes elasticloadbalancing:DescribeLoadBalancerPolicies elasticloadbalancing:DescribeLoadBalancerPolicyTypes elasticloadbalancing:DescribeLoadBalancers elasticloadbalancing:DescribeRules elasticloadbalancing:DescribeSSLPolicies elasticloadbalancing:DescribeTargetGroupAttributes elasticloadbalancing:DescribeTargetGroups elasticloadbalancing:DescribeTargetHealth elasticloadbalancing:DescribeTrustStoreAssociations elasticloadbalancing:DescribeTrustStoreRevocations elasticloadbalancing:DescribeTrustStores elasticloadbalancing:DescribeWebACLAssociation elasticloadbalancing:DetachLoadBalancerFromSubnets elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer elasticloadbalancing:GetLoadBalancerWebACL elasticloadbalancing:GetResourcePolicy elasticloadbalancing:GetTrustStoreCaCertificatesBundle elasticloadbalancing:GetTrustStoreRevocationContent elasticloadbalancing:ModifyCapacityReservation elasticloadbalancing:ModifyIpPools elasticloadbalancing:ModifyListener elasticloadbalancing:ModifyLoadBalancerAttributes elasticloadbalancing:ModifyRule elasticloadbalancing:ModifyTargetGroup elasticloadbalancing:ModifyTargetGroupAttributes elasticloadbalancing:ModifyTrustStore elasticloadbalancing:RegisterInstancesWithLoadBalancer elasticloadbalancing:RegisterTargets elasticloadbalancing:RemoveListenerCertificates elasticloadbalancing:RemoveTrustStoreRevocations elasticloadbalancing:SetIpAddressType elasticloadbalancing:SetLoadBalancerListenerSSLCertificate elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer elasticloadbalancing:SetLoadBalancerPoliciesOfListener elasticloadbalancing:SetRulePriorities elasticloadbalancing:SetSecurityGroups elasticloadbalancing:SetSubnets |
| elastictranscoder | elastictranscoder:CancelJob elastictranscoder:CreateJob elastictranscoder:CreatePipeline elastictranscoder:CreatePreset elastictranscoder:DeletePipeline elastictranscoder:DeletePreset elastictranscoder:ListJobsByPipeline elastictranscoder:ListJobsByStatus elastictranscoder:ListPipelines elastictranscoder:ListPresets elastictranscoder:ReadJob elastictranscoder:ReadPipeline elastictranscoder:ReadPreset elastictranscoder:TestRole elastictranscoder:UpdatePipeline elastictranscoder:UpdatePipelineNotifications elastictranscoder:UpdatePipelineStatus |
| emr-containers | emr-containers:CancelJobRun emr-containers:CreateJobTemplate emr-containers:CreateManagedEndpoint emr-containers:CreateSecurityConfiguration emr-containers:CreateVirtualCluster emr-containers:DeleteJobTemplate emr-containers:DeleteManagedEndpoint emr-containers:DeleteVirtualCluster emr-containers:DescribeJobRun emr-containers:DescribeJobTemplate emr-containers:DescribeManagedEndpoint emr-containers:DescribeSecurityConfiguration emr-containers:DescribeVirtualCluster emr-containers:GetManagedEndpointSessionCredentials emr-containers:ListJobRuns emr-containers:ListJobTemplates emr-containers:ListManagedEndpoints emr-containers:ListSecurityConfigurations emr-containers:ListVirtualClusters emr-containers:StartJobRun |
| emr-serverless | emr-serverless:CancelJobRun emr-serverless:CreateApplication emr-serverless:DeleteApplication emr-serverless:GetApplication emr-serverless:GetDashboardForJobRun emr-serverless:GetJobRun emr-serverless:ListApplications emr-serverless:ListJobRunAttempts emr-serverless:ListJobRuns emr-serverless:StartApplication emr-serverless:StartJobRun emr-serverless:StopApplication emr-serverless:UpdateApplication |
| es | es:AcceptInboundConnection es:AcceptInboundCrossClusterSearchConnection es:AssociatePackage es:AuthorizeVpcEndpointAccess es:CancelElasticsearchServiceSoftwareUpdate es:CancelServiceSoftwareUpdate es:CreateDomain es:CreateElasticsearchDomain es:CreateIndex es:CreateOutboundConnection es:CreateOutboundCrossClusterSearchConnection es:CreatePackage es:CreateVpcEndpoint es:DeleteDomain es:DeleteElasticsearchDomain es:DeleteElasticsearchServiceRole es:DeleteInboundConnection es:DeleteInboundCrossClusterSearchConnection es:DeleteIndex es:DeleteOutboundConnection es:DeleteOutboundCrossClusterSearchConnection es:DeletePackage es:DeleteVpcEndpoint es:DescribeDomain es:DescribeDomainAutoTunes es:DescribeDomainChangeProgress es:DescribeDomainConfig es:DescribeDomainHealth es:DescribeDomainNodes es:DescribeDomains es:DescribeDryRunProgress es:DescribeElasticsearchDomain es:DescribeElasticsearchDomainConfig es:DescribeElasticsearchDomains es:DescribeElasticsearchInstanceTypeLimits es:DescribeInboundConnections es:DescribeInboundCrossClusterSearchConnections es:DescribeInstanceTypeLimits es:DescribeOutboundConnections es:DescribeOutboundCrossClusterSearchConnections es:DescribePackages es:DescribeReservedElasticsearchInstanceOfferings es:DescribeReservedElasticsearchInstances es:DescribeReservedInstanceOfferings es:DescribeReservedInstances es:DescribeVpcEndpoints es:DissociatePackage es:DissociatePackages es:GetCompatibleElasticsearchVersions es:GetCompatibleVersions es:GetDataSource es:GetDomainMaintenanceStatus es:GetPackageVersionHistory es:GetUpgradeHistory es:GetUpgradeStatus es:ListDataSources es:ListDomainNames es:ListDomainsForPackage es:ListElasticsearchInstanceTypes es:ListElasticsearchVersions es:ListInstanceTypeDetails es:ListPackagesForDomain es:ListScheduledActions es:ListVersions es:ListVpcEndpointAccess es:ListVpcEndpoints es:ListVpcEndpointsForDomain es:PurchaseReservedElasticsearchInstanceOffering es:PurchaseReservedInstanceOffering es:RejectInboundConnection es:RejectInboundCrossClusterSearchConnection es:RevokeVpcEndpointAccess es:StartDomainMaintenance es:StartElasticsearchServiceSoftwareUpdate es:StartServiceSoftwareUpdate es:UpdateDataSource es:UpdateDomainConfig es:UpdateElasticsearchDomainConfig es:UpdateIndex es:UpdatePackage es:UpdatePackageScope es:UpdateScheduledAction es:UpdateVpcEndpoint es:UpgradeDomain es:UpgradeElasticsearchDomain |
| events | events:ActivateEventSource events:CancelReplay events:CreateApiDestination events:CreateArchive events:CreateConnection events:CreateEndpoint events:CreateEventBus events:CreatePartnerEventSource events:DeactivateEventSource events:DeauthorizeConnection events:DeleteApiDestination events:DeleteArchive events:DeleteConnection events:DeleteEndpoint events:DeleteEventBus events:DeletePartnerEventSource events:DeleteRule events:DescribeApiDestination events:DescribeArchive events:DescribeConnection events:DescribeEndpoint events:DescribeEventBus events:DescribeEventSource events:DescribePartnerEventSource events:DescribeReplay events:DescribeRule events:DisableRule events:EnableRule events:ListApiDestinations events:ListArchives events:ListConnections events:ListEndpoints events:ListEventBuses events:ListEventSources events:ListPartnerEventSourceAccounts events:ListPartnerEventSources events:ListReplays events:ListRuleNamesByTarget events:ListRules events:ListTargetsByRule events:PutPermission events:PutRule events:PutTargets events:RemovePermission events:RemoveTargets events:StartReplay events:TestEventPattern events:UpdateApiDestination events:UpdateArchive events:UpdateConnection events:UpdateEndpoint events:UpdateEventBus |
| evidently | evidently:CreateExperiment evidently:CreateFeature evidently:CreateLaunch evidently:CreateProject evidently:CreateSegment evidently:DeleteExperiment evidently:DeleteFeature evidently:DeleteLaunch evidently:DeleteProject evidently:DeleteSegment evidently:GetExperiment evidently:GetExperimentResults evidently:GetFeature evidently:GetLaunch evidently:GetProject evidently:GetSegment evidently:ListExperiments evidently:ListFeatures evidently:ListLaunches evidently:ListProjects evidently:ListSegmentReferences evidently:ListSegments evidently:StartExperiment evidently:StartLaunch evidently:StopExperiment evidently:StopLaunch evidently:TestSegmentPattern evidently:UpdateExperiment evidently:UpdateFeature evidently:UpdateLaunch evidently:UpdateProject evidently:UpdateProjectDataDelivery |
| finspace | finspace:CreateEnvironment finspace:CreateKxChangeset finspace:CreateKxCluster finspace:CreateKxDatabase finspace:CreateKxDataview finspace:CreateKxEnvironment finspace:CreateKxScalingGroup finspace:CreateKxUser finspace:CreateKxVolume finspace:CreateUser finspace:DeleteEnvironment finspace:DeleteKxCluster finspace:DeleteKxClusterNode finspace:DeleteKxDatabase finspace:DeleteKxDataview finspace:DeleteKxEnvironment finspace:DeleteKxScalingGroup finspace:DeleteKxUser finspace:DeleteKxVolume finspace:GetEnvironment finspace:GetKxChangeset finspace:GetKxCluster finspace:GetKxConnectionString finspace:GetKxDatabase finspace:GetKxDataview finspace:GetKxEnvironment finspace:GetKxScalingGroup finspace:GetKxUser finspace:GetKxVolume finspace:GetLoadSampleDataSetGroupIntoEnvironmentStatus finspace:GetUser finspace:ListEnvironments finspace:ListKxChangesets finspace:ListKxClusterNodes finspace:ListKxClusters finspace:ListKxDatabases finspace:ListKxDataviews finspace:ListKxEnvironments finspace:ListKxScalingGroups finspace:ListKxUsers finspace:ListKxVolumes finspace:ListUsers finspace:LoadSampleDataSetGroupIntoEnvironment finspace:ResetUserPassword finspace:UpdateEnvironment finspace:UpdateKxClusterCodeConfiguration finspace:UpdateKxClusterDatabases finspace:UpdateKxDatabase finspace:UpdateKxDataview finspace:UpdateKxEnvironment finspace:UpdateKxEnvironmentNetwork finspace:UpdateKxUser finspace:UpdateKxVolume finspace:UpdateUser |
| firehose | firehose:CreateDeliveryStream firehose:DeleteDeliveryStream firehose:DescribeDeliveryStream firehose:ListDeliveryStreams firehose:StartDeliveryStreamEncryption firehose:StopDeliveryStreamEncryption firehose:UpdateDestination |
| fis | fis:CreateExperimentTemplate fis:CreateTargetAccountConfiguration fis:DeleteExperimentTemplate fis:DeleteTargetAccountConfiguration fis:GetAction fis:GetExperiment fis:GetExperimentTargetAccountConfiguration fis:GetExperimentTemplate fis:GetSafetyLever fis:GetTargetAccountConfiguration fis:GetTargetResourceType fis:ListActions fis:ListExperimentResolvedTargets fis:ListExperimentTargetAccountConfigurations fis:ListExperimentTemplates fis:ListExperiments fis:ListTargetAccountConfigurations fis:ListTargetResourceTypes fis:StartExperiment fis:StopExperiment fis:UpdateExperimentTemplate fis:UpdateSafetyLeverState fis:UpdateTargetAccountConfiguration |
| fms | fms:AssociateAdminAccount fms:AssociateThirdPartyFirewall fms:BatchAssociateResource fms:BatchDisassociateResource fms:DeleteAppsList fms:DeleteNotificationChannel fms:DeletePolicy fms:DeleteProtocolsList fms:DeleteResourceSet fms:DisassociateAdminAccount fms:DisassociateThirdPartyFirewall fms:GetAdminAccount fms:GetAdminScope fms:GetAppsList fms:GetComplianceDetail fms:GetNotificationChannel fms:GetPolicy fms:GetProtectionStatus fms:GetProtocolsList fms:GetResourceSet fms:GetThirdPartyFirewallAssociationStatus fms:GetViolationDetails fms:ListAdminAccountsForOrganization fms:ListAdminsManagingAccount fms:ListAppsLists fms:ListComplianceStatus fms:ListDiscoveredResources fms:ListMemberAccounts fms:ListPolicies fms:ListProtocolsLists fms:ListResourceSetResources fms:ListResourceSets fms:ListThirdPartyFirewallFirewallPolicies fms:PutAdminAccount fms:PutAppsList fms:PutNotificationChannel fms:PutPolicy fms:PutProtocolsList fms:PutResourceSet |
| frauddetector | frauddetector:BatchCreateVariable frauddetector:BatchGetVariable frauddetector:CancelBatchImportJob frauddetector:CancelBatchPredictionJob frauddetector:CreateBatchImportJob frauddetector:CreateBatchPredictionJob frauddetector:CreateDetectorVersion frauddetector:CreateList frauddetector:CreateModel frauddetector:CreateModelVersion frauddetector:CreateRule frauddetector:CreateVariable frauddetector:DeleteBatchImportJob frauddetector:DeleteBatchPredictionJob frauddetector:DeleteDetector frauddetector:DeleteDetectorVersion frauddetector:DeleteEntityType frauddetector:DeleteEvent frauddetector:DeleteEventType frauddetector:DeleteEventsByEventType frauddetector:DeleteExternalModel frauddetector:DeleteLabel frauddetector:DeleteList frauddetector:DeleteModel frauddetector:DeleteModelVersion frauddetector:DeleteOutcome frauddetector:DeleteRule frauddetector:DeleteVariable frauddetector:DescribeDetector frauddetector:DescribeModelVersions frauddetector:GetBatchImportJobs frauddetector:GetBatchPredictionJobs frauddetector:GetDeleteEventsByEventTypeStatus frauddetector:GetDetectorVersion frauddetector:GetDetectors frauddetector:GetEntityTypes frauddetector:GetEvent frauddetector:GetEventPrediction frauddetector:GetEventPredictionMetadata frauddetector:GetEventTypes frauddetector:GetExternalModels frauddetector:GetKMSEncryptionKey frauddetector:GetLabels frauddetector:GetListElements frauddetector:GetListsMetadata frauddetector:GetModelVersion frauddetector:GetModels frauddetector:GetOutcomes frauddetector:GetRules frauddetector:GetVariables frauddetector:ListEventPredictions frauddetector:PutDetector frauddetector:PutEntityType frauddetector:PutEventType frauddetector:PutExternalModel frauddetector:PutKMSEncryptionKey frauddetector:PutLabel frauddetector:PutOutcome frauddetector:SendEvent frauddetector:UpdateDetectorVersion frauddetector:UpdateDetectorVersionMetadata frauddetector:UpdateDetectorVersionStatus frauddetector:UpdateEventLabel frauddetector:UpdateList frauddetector:UpdateModel frauddetector:UpdateModelVersion frauddetector:UpdateModelVersionStatus frauddetector:UpdateRuleMetadata frauddetector:UpdateRuleVersion frauddetector:UpdateVariable |
| fsx | fsx:AssociateFileSystemAliases fsx:CancelDataRepositoryTask fsx:CopyBackup fsx:CreateDataRepositoryTask fsx:CreateFileCache fsx:CreateFileSystem fsx:CreateFileSystemFromBackup fsx:CreateSnapshot fsx:CreateStorageVirtualMachine fsx:CreateVolume fsx:CreateVolumeFromBackup fsx:DeleteBackup fsx:DeleteFileCache fsx:DeleteFileSystem fsx:DeleteSnapshot fsx:DeleteStorageVirtualMachine fsx:DeleteVolume fsx:DescribeBackups fsx:DescribeDataRepositoryAssociations fsx:DescribeDataRepositoryTasks fsx:DescribeFileCaches fsx:DescribeFileSystemAliases fsx:DescribeFileSystems fsx:DescribeS3AccessPointAttachments fsx:DescribeSharedVpcConfiguration fsx:DescribeSnapshots fsx:DescribeStorageVirtualMachines fsx:DescribeVolumes fsx:DetachAndDeleteS3AccessPoint fsx:DisassociateFileSystemAliases fsx:ReleaseFileSystemNfsV3Locks fsx:RestoreVolumeFromSnapshot fsx:StartMisconfiguredStateRecovery fsx:UpdateDataRepositoryAssociation fsx:UpdateFileCache fsx:UpdateFileSystem fsx:UpdateSharedVpcConfiguration fsx:UpdateSnapshot fsx:UpdateStorageVirtualMachine fsx:UpdateVolume |
| gamelift | gamelift:AcceptMatch gamelift:ClaimGameServer gamelift:CreateAlias gamelift:CreateBuild gamelift:CreateContainerGroupDefinition gamelift:CreateFleet gamelift:CreateFleetLocations gamelift:CreateGameServerGroup gamelift:CreateGameSession gamelift:CreateGameSessionQueue gamelift:CreateLocation gamelift:CreateMatchmakingConfiguration gamelift:CreateMatchmakingRuleSet gamelift:CreatePlayerSession gamelift:CreatePlayerSessions gamelift:CreateScript gamelift:CreateVpcPeeringAuthorization gamelift:CreateVpcPeeringConnection gamelift:DeleteAlias gamelift:DeleteBuild gamelift:DeleteContainerGroupDefinition gamelift:DeleteFleet gamelift:DeleteFleetLocations gamelift:DeleteGameServerGroup gamelift:DeleteGameSessionQueue gamelift:DeleteLocation gamelift:DeleteMatchmakingConfiguration gamelift:DeleteMatchmakingRuleSet gamelift:DeleteScalingPolicy gamelift:DeleteScript gamelift:DeleteVpcPeeringAuthorization gamelift:DeleteVpcPeeringConnection gamelift:DeregisterCompute gamelift:DeregisterGameServer gamelift:DescribeAlias gamelift:DescribeBuild gamelift:DescribeCompute gamelift:DescribeContainerFleet gamelift:DescribeContainerGroupDefinition gamelift:DescribeEC2InstanceLimits gamelift:DescribeFleetAttributes gamelift:DescribeFleetCapacity gamelift:DescribeFleetEvents gamelift:DescribeFleetLocationAttributes gamelift:DescribeFleetLocationCapacity gamelift:DescribeFleetLocationUtilization gamelift:DescribeFleetPortSettings gamelift:DescribeFleetUtilization gamelift:DescribeGameServer gamelift:DescribeGameServerGroup gamelift:DescribeGameServerInstances gamelift:DescribeGameSessionDetails gamelift:DescribeGameSessionPlacement gamelift:DescribeGameSessionQueues gamelift:DescribeGameSessions gamelift:DescribeInstances gamelift:DescribeMatchmaking gamelift:DescribeMatchmakingConfigurations gamelift:DescribeMatchmakingRuleSets gamelift:DescribePlayerSessions gamelift:DescribeRuntimeConfiguration gamelift:DescribeScalingPolicies gamelift:DescribeScript gamelift:DescribeVpcPeeringAuthorizations gamelift:DescribeVpcPeeringConnections gamelift:GetComputeAccess gamelift:GetComputeAuthToken gamelift:GetGameSessionLogUrl gamelift:GetInstanceAccess gamelift:ListAliases gamelift:ListBuilds gamelift:ListCompute gamelift:ListContainerFleets gamelift:ListContainerGroupDefinitionVersions gamelift:ListContainerGroupDefinitions gamelift:ListFleetDeployments gamelift:ListFleets gamelift:ListGameServerGroups gamelift:ListGameServers gamelift:ListLocations gamelift:ListScripts gamelift:PutScalingPolicy gamelift:RegisterCompute gamelift:RegisterGameServer gamelift:RequestUploadCredentials gamelift:ResolveAlias gamelift:ResumeGameServerGroup gamelift:SearchGameSessions gamelift:StartFleetActions gamelift:StartGameSessionPlacement gamelift:StartMatchBackfill gamelift:StartMatchmaking gamelift:StopFleetActions gamelift:StopGameSessionPlacement gamelift:StopMatchmaking gamelift:SuspendGameServerGroup gamelift:TerminateGameSession gamelift:UpdateAlias gamelift:UpdateBuild gamelift:UpdateContainerGroupDefinition gamelift:UpdateFleetAttributes gamelift:UpdateFleetCapacity gamelift:UpdateFleetPortSettings gamelift:UpdateGameServer gamelift:UpdateGameServerGroup gamelift:UpdateGameSession gamelift:UpdateGameSessionQueue gamelift:UpdateMatchmakingConfiguration gamelift:UpdateRuntimeConfiguration gamelift:UpdateScript gamelift:ValidateMatchmakingRuleSet |
| geo | geo:AssociateTrackerConsumer geo:BatchDeleteDevicePositionHistory geo:BatchDeleteGeofence geo:BatchEvaluateGeofences geo:BatchGetDevicePosition geo:BatchPutGeofence geo:BatchUpdateDevicePosition geo:CalculateRoute geo:CalculateRouteMatrix geo:CreateGeofenceCollection geo:CreateMap geo:CreatePlaceIndex geo:CreateRouteCalculator geo:CreateTracker geo:DeleteGeofenceCollection geo:DeleteKey geo:DeleteMap geo:DeletePlaceIndex geo:DeleteRouteCalculator geo:DeleteTracker geo:DescribeGeofenceCollection geo:DescribeKey geo:DescribeMap geo:DescribePlaceIndex geo:DescribeRouteCalculator geo:DescribeTracker geo:DisassociateTrackerConsumer geo:ForecastGeofenceEvents geo:GetDevicePosition geo:GetDevicePositionHistory geo:GetGeofence geo:GetMapGlyphs geo:GetMapSprites geo:GetMapStyleDescriptor geo:GetMapTile geo:GetPlace geo:ListDevicePositions geo:ListGeofenceCollections geo:ListGeofences geo:ListKeys geo:ListMaps geo:ListPlaceIndexes geo:ListRouteCalculators geo:ListTrackerConsumers geo:ListTrackers geo:PutGeofence geo:SearchPlaceIndexForPosition geo:SearchPlaceIndexForSuggestions geo:SearchPlaceIndexForText geo:UpdateGeofenceCollection geo:UpdateKey geo:UpdateMap geo:UpdatePlaceIndex geo:UpdateRouteCalculator geo:UpdateTracker geo:VerifyDevicePosition |
| glacier | glacier:AbortMultipartUpload glacier:AbortVaultLock glacier:CompleteMultipartUpload glacier:CompleteVaultLock glacier:CreateVault glacier:DeleteArchive glacier:DeleteVault glacier:DeleteVaultAccessPolicy glacier:DeleteVaultNotifications glacier:DescribeJob glacier:DescribeVault glacier:GetDataRetrievalPolicy glacier:GetJobOutput glacier:GetVaultAccessPolicy glacier:GetVaultLock glacier:GetVaultNotifications glacier:InitiateJob glacier:InitiateMultipartUpload glacier:InitiateVaultLock glacier:ListJobs glacier:ListMultipartUploads glacier:ListParts glacier:ListProvisionedCapacity glacier:ListVaults glacier:PurchaseProvisionedCapacity glacier:SetDataRetrievalPolicy glacier:SetVaultAccessPolicy glacier:SetVaultNotifications glacier:UploadArchive glacier:UploadMultipartPart |
| grafana | grafana:AssociateLicense grafana:CreateWorkspace grafana:CreateWorkspaceApiKey grafana:CreateWorkspaceServiceAccount grafana:CreateWorkspaceServiceAccountToken grafana:DeleteWorkspace grafana:DeleteWorkspaceApiKey grafana:DeleteWorkspaceServiceAccount grafana:DeleteWorkspaceServiceAccountToken grafana:DescribeWorkspace grafana:DescribeWorkspaceAuthentication grafana:DescribeWorkspaceConfiguration grafana:DisassociateLicense grafana:ListPermissions grafana:ListVersions grafana:ListWorkspaceServiceAccountTokens grafana:ListWorkspaceServiceAccounts grafana:ListWorkspaces grafana:UpdatePermissions grafana:UpdateWorkspace grafana:UpdateWorkspaceAuthentication grafana:UpdateWorkspaceConfiguration |
| greengrass | greengrass:AssociateRoleToGroup greengrass:AssociateServiceRoleToAccount greengrass:BatchAssociateClientDeviceWithCoreDevice greengrass:BatchDisassociateClientDeviceFromCoreDevice greengrass:CancelDeployment greengrass:CreateComponentVersion greengrass:CreateConnectorDefinition greengrass:CreateConnectorDefinitionVersion greengrass:CreateCoreDefinition greengrass:CreateCoreDefinitionVersion greengrass:CreateDeployment greengrass:CreateDeviceDefinition greengrass:CreateDeviceDefinitionVersion greengrass:CreateFunctionDefinition greengrass:CreateFunctionDefinitionVersion greengrass:CreateGroup greengrass:CreateGroupCertificateAuthority greengrass:CreateGroupVersion greengrass:CreateLoggerDefinition greengrass:CreateLoggerDefinitionVersion greengrass:CreateResourceDefinition greengrass:CreateResourceDefinitionVersion greengrass:CreateSoftwareUpdateJob greengrass:CreateSubscriptionDefinition greengrass:CreateSubscriptionDefinitionVersion greengrass:DeleteComponent greengrass:DeleteConnectorDefinition greengrass:DeleteCoreDefinition greengrass:DeleteCoreDevice greengrass:DeleteDeployment greengrass:DeleteDeviceDefinition greengrass:DeleteFunctionDefinition greengrass:DeleteGroup greengrass:DeleteLoggerDefinition greengrass:DeleteResourceDefinition greengrass:DeleteSubscriptionDefinition greengrass:DescribeComponent greengrass:DisassociateRoleFromGroup greengrass:DisassociateServiceRoleFromAccount greengrass:GetAssociatedRole greengrass:GetBulkDeploymentStatus greengrass:GetComponent greengrass:GetComponentVersionArtifact greengrass:GetConnectivityInfo greengrass:GetConnectorDefinition greengrass:GetConnectorDefinitionVersion greengrass:GetCoreDefinition greengrass:GetCoreDefinitionVersion greengrass:GetCoreDevice greengrass:GetDeployment greengrass:GetDeploymentStatus greengrass:GetDeviceDefinition greengrass:GetDeviceDefinitionVersion greengrass:GetFunctionDefinition greengrass:GetFunctionDefinitionVersion greengrass:GetGroup greengrass:GetGroupCertificateAuthority greengrass:GetGroupCertificateConfiguration greengrass:GetGroupVersion greengrass:GetLoggerDefinition greengrass:GetLoggerDefinitionVersion greengrass:GetResourceDefinition greengrass:GetResourceDefinitionVersion greengrass:GetServiceRoleForAccount greengrass:GetSubscriptionDefinition greengrass:GetSubscriptionDefinitionVersion greengrass:GetThingRuntimeConfiguration greengrass:ListBulkDeploymentDetailedReports greengrass:ListBulkDeployments greengrass:ListClientDevicesAssociatedWithCoreDevice greengrass:ListComponentVersions greengrass:ListComponents greengrass:ListConnectorDefinitionVersions greengrass:ListConnectorDefinitions greengrass:ListCoreDefinitionVersions greengrass:ListCoreDefinitions greengrass:ListCoreDevices greengrass:ListDeployments greengrass:ListDeviceDefinitionVersions greengrass:ListDeviceDefinitions greengrass:ListEffectiveDeployments greengrass:ListFunctionDefinitionVersions greengrass:ListFunctionDefinitions greengrass:ListGroupCertificateAuthorities greengrass:ListGroupVersions greengrass:ListGroups greengrass:ListInstalledComponents greengrass:ListLoggerDefinitionVersions greengrass:ListLoggerDefinitions greengrass:ListResourceDefinitionVersions greengrass:ListResourceDefinitions greengrass:ListSubscriptionDefinitionVersions greengrass:ListSubscriptionDefinitions greengrass:ResetDeployments greengrass:StartBulkDeployment greengrass:StopBulkDeployment greengrass:UpdateConnectivityInfo greengrass:UpdateConnectorDefinition greengrass:UpdateCoreDefinition greengrass:UpdateDeviceDefinition greengrass:UpdateFunctionDefinition greengrass:UpdateGroup greengrass:UpdateGroupCertificateConfiguration greengrass:UpdateLoggerDefinition greengrass:UpdateResourceDefinition greengrass:UpdateSubscriptionDefinition greengrass:UpdateThingRuntimeConfiguration |
| groundstation | groundstation:CancelContact groundstation:CreateConfig groundstation:CreateDataflowEndpointGroup groundstation:CreateDataflowEndpointGroupV2 groundstation:CreateEphemeris groundstation:CreateMissionProfile groundstation:DeleteConfig groundstation:DeleteDataflowEndpointGroup groundstation:DeleteEphemeris groundstation:DeleteMissionProfile groundstation:DescribeContact groundstation:DescribeEphemeris groundstation:GetConfig groundstation:GetDataflowEndpointGroup groundstation:GetMinuteUsage groundstation:GetMissionProfile groundstation:GetSatellite groundstation:ListConfigs groundstation:ListContacts groundstation:ListDataflowEndpointGroups groundstation:ListEphemerides groundstation:ListGroundStations groundstation:ListMissionProfiles groundstation:ListSatellites groundstation:RegisterAgent groundstation:ReserveContact groundstation:UpdateAgentStatus groundstation:UpdateConfig groundstation:UpdateEphemeris groundstation:UpdateMissionProfile |
| guardduty | guardduty:AcceptAdministratorInvitation guardduty:AcceptInvitation guardduty:ArchiveFindings guardduty:CreateDetector guardduty:CreateFilter guardduty:CreateIPSet guardduty:CreateMalwareProtectionPlan guardduty:CreateMembers guardduty:CreatePublishingDestination guardduty:CreateSampleFindings guardduty:CreateThreatEntitySet guardduty:CreateThreatIntelSet guardduty:CreateTrustedEntitySet guardduty:DeclineInvitations guardduty:DeleteDetector guardduty:DeleteFilter guardduty:DeleteIPSet guardduty:DeleteInvitations guardduty:DeleteMalwareProtectionPlan guardduty:DeleteMembers guardduty:DeletePublishingDestination guardduty:DeleteThreatEntitySet guardduty:DeleteThreatIntelSet guardduty:DeleteTrustedEntitySet guardduty:DescribeMalwareScans guardduty:DescribeOrganizationConfiguration guardduty:DescribePublishingDestination guardduty:DisableOrganizationAdminAccount guardduty:DisassociateFromAdministratorAccount guardduty:DisassociateFromMasterAccount guardduty:DisassociateMembers guardduty:EnableOrganizationAdminAccount guardduty:GetAdministratorAccount guardduty:GetCoverageStatistics guardduty:GetDetector guardduty:GetFilter guardduty:GetFindings guardduty:GetFindingsStatistics guardduty:GetIPSet guardduty:GetInvitationsCount guardduty:GetMalwareProtectionPlan guardduty:GetMalwareScan guardduty:GetMalwareScanSettings guardduty:GetMasterAccount guardduty:GetMemberDetectors guardduty:GetMembers guardduty:GetOrganizationStatistics guardduty:GetRemainingFreeTrialDays guardduty:GetThreatEntitySet guardduty:GetThreatIntelSet guardduty:GetTrustedEntitySet guardduty:GetUsageStatistics guardduty:InviteMembers guardduty:ListCoverage guardduty:ListDetectors guardduty:ListFilters guardduty:ListFindings guardduty:ListIPSets guardduty:ListInvitations guardduty:ListMalwareProtectionPlans guardduty:ListMalwareScans guardduty:ListMembers guardduty:ListOrganizationAdminAccounts guardduty:ListPublishingDestinations guardduty:ListThreatEntitySets guardduty:ListThreatIntelSets guardduty:ListTrustedEntitySets guardduty:StartMalwareScan guardduty:StartMonitoringMembers guardduty:StopMonitoringMembers guardduty:UnarchiveFindings guardduty:UpdateDetector guardduty:UpdateFilter guardduty:UpdateFindingsFeedback guardduty:UpdateIPSet guardduty:UpdateMalwareProtectionPlan guardduty:UpdateMalwareScanSettings guardduty:UpdateMemberDetectors guardduty:UpdateOrganizationConfiguration guardduty:UpdatePublishingDestination guardduty:UpdateThreatEntitySet guardduty:UpdateThreatIntelSet guardduty:UpdateTrustedEntitySet |
| healthlake | healthlake:CancelFHIRExportJobWithDelete healthlake:CreateFHIRDatastore healthlake:CreateResource healthlake:DeleteFHIRDatastore healthlake:DeleteResource healthlake:DescribeFHIRDatastore healthlake:DescribeFHIRExportJob healthlake:DescribeFHIRExportJobWithGet healthlake:DescribeFHIRImportJob healthlake:GetCapabilities healthlake:ListFHIRDatastores healthlake:ListFHIRExportJobs healthlake:ListFHIRImportJobs healthlake:ReadResource healthlake:SearchEverything healthlake:SearchWithGet healthlake:SearchWithPost healthlake:StartFHIRExportJob healthlake:StartFHIRExportJobWithPost healthlake:StartFHIRImportJob healthlake:UpdateResource |
| honeycode | honeycode:BatchCreateTableRows honeycode:BatchDeleteTableRows honeycode:BatchUpdateTableRows honeycode:BatchUpsertTableRows honeycode:DescribeTableDataImportJob honeycode:GetScreenData honeycode:InvokeScreenAutomation honeycode:ListTableColumns honeycode:ListTableRows honeycode:ListTables honeycode:QueryTableRows honeycode:StartTableDataImportJob |
| iam | iam:AddClientIDToOpenIDConnectProvider iam:AddRoleToInstanceProfile iam:AddUserToGroup iam:AttachGroupPolicy iam:AttachRolePolicy iam:AttachUserPolicy iam:ChangePassword iam:CreateAccessKey iam:CreateAccountAlias iam:CreateGroup iam:CreateInstanceProfile iam:CreateLoginProfile iam:CreateOpenIDConnectProvider iam:CreatePolicy iam:CreatePolicyVersion iam:CreateRole iam:CreateSAMLProvider iam:CreateServiceLinkedRole iam:CreateServiceSpecificCredential iam:CreateUser iam:CreateVirtualMFADevice iam:DeactivateMFADevice iam:DeleteAccessKey iam:DeleteAccountAlias iam:DeleteAccountPasswordPolicy iam:DeleteCloudFrontPublicKey iam:DeleteGroup iam:DeleteGroupPolicy iam:DeleteInstanceProfile iam:DeleteLoginProfile iam:DeleteOpenIDConnectProvider iam:DeletePolicy iam:DeletePolicyVersion iam:DeleteRole iam:DeleteRolePermissionsBoundary iam:DeleteRolePolicy iam:DeleteSAMLProvider iam:DeleteSSHPublicKey iam:DeleteServerCertificate iam:DeleteServiceLinkedRole iam:DeleteServiceSpecificCredential iam:DeleteSigningCertificate iam:DeleteUser iam:DeleteUserPermissionsBoundary iam:DeleteUserPolicy iam:DeleteVirtualMFADevice iam:DetachGroupPolicy iam:DetachRolePolicy iam:DetachUserPolicy iam:DisableOrganizationsRootCredentialsManagement iam:DisableOrganizationsRootSessions iam:DisableOutboundWebIdentityFederation iam:EnableMFADevice iam:EnableOrganizationsRootCredentialsManagement iam:EnableOrganizationsRootSessions iam:EnableOutboundWebIdentityFederation iam:GenerateCredentialReport iam:GenerateOrganizationsAccessReport iam:GenerateServiceLastAccessedDetails iam:GetAccessKeyLastUsed iam:GetAccountAuthorizationDetails iam:GetAccountEmailAddress iam:GetAccountName iam:GetAccountPasswordPolicy iam:GetAccountSummary iam:GetCloudFrontPublicKey iam:GetContextKeysForCustomPolicy iam:GetContextKeysForPrincipalPolicy iam:GetCredentialReport iam:GetGroup iam:GetGroupPolicy iam:GetInstanceProfile iam:GetLoginProfile iam:GetMFADevice iam:GetOpenIDConnectProvider iam:GetOrganizationsAccessReport iam:GetOutboundWebIdentityFederationInfo iam:GetPolicy iam:GetPolicyVersion iam:GetRole iam:GetRolePolicy iam:GetSAMLProvider iam:GetSSHPublicKey iam:GetServerCertificate iam:GetServiceLastAccessedDetails iam:GetServiceLastAccessedDetailsWithEntities iam:GetServiceLinkedRoleDeletionStatus iam:GetUser iam:GetUserPolicy iam:ListAccessKeys iam:ListAccountAliases iam:ListAttachedGroupPolicies iam:ListAttachedRolePolicies iam:ListAttachedUserPolicies iam:ListCloudFrontPublicKeys iam:ListDelegationRequests iam:ListEntitiesForPolicy iam:ListGroupPolicies iam:ListGroups iam:ListGroupsForUser iam:ListInstanceProfiles iam:ListInstanceProfilesForRole iam:ListMFADevices iam:ListOpenIDConnectProviders iam:ListOrganizationsFeatures iam:ListPolicies iam:ListPoliciesGrantingServiceAccess iam:ListPolicyVersions iam:ListRolePolicies iam:ListRoles iam:ListSAMLProviders iam:ListSSHPublicKeys iam:ListSTSRegionalEndpointsStatus iam:ListServerCertificates iam:ListServiceSpecificCredentials iam:ListSigningCertificates iam:ListUserPolicies iam:ListUsers iam:ListVirtualMFADevices iam:PutGroupPolicy iam:PutRolePermissionsBoundary iam:PutRolePolicy iam:PutUserPermissionsBoundary iam:PutUserPolicy iam:RemoveClientIDFromOpenIDConnectProvider iam:RemoveRoleFromInstanceProfile iam:RemoveUserFromGroup iam:ResetServiceSpecificCredential iam:ResyncMFADevice iam:SetDefaultPolicyVersion iam:SetSTSRegionalEndpointStatus iam:SetSecurityTokenServicePreferences iam:SimulateCustomPolicy iam:SimulatePrincipalPolicy iam:UpdateAccessKey iam:UpdateAccountEmailAddress iam:UpdateAccountName iam:UpdateAccountPasswordPolicy iam:UpdateAssumeRolePolicy iam:UpdateCloudFrontPublicKey iam:UpdateGroup iam:UpdateLoginProfile iam:UpdateOpenIDConnectProviderThumbprint iam:UpdateRole iam:UpdateRoleDescription iam:UpdateSAMLProvider iam:UpdateSSHPublicKey iam:UpdateServerCertificate iam:UpdateServiceSpecificCredential iam:UpdateSigningCertificate iam:UpdateUser iam:UploadCloudFrontPublicKey iam:UploadSSHPublicKey iam:UploadServerCertificate iam:UploadSigningCertificate |
| identitystore | identitystore:CreateGroup identitystore:CreateGroupMembership identitystore:CreateUser identitystore:DeleteGroup identitystore:DeleteGroupMembership identitystore:DeleteUser identitystore:DescribeGroup identitystore:DescribeGroupMembership identitystore:DescribeUser identitystore:GetGroupId identitystore:GetGroupMembershipId identitystore:GetUserId identitystore:IsMemberInGroups identitystore:ListGroupMemberships identitystore:ListGroupMembershipsForMember identitystore:ListGroups identitystore:ListUsers identitystore:UpdateGroup identitystore:UpdateUser |
| imagebuilder | imagebuilder:CancelImageCreation imagebuilder:CancelLifecycleExecution imagebuilder:CreateComponent imagebuilder:CreateContainerRecipe imagebuilder:CreateDistributionConfiguration imagebuilder:CreateImage imagebuilder:CreateImagePipeline imagebuilder:CreateImageRecipe imagebuilder:CreateInfrastructureConfiguration imagebuilder:CreateLifecyclePolicy imagebuilder:CreateWorkflow imagebuilder:DeleteComponent imagebuilder:DeleteContainerRecipe imagebuilder:DeleteDistributionConfiguration imagebuilder:DeleteImage imagebuilder:DeleteImagePipeline imagebuilder:DeleteImageRecipe imagebuilder:DeleteInfrastructureConfiguration imagebuilder:DeleteLifecyclePolicy imagebuilder:DeleteWorkflow imagebuilder:DistributeImage imagebuilder:GetComponentPolicy imagebuilder:GetContainerRecipePolicy imagebuilder:GetImagePolicy imagebuilder:GetImageRecipePolicy imagebuilder:GetLifecycleExecution imagebuilder:GetLifecyclePolicy imagebuilder:GetMarketplaceResource imagebuilder:GetWorkflowExecution imagebuilder:GetWorkflowStepExecution imagebuilder:ImportComponent imagebuilder:ImportDiskImage imagebuilder:ImportVmImage imagebuilder:ListComponentBuildVersions imagebuilder:ListComponents imagebuilder:ListContainerRecipes imagebuilder:ListDistributionConfigurations imagebuilder:ListImageBuildVersions imagebuilder:ListImagePackages imagebuilder:ListImagePipelineImages imagebuilder:ListImagePipelines imagebuilder:ListImageRecipes imagebuilder:ListImageScanFindingAggregations imagebuilder:ListImageScanFindings imagebuilder:ListImages imagebuilder:ListInfrastructureConfigurations imagebuilder:ListLifecycleExecutionResources imagebuilder:ListLifecycleExecutions imagebuilder:ListLifecyclePolicies imagebuilder:ListWaitingWorkflowSteps imagebuilder:ListWorkflowExecutions imagebuilder:ListWorkflowStepExecutions imagebuilder:ListWorkflows imagebuilder:PutComponentPolicy imagebuilder:PutContainerRecipePolicy imagebuilder:PutImagePolicy imagebuilder:PutImageRecipePolicy imagebuilder:RetryImage imagebuilder:SendWorkflowStepAction imagebuilder:StartImagePipelineExecution imagebuilder:StartResourceStateUpdate imagebuilder:UpdateDistributionConfiguration imagebuilder:UpdateImagePipeline imagebuilder:UpdateInfrastructureConfiguration |
| inspector | inspector:AddAttributesToFindings inspector:CreateAssessmentTarget inspector:CreateAssessmentTemplate inspector:CreateExclusionsPreview inspector:CreateResourceGroup inspector:DeleteAssessmentRun inspector:DeleteAssessmentTarget inspector:DeleteAssessmentTemplate inspector:DescribeAssessmentRuns inspector:DescribeAssessmentTargets inspector:DescribeAssessmentTemplates inspector:DescribeCrossAccountAccessRole inspector:DescribeExclusions inspector:DescribeFindings inspector:DescribeResourceGroups inspector:DescribeRulesPackages inspector:GetAssessmentReport inspector:GetExclusionsPreview inspector:GetTelemetryMetadata inspector:ListAssessmentRunAgents inspector:ListAssessmentRuns inspector:ListAssessmentTargets inspector:ListAssessmentTemplates inspector:ListEventSubscriptions inspector:ListExclusions inspector:ListFindings inspector:ListRulesPackages inspector:PreviewAgents inspector:RegisterCrossAccountAccessRole inspector:RemoveAttributesFromFindings inspector:StartAssessmentRun inspector:StopAssessmentRun inspector:SubscribeToEvent inspector:UnsubscribeFromEvent inspector:UpdateAssessmentTarget |
| inspector2 | inspector2:AssociateMember inspector2:BatchGetAccountStatus inspector2:BatchGetCodeSnippet inspector2:BatchGetFindingDetails inspector2:BatchGetFreeTrialInfo inspector2:BatchGetMemberEc2DeepInspectionStatus inspector2:BatchUpdateMemberEc2DeepInspectionStatus inspector2:CancelFindingsReport inspector2:CancelSbomExport inspector2:CreateCisScanConfiguration inspector2:CreateCodeSecurityIntegration inspector2:CreateFilter inspector2:CreateFindingsReport inspector2:CreateSbomExport inspector2:DeleteCisScanConfiguration inspector2:DeleteCodeSecurityIntegration inspector2:DeleteFilter inspector2:DescribeOrganizationConfiguration inspector2:Disable inspector2:DisableDelegatedAdminAccount inspector2:DisassociateMember inspector2:Enable inspector2:EnableDelegatedAdminAccount inspector2:GetCisScanReport inspector2:GetCisScanResultDetails inspector2:GetClustersForImage inspector2:GetCodeSecurityIntegration inspector2:GetCodeSecurityScan inspector2:GetConfiguration inspector2:GetDelegatedAdminAccount inspector2:GetEc2DeepInspectionConfiguration inspector2:GetEncryptionKey inspector2:GetFindingsReportStatus inspector2:GetMember inspector2:GetSbomExport inspector2:ListAccountPermissions inspector2:ListCisScanConfigurations inspector2:ListCisScanResultsAggregatedByChecks inspector2:ListCisScanResultsAggregatedByTargetResource inspector2:ListCisScans inspector2:ListCodeSecurityIntegrations inspector2:ListCodeSecurityScanConfigurations inspector2:ListCoverage inspector2:ListCoverageStatistics inspector2:ListDelegatedAdminAccounts inspector2:ListFilters inspector2:ListFindingAggregations inspector2:ListFindings inspector2:ListMembers inspector2:ListUsageTotals inspector2:ResetEncryptionKey inspector2:SearchVulnerabilities inspector2:SendCisSessionHealth inspector2:SendCisSessionTelemetry inspector2:StartCisSession inspector2:StartCodeSecurityScan inspector2:StopCisSession inspector2:UpdateCisScanConfiguration inspector2:UpdateCodeSecurityIntegration inspector2:UpdateConfiguration inspector2:UpdateEc2DeepInspectionConfiguration inspector2:UpdateEncryptionKey inspector2:UpdateFilter inspector2:UpdateOrgEc2DeepInspectionConfiguration inspector2:UpdateOrganizationConfiguration |
| iot | iot:AcceptCertificateTransfer iot:AddThingToBillingGroup iot:AddThingToThingGroup iot:AssociateSbomWithPackageVersion iot:AssociateTargetsWithJob iot:AttachPolicy iot:AttachPrincipalPolicy iot:AttachSecurityProfile iot:AttachThingPrincipal iot:CancelAuditMitigationActionsTask iot:CancelAuditTask iot:CancelCertificateTransfer iot:CancelDetectMitigationActionsTask iot:CancelJob iot:CancelJobExecution iot:ClearDefaultAuthorizer iot:ConfirmTopicRuleDestination iot:CreateAuditSuppression iot:CreateAuthorizer iot:CreateBillingGroup iot:CreateCertificateFromCsr iot:CreateCertificateProvider iot:CreateCommand iot:CreateCustomMetric iot:CreateDimension iot:CreateDomainConfiguration iot:CreateDynamicThingGroup iot:CreateFleetMetric iot:CreateJob iot:CreateJobTemplate iot:CreateKeysAndCertificate iot:CreateMitigationAction iot:CreateOTAUpdate iot:CreatePackage iot:CreatePackageVersion iot:CreatePolicy iot:CreatePolicyVersion iot:CreateProvisioningClaim iot:CreateProvisioningTemplate iot:CreateProvisioningTemplateVersion iot:CreateRoleAlias iot:CreateScheduledAudit iot:CreateSecurityProfile iot:CreateStream iot:CreateThing iot:CreateThingGroup iot:CreateThingType iot:CreateTopicRule iot:CreateTopicRuleDestination iot:DeleteAccountAuditConfiguration iot:DeleteAuditSuppression iot:DeleteAuthorizer iot:DeleteBillingGroup iot:DeleteCACertificate iot:DeleteCertificate iot:DeleteCertificateProvider iot:DeleteCommand iot:DeleteCustomMetric iot:DeleteDimension iot:DeleteDomainConfiguration iot:DeleteDynamicThingGroup iot:DeleteFleetMetric iot:DeleteJob iot:DeleteJobExecution iot:DeleteJobTemplate iot:DeleteMitigationAction iot:DeleteOTAUpdate iot:DeletePackage iot:DeletePackageVersion iot:DeletePolicy iot:DeletePolicyVersion iot:DeleteProvisioningTemplate iot:DeleteProvisioningTemplateVersion iot:DeleteRegistrationCode iot:DeleteRoleAlias iot:DeleteScheduledAudit iot:DeleteSecurityProfile iot:DeleteStream iot:DeleteThing iot:DeleteThingGroup iot:DeleteThingType iot:DeleteTopicRule iot:DeleteTopicRuleDestination iot:DeleteV2LoggingLevel iot:DeprecateThingType iot:DescribeAccountAuditConfiguration iot:DescribeAuditFinding iot:DescribeAuditMitigationActionsTask iot:DescribeAuditSuppression iot:DescribeAuditTask iot:DescribeAuthorizer iot:DescribeBillingGroup iot:DescribeCACertificate iot:DescribeCertificate iot:DescribeCertificateProvider iot:DescribeCustomMetric iot:DescribeDefaultAuthorizer iot:DescribeDetectMitigationActionsTask iot:DescribeDimension iot:DescribeDomainConfiguration iot:DescribeEncryptionConfiguration iot:DescribeEndpoint iot:DescribeEventConfigurations iot:DescribeFleetMetric iot:DescribeIndex iot:DescribeJob iot:DescribeJobExecution iot:DescribeJobTemplate iot:DescribeManagedJobTemplate iot:DescribeMitigationAction iot:DescribeProvisioningTemplate iot:DescribeProvisioningTemplateVersion iot:DescribeRoleAlias iot:DescribeScheduledAudit iot:DescribeSecurityProfile iot:DescribeStream iot:DescribeThing iot:DescribeThingGroup iot:DescribeThingRegistrationTask iot:DescribeThingType iot:DetachPolicy iot:DetachPrincipalPolicy iot:DetachSecurityProfile iot:DetachThingPrincipal iot:DisableTopicRule iot:DisassociateSbomFromPackageVersion iot:EnableTopicRule iot:GetBehaviorModelTrainingSummaries iot:GetBucketsAggregation iot:GetCardinality iot:GetCommand iot:GetEffectivePolicies iot:GetJobDocument iot:GetLoggingOptions iot:GetOTAUpdate iot:GetPackage iot:GetPackageConfiguration iot:GetPackageVersion iot:GetPercentiles iot:GetPolicy iot:GetPolicyVersion iot:GetRegistrationCode iot:GetStatistics iot:GetThingConnectivityData iot:GetTopicRule iot:GetTopicRuleDestination iot:GetV2LoggingOptions iot:ListActiveViolations iot:ListAttachedPolicies iot:ListAuditFindings iot:ListAuditMitigationActionsExecutions iot:ListAuditMitigationActionsTasks iot:ListAuditSuppressions iot:ListAuditTasks iot:ListAuthorizers iot:ListBillingGroups iot:ListCACertificates iot:ListCertificateProviders iot:ListCertificates iot:ListCertificatesByCA iot:ListCommands iot:ListCustomMetrics iot:ListDetectMitigationActionsExecutions iot:ListDetectMitigationActionsTasks iot:ListDimensions iot:ListDomainConfigurations iot:ListFleetMetrics iot:ListIndices iot:ListJobExecutionsForJob iot:ListJobExecutionsForThing iot:ListJobTemplates iot:ListJobs iot:ListManagedJobTemplates iot:ListMetricValues iot:ListMitigationActions iot:ListOTAUpdates iot:ListOutgoingCertificates iot:ListPackageVersions iot:ListPackages iot:ListPolicies iot:ListPolicyPrincipals iot:ListPolicyVersions iot:ListPrincipalPolicies iot:ListPrincipalThings iot:ListPrincipalThingsV2 iot:ListProvisioningTemplateVersions iot:ListProvisioningTemplates iot:ListRelatedResourcesForAuditFinding iot:ListRoleAliases iot:ListSbomValidationResults iot:ListScheduledAudits iot:ListSecurityProfiles iot:ListSecurityProfilesForTarget iot:ListStreams iot:ListTargetsForPolicy iot:ListTargetsForSecurityProfile iot:ListThingGroups iot:ListThingGroupsForThing iot:ListThingPrincipals iot:ListThingPrincipalsV2 iot:ListThingRegistrationTaskReports iot:ListThingRegistrationTasks iot:ListThingTypes iot:ListThings iot:ListThingsInBillingGroup iot:ListThingsInThingGroup iot:ListTopicRuleDestinations iot:ListTopicRules iot:ListV2LoggingLevels iot:ListViolationEvents iot:PutVerificationStateOnViolation iot:RegisterCACertificate iot:RegisterCertificate iot:RegisterCertificateWithoutCA iot:RegisterThing iot:RejectCertificateTransfer iot:RemoveThingFromBillingGroup iot:RemoveThingFromThingGroup iot:ReplaceTopicRule iot:SearchIndex iot:SetDefaultAuthorizer iot:SetDefaultPolicyVersion iot:SetLoggingOptions iot:SetV2LoggingLevel iot:SetV2LoggingOptions iot:StartAuditMitigationActionsTask iot:StartDetectMitigationActionsTask iot:StartOnDemandAuditTask iot:StartThingRegistrationTask iot:StopThingRegistrationTask iot:TestAuthorization iot:TestInvokeAuthorizer iot:TransferCertificate iot:UpdateAccountAuditConfiguration iot:UpdateAuditSuppression iot:UpdateAuthorizer iot:UpdateBillingGroup iot:UpdateCACertificate iot:UpdateCertificate iot:UpdateCertificateProvider iot:UpdateCommand iot:UpdateCustomMetric iot:UpdateDimension iot:UpdateDomainConfiguration iot:UpdateDynamicThingGroup iot:UpdateEncryptionConfiguration iot:UpdateEventConfigurations iot:UpdateFleetMetric iot:UpdateIndexingConfiguration iot:UpdateJob iot:UpdateMitigationAction iot:UpdatePackage iot:UpdatePackageConfiguration iot:UpdatePackageVersion iot:UpdateProvisioningTemplate iot:UpdateRoleAlias iot:UpdateScheduledAudit iot:UpdateSecurityProfile iot:UpdateStream iot:UpdateThing iot:UpdateThingGroup iot:UpdateThingGroupsForThing iot:UpdateThingType iot:UpdateTopicRuleDestination iot:ValidateSecurityProfileBehaviors |
| iotanalytics | iotanalytics:CancelPipelineReprocessing iotanalytics:CreateChannel iotanalytics:CreateDataset iotanalytics:CreateDatasetContent iotanalytics:CreateDatastore iotanalytics:CreatePipeline iotanalytics:DeleteChannel iotanalytics:DeleteDataset iotanalytics:DeleteDatasetContent iotanalytics:DeleteDatastore iotanalytics:DeletePipeline iotanalytics:DescribeChannel iotanalytics:DescribeDataset iotanalytics:DescribeDatastore iotanalytics:DescribeLoggingOptions iotanalytics:DescribePipeline iotanalytics:GetDatasetContent iotanalytics:ListChannels iotanalytics:ListDatasetContents iotanalytics:ListDatasets iotanalytics:ListDatastores iotanalytics:ListPipelines iotanalytics:PutLoggingOptions iotanalytics:RunPipelineActivity iotanalytics:SampleChannelData iotanalytics:StartPipelineReprocessing iotanalytics:UpdateChannel iotanalytics:UpdateDataset iotanalytics:UpdateDatastore iotanalytics:UpdatePipeline |
| iotdeviceadvisor | iotdeviceadvisor:CreateSuiteDefinition iotdeviceadvisor:DeleteSuiteDefinition iotdeviceadvisor:GetEndpoint iotdeviceadvisor:GetSuiteDefinition iotdeviceadvisor:GetSuiteRun iotdeviceadvisor:GetSuiteRunReport iotdeviceadvisor:ListSuiteDefinitions iotdeviceadvisor:ListSuiteRuns iotdeviceadvisor:StartSuiteRun iotdeviceadvisor:StopSuiteRun iotdeviceadvisor:UpdateSuiteDefinition |
| iotevents | iotevents:BatchAcknowledgeAlarm iotevents:BatchDeleteDetector iotevents:BatchDisableAlarm iotevents:BatchEnableAlarm iotevents:BatchResetAlarm iotevents:BatchSnoozeAlarm iotevents:BatchUpdateDetector iotevents:CreateAlarmModel iotevents:CreateDetectorModel iotevents:CreateInput iotevents:DeleteAlarmModel iotevents:DeleteDetectorModel iotevents:DeleteInput iotevents:DescribeAlarm iotevents:DescribeAlarmModel iotevents:DescribeDetector iotevents:DescribeDetectorModel iotevents:DescribeDetectorModelAnalysis iotevents:DescribeInput iotevents:DescribeLoggingOptions iotevents:GetDetectorModelAnalysisResults iotevents:ListAlarmModelVersions iotevents:ListAlarmModels iotevents:ListAlarms iotevents:ListDetectorModelVersions iotevents:ListDetectorModels iotevents:ListDetectors iotevents:ListInputRoutings iotevents:ListInputs iotevents:PutLoggingOptions iotevents:StartDetectorModelAnalysis iotevents:UpdateAlarmModel iotevents:UpdateDetectorModel iotevents:UpdateInput |
| iotfleethub | iotfleethub:CreateApplication iotfleethub:DeleteApplication iotfleethub:DescribeApplication iotfleethub:ListApplications iotfleethub:UpdateApplication |
| iotsitewise | iotsitewise:AssociateAssets iotsitewise:AssociateTimeSeriesToAssetProperty iotsitewise:BatchAssociateProjectAssets iotsitewise:BatchDisassociateProjectAssets iotsitewise:CreateAccessPolicy iotsitewise:CreateAsset iotsitewise:CreateAssetModel iotsitewise:CreateAssetModelCompositeModel iotsitewise:CreateBulkImportJob iotsitewise:CreateComputationModel iotsitewise:CreateDashboard iotsitewise:CreateDataset iotsitewise:CreateGateway iotsitewise:CreatePortal iotsitewise:CreateProject iotsitewise:DeleteAccessPolicy iotsitewise:DeleteAsset iotsitewise:DeleteAssetModel iotsitewise:DeleteAssetModelCompositeModel iotsitewise:DeleteComputationModel iotsitewise:DeleteDashboard iotsitewise:DeleteDataset iotsitewise:DeleteGateway iotsitewise:DeletePortal iotsitewise:DeleteProject iotsitewise:DeleteTimeSeries iotsitewise:DescribeAccessPolicy iotsitewise:DescribeAsset iotsitewise:DescribeAssetCompositeModel iotsitewise:DescribeAssetModel iotsitewise:DescribeAssetModelCompositeModel iotsitewise:DescribeAssetModelInterfaceRelationship iotsitewise:DescribeAssetProperty iotsitewise:DescribeBulkImportJob iotsitewise:DescribeComputationModel iotsitewise:DescribeComputationModelExecutionSummary iotsitewise:DescribeDashboard iotsitewise:DescribeDataset iotsitewise:DescribeDefaultEncryptionConfiguration iotsitewise:DescribeExecution iotsitewise:DescribeGateway iotsitewise:DescribeGatewayCapabilityConfiguration iotsitewise:DescribeLoggingOptions iotsitewise:DescribePortal iotsitewise:DescribeProject iotsitewise:DescribeStorageConfiguration iotsitewise:DescribeTimeSeries iotsitewise:DisassociateAssets iotsitewise:DisassociateTimeSeriesFromAssetProperty iotsitewise:ExecuteAction iotsitewise:ExecuteQuery iotsitewise:ListAccessPolicies iotsitewise:ListActions iotsitewise:ListAssetModelCompositeModels iotsitewise:ListAssetModelProperties iotsitewise:ListAssetModels iotsitewise:ListAssetProperties iotsitewise:ListAssetRelationships iotsitewise:ListAssets iotsitewise:ListAssociatedAssets iotsitewise:ListBulkImportJobs iotsitewise:ListCompositionRelationships iotsitewise:ListComputationModelDataBindingUsages iotsitewise:ListComputationModelResolveToResources iotsitewise:ListComputationModels iotsitewise:ListDashboards iotsitewise:ListDatasets iotsitewise:ListExecutions iotsitewise:ListGateways iotsitewise:ListInterfaceRelationships iotsitewise:ListPortals iotsitewise:ListProjectAssets iotsitewise:ListProjects iotsitewise:ListTimeSeries iotsitewise:PutDefaultEncryptionConfiguration iotsitewise:PutLoggingOptions iotsitewise:PutStorageConfiguration iotsitewise:UpdateAccessPolicy iotsitewise:UpdateAsset iotsitewise:UpdateAssetModel iotsitewise:UpdateAssetModelCompositeModel iotsitewise:UpdateAssetProperty iotsitewise:UpdateComputationModel iotsitewise:UpdateDashboard iotsitewise:UpdateDataset iotsitewise:UpdateGateway iotsitewise:UpdateGatewayCapabilityConfiguration iotsitewise:UpdatePortal iotsitewise:UpdateProject |
| iottwinmaker | iottwinmaker:CancelMetadataTransferJob iottwinmaker:CreateComponentType iottwinmaker:CreateEntity iottwinmaker:CreateMetadataTransferJob iottwinmaker:CreateScene iottwinmaker:CreateSyncJob iottwinmaker:CreateWorkspace iottwinmaker:DeleteComponentType iottwinmaker:DeleteEntity iottwinmaker:DeleteScene iottwinmaker:DeleteSyncJob iottwinmaker:DeleteWorkspace iottwinmaker:ExecuteQuery iottwinmaker:GetMetadataTransferJob iottwinmaker:GetPricingPlan iottwinmaker:GetScene iottwinmaker:GetSyncJob iottwinmaker:ListComponentTypes iottwinmaker:ListComponents iottwinmaker:ListEntities iottwinmaker:ListMetadataTransferJobs iottwinmaker:ListProperties iottwinmaker:ListScenes iottwinmaker:ListSyncJobs iottwinmaker:ListSyncResources iottwinmaker:ListWorkspaces iottwinmaker:UpdateComponentType iottwinmaker:UpdateEntity iottwinmaker:UpdatePricingPlan iottwinmaker:UpdateScene iottwinmaker:UpdateWorkspace |
| iotwireless | iotwireless:AssociateAwsAccountWithPartnerAccount iotwireless:AssociateMulticastGroupWithFuotaTask iotwireless:AssociateWirelessDeviceWithFuotaTask iotwireless:AssociateWirelessDeviceWithMulticastGroup iotwireless:AssociateWirelessDeviceWithThing iotwireless:AssociateWirelessGatewayWithCertificate iotwireless:AssociateWirelessGatewayWithThing iotwireless:CancelMulticastGroupSession iotwireless:CreateDestination iotwireless:CreateDeviceProfile iotwireless:CreateFuotaTask iotwireless:CreateMulticastGroup iotwireless:CreateNetworkAnalyzerConfiguration iotwireless:CreateServiceProfile iotwireless:CreateWirelessDevice iotwireless:CreateWirelessGateway iotwireless:CreateWirelessGatewayTask iotwireless:CreateWirelessGatewayTaskDefinition iotwireless:DeleteDestination iotwireless:DeleteDeviceProfile iotwireless:DeleteFuotaTask iotwireless:DeleteMulticastGroup iotwireless:DeleteNetworkAnalyzerConfiguration iotwireless:DeleteQueuedMessages iotwireless:DeleteServiceProfile iotwireless:DeleteWirelessDevice iotwireless:DeleteWirelessDeviceImportTask iotwireless:DeleteWirelessGateway iotwireless:DeleteWirelessGatewayTask iotwireless:DeleteWirelessGatewayTaskDefinition iotwireless:DeregisterWirelessDevice iotwireless:DisassociateAwsAccountFromPartnerAccount iotwireless:DisassociateMulticastGroupFromFuotaTask iotwireless:DisassociateWirelessDeviceFromFuotaTask iotwireless:DisassociateWirelessDeviceFromMulticastGroup iotwireless:DisassociateWirelessDeviceFromThing iotwireless:DisassociateWirelessGatewayFromCertificate iotwireless:DisassociateWirelessGatewayFromThing iotwireless:GetDestination iotwireless:GetDeviceProfile iotwireless:GetEventConfigurationByResourceTypes iotwireless:GetFuotaTask iotwireless:GetLogLevelsByResourceTypes iotwireless:GetMetricConfiguration iotwireless:GetMetrics iotwireless:GetMulticastGroup iotwireless:GetMulticastGroupSession iotwireless:GetNetworkAnalyzerConfiguration iotwireless:GetPartnerAccount iotwireless:GetPosition iotwireless:GetPositionConfiguration iotwireless:GetPositionEstimate iotwireless:GetResourceEventConfiguration iotwireless:GetResourceLogLevel iotwireless:GetResourcePosition iotwireless:GetServiceEndpoint iotwireless:GetServiceProfile iotwireless:GetWirelessDevice iotwireless:GetWirelessDeviceImportTask iotwireless:GetWirelessDeviceStatistics iotwireless:GetWirelessGateway iotwireless:GetWirelessGatewayCertificate iotwireless:GetWirelessGatewayFirmwareInformation iotwireless:GetWirelessGatewayStatistics iotwireless:GetWirelessGatewayTask iotwireless:GetWirelessGatewayTaskDefinition iotwireless:ListDestinations iotwireless:ListDeviceProfiles iotwireless:ListDevicesForWirelessDeviceImportTask iotwireless:ListEventConfigurations iotwireless:ListFuotaTasks iotwireless:ListMulticastGroups iotwireless:ListMulticastGroupsByFuotaTask iotwireless:ListNetworkAnalyzerConfigurations iotwireless:ListPartnerAccounts iotwireless:ListPositionConfigurations iotwireless:ListQueuedMessages iotwireless:ListServiceProfiles iotwireless:ListWirelessDeviceImportTasks iotwireless:ListWirelessDevices iotwireless:ListWirelessGatewayTaskDefinitions iotwireless:ListWirelessGateways iotwireless:PutPositionConfiguration iotwireless:PutResourceLogLevel iotwireless:ResetAllResourceLogLevels iotwireless:ResetResourceLogLevel iotwireless:SendDataToMulticastGroup iotwireless:SendDataToWirelessDevice iotwireless:StartBulkAssociateWirelessDeviceWithMulticastGroup iotwireless:StartBulkDisassociateWirelessDeviceFromMulticastGroup iotwireless:StartFuotaTask iotwireless:StartMulticastGroupSession iotwireless:StartNetworkAnalyzerStream iotwireless:StartSingleWirelessDeviceImportTask iotwireless:StartWirelessDeviceImportTask iotwireless:TestWirelessDevice iotwireless:UpdateDestination iotwireless:UpdateEventConfigurationByResourceTypes iotwireless:UpdateFuotaTask iotwireless:UpdateLogLevelsByResourceTypes iotwireless:UpdateMetricConfiguration iotwireless:UpdateMulticastGroup iotwireless:UpdateNetworkAnalyzerConfiguration iotwireless:UpdatePartnerAccount iotwireless:UpdatePosition iotwireless:UpdateResourceEventConfiguration iotwireless:UpdateResourcePosition iotwireless:UpdateWirelessDevice iotwireless:UpdateWirelessDeviceImportTask iotwireless:UpdateWirelessGateway |
| ivs | ivs:BatchGetChannel ivs:BatchGetStreamKey ivs:BatchStartViewerSessionRevocation ivs:CreateChannel ivs:CreateEncoderConfiguration ivs:CreateIngestConfiguration ivs:CreateParticipantToken ivs:CreatePlaybackRestrictionPolicy ivs:CreateRecordingConfiguration ivs:CreateStorageConfiguration ivs:CreateStreamKey ivs:DeleteChannel ivs:DeleteEncoderConfiguration ivs:DeleteIngestConfiguration ivs:DeletePlaybackKeyPair ivs:DeletePlaybackRestrictionPolicy ivs:DeletePublicKey ivs:DeleteRecordingConfiguration ivs:DeleteStorageConfiguration ivs:DeleteStreamKey ivs:DisconnectParticipant ivs:GetChannel ivs:GetComposition ivs:GetEncoderConfiguration ivs:GetIngestConfiguration ivs:GetParticipant ivs:GetPlaybackKeyPair ivs:GetPlaybackRestrictionPolicy ivs:GetPublicKey ivs:GetRecordingConfiguration ivs:GetStorageConfiguration ivs:GetStream ivs:GetStreamKey ivs:GetStreamSession ivs:ImportPlaybackKeyPair ivs:ImportPublicKey ivs:ListChannels ivs:ListCompositions ivs:ListEncoderConfigurations ivs:ListIngestConfigurations ivs:ListParticipantEvents ivs:ListParticipantReplicas ivs:ListParticipants ivs:ListPlaybackKeyPairs ivs:ListPlaybackRestrictionPolicies ivs:ListPublicKeys ivs:ListRecordingConfigurations ivs:ListStorageConfigurations ivs:ListStreamKeys ivs:ListStreamSessions ivs:ListStreams ivs:PutMetadata ivs:StartComposition ivs:StartViewerSessionRevocation ivs:StopComposition ivs:StopStream ivs:UpdateChannel ivs:UpdateIngestConfiguration ivs:UpdatePlaybackRestrictionPolicy |
| ivschat | ivschat:CreateChatToken ivschat:CreateLoggingConfiguration ivschat:CreateRoom ivschat:DeleteLoggingConfiguration ivschat:DeleteMessage ivschat:DeleteRoom ivschat:DisconnectUser ivschat:GetLoggingConfiguration ivschat:GetRoom ivschat:ListLoggingConfigurations ivschat:ListRooms ivschat:SendEvent ivschat:UpdateLoggingConfiguration ivschat:UpdateRoom |
| kafka | kafka:BatchAssociateScramSecret kafka:BatchDisassociateScramSecret kafka:CreateCluster kafka:CreateClusterV2 kafka:CreateConfiguration kafka:CreateReplicator kafka:CreateVpcConnection kafka:DeleteCluster kafka:DeleteClusterPolicy kafka:DeleteConfiguration kafka:DeleteReplicator kafka:DeleteVpcConnection kafka:DescribeCluster kafka:DescribeClusterOperation kafka:DescribeClusterOperationV2 kafka:DescribeClusterV2 kafka:DescribeConfiguration kafka:DescribeConfigurationRevision kafka:DescribeVpcConnection kafka:GetBootstrapBrokers kafka:GetClusterPolicy kafka:GetCompatibleKafkaVersions kafka:ListClientVpcConnections kafka:ListClusterOperations kafka:ListClusterOperationsV2 kafka:ListClusters kafka:ListClustersV2 kafka:ListConfigurationRevisions kafka:ListConfigurations kafka:ListKafkaVersions kafka:ListNodes kafka:ListReplicators kafka:ListScramSecrets kafka:ListVpcConnections kafka:PutClusterPolicy kafka:RebootBroker kafka:RejectClientVpcConnection kafka:UpdateBrokerCount kafka:UpdateBrokerStorage kafka:UpdateBrokerType kafka:UpdateClusterConfiguration kafka:UpdateClusterKafkaVersion kafka:UpdateConfiguration kafka:UpdateConnectivity kafka:UpdateMonitoring kafka:UpdateRebalancing kafka:UpdateReplicationInfo kafka:UpdateSecurity kafka:UpdateStorage |
| kafkaconnect | kafkaconnect:CreateConnector kafkaconnect:CreateCustomPlugin kafkaconnect:CreateWorkerConfiguration kafkaconnect:DeleteConnector kafkaconnect:DeleteCustomPlugin kafkaconnect:DeleteWorkerConfiguration kafkaconnect:DescribeConnector kafkaconnect:DescribeCustomPlugin kafkaconnect:DescribeWorkerConfiguration kafkaconnect:ListConnectorOperations kafkaconnect:ListConnectors kafkaconnect:ListCustomPlugins kafkaconnect:ListWorkerConfigurations kafkaconnect:UpdateConnector |
| kendra | kendra:AssociateEntitiesToExperience kendra:AssociatePersonasToEntities kendra:BatchDeleteDocument kendra:BatchDeleteFeaturedResultsSet kendra:BatchGetDocumentStatus kendra:BatchPutDocument kendra:ClearQuerySuggestions kendra:CreateAccessControlConfiguration kendra:CreateDataSource kendra:CreateExperience kendra:CreateFaq kendra:CreateFeaturedResultsSet kendra:CreateIndex kendra:CreateQuerySuggestionsBlockList kendra:CreateThesaurus kendra:DeleteDataSource kendra:DeleteExperience kendra:DeleteFaq kendra:DeleteIndex kendra:DeletePrincipalMapping kendra:DeleteQuerySuggestionsBlockList kendra:DeleteThesaurus kendra:DescribeAccessControlConfiguration kendra:DescribeDataSource kendra:DescribeExperience kendra:DescribeFaq kendra:DescribeFeaturedResultsSet kendra:DescribeIndex kendra:DescribePrincipalMapping kendra:DescribeQuerySuggestionsBlockList kendra:DescribeQuerySuggestionsConfig kendra:DescribeThesaurus kendra:DisassociateEntitiesFromExperience kendra:DisassociatePersonasFromEntities kendra:GetQuerySuggestions kendra:GetSnapshots kendra:ListAccessControlConfigurations kendra:ListDataSourceSyncJobs kendra:ListDataSources kendra:ListEntityPersonas kendra:ListExperienceEntities kendra:ListExperiences kendra:ListFaqs kendra:ListFeaturedResultsSets kendra:ListGroupsOlderThanOrderingId kendra:ListIndices kendra:ListQuerySuggestionsBlockLists kendra:ListThesauri kendra:PutPrincipalMapping kendra:Query kendra:Retrieve kendra:StartDataSourceSyncJob kendra:StopDataSourceSyncJob kendra:SubmitFeedback kendra:UpdateDataSource kendra:UpdateExperience kendra:UpdateFeaturedResultsSet kendra:UpdateIndex kendra:UpdateQuerySuggestionsBlockList kendra:UpdateQuerySuggestionsConfig kendra:UpdateThesaurus |
| kinesis | kinesis:CreateStream kinesis:DecreaseStreamRetentionPeriod kinesis:DeleteStream kinesis:DeregisterStreamConsumer kinesis:DescribeAccountSettings kinesis:DescribeLimits kinesis:DescribeStream kinesis:DescribeStreamConsumer kinesis:DescribeStreamSummary kinesis:DisableEnhancedMonitoring kinesis:EnableEnhancedMonitoring kinesis:IncreaseStreamRetentionPeriod kinesis:ListShards kinesis:ListStreamConsumers kinesis:ListStreams kinesis:MergeShards kinesis:RegisterStreamConsumer kinesis:SplitShard kinesis:StartStreamEncryption kinesis:StopStreamEncryption kinesis:UpdateAccountSettings kinesis:UpdateShardCount kinesis:UpdateStreamMode |
| kinesisanalytics | kinesisanalytics:AddApplicationCloudWatchLoggingOption kinesisanalytics:AddApplicationInput kinesisanalytics:AddApplicationInputProcessingConfiguration kinesisanalytics:AddApplicationOutput kinesisanalytics:AddApplicationReferenceDataSource kinesisanalytics:AddApplicationVpcConfiguration kinesisanalytics:CreateApplication kinesisanalytics:CreateApplicationPresignedUrl kinesisanalytics:CreateApplicationSnapshot kinesisanalytics:DeleteApplication kinesisanalytics:DeleteApplicationCloudWatchLoggingOption kinesisanalytics:DeleteApplicationInputProcessingConfiguration kinesisanalytics:DeleteApplicationOutput kinesisanalytics:DeleteApplicationReferenceDataSource kinesisanalytics:DeleteApplicationSnapshot kinesisanalytics:DeleteApplicationVpcConfiguration kinesisanalytics:DescribeApplication kinesisanalytics:DescribeApplicationOperation kinesisanalytics:DescribeApplicationSnapshot kinesisanalytics:DescribeApplicationVersion kinesisanalytics:DiscoverInputSchema kinesisanalytics:ListApplicationOperations kinesisanalytics:ListApplicationSnapshots kinesisanalytics:ListApplicationVersions kinesisanalytics:ListApplications kinesisanalytics:RollbackApplication kinesisanalytics:StartApplication kinesisanalytics:StopApplication kinesisanalytics:UpdateApplication kinesisanalytics:UpdateApplicationMaintenanceConfiguration |
| kms | kms:CancelKeyDeletion kms:ConnectCustomKeyStore kms:CreateAlias kms:CreateCustomKeyStore kms:創建權限 kms:CreateKey kms:解密 kms:DeleteAlias kms:DeleteCustomKeyStore kms:DeleteImportedKeyMaterial kms:DeriveSharedSecret kms:DescribeCustomKeyStores kms:描述金鑰 kms:DisableKey kms:DisableKeyRotation kms:DisconnectCustomKeyStore kms:EnableKey kms:EnableKeyRotation kms:Encrypt kms:產生資料金鑰 kms:GenerateDataKeyPair kms:GenerateDataKeyPairWithoutPlaintext kms:GenerateDataKeyWithoutPlaintext kms:GenerateMac kms:GenerateRandom kms:GetKeyPolicy kms:GetKeyRotationStatus kms:GetParametersForImport kms:GetPublicKey kms:ImportKeyMaterial kms:ListAliases kms:ListGrants kms:ListKeyPolicies kms:ListKeyRotations kms:ListKeys kms:ListRetirableGrants kms:ReplicateKey kms:RetireGrant kms:RevokeGrant kms:RotateKeyOnDemand kms:ScheduleKeyDeletion kms:Sign kms:UpdateAlias kms:UpdateCustomKeyStore kms:UpdateKeyDescription kms:UpdatePrimaryRegion kms:Verify kms:VerifyMac |
| lambda | lambda:AddLayerVersionPermission lambda:AddPermission lambda:CreateAlias lambda:CreateCodeSigningConfig lambda:CreateEventSourceMapping lambda:CreateFunction lambda:CreateFunctionUrlConfig lambda:DeleteAlias lambda:DeleteCapacityProvider lambda:DeleteCodeSigningConfig lambda:DeleteEventSourceMapping lambda:DeleteFunction lambda:DeleteFunctionCodeSigningConfig lambda:DeleteFunctionConcurrency lambda:DeleteFunctionEventInvokeConfig lambda:DeleteFunctionUrlConfig lambda:DeleteLayerVersion lambda:DeleteProvisionedConcurrencyConfig lambda:GetAccountSettings lambda:GetAlias lambda:GetCapacityProvider lambda:GetCodeSigningConfig lambda:GetEventSourceMapping lambda:GetFunction lambda:GetFunctionCodeSigningConfig lambda:GetFunctionConcurrency lambda:GetFunctionConfiguration lambda:GetFunctionEventInvokeConfig lambda:GetFunctionRecursionConfig lambda:GetFunctionScalingConfig lambda:GetFunctionUrlConfig lambda:GetLayerVersion lambda:GetLayerVersionPolicy lambda:GetPolicy lambda:GetProvisionedConcurrencyConfig lambda:GetRuntimeManagementConfig lambda:ListAliases lambda:ListCapacityProviders lambda:ListCodeSigningConfigs lambda:ListDurableExecutionsByFunction lambda:ListEventSourceMappings lambda:ListFunctionEventInvokeConfigs lambda:ListFunctionUrlConfigs lambda:ListFunctions lambda:ListFunctionsByCodeSigningConfig lambda:ListLayerVersions lambda:ListLayers lambda:ListProvisionedConcurrencyConfigs lambda:ListVersionsByFunction lambda:PublishLayerVersion lambda:PublishVersion lambda:PutFunctionCodeSigningConfig lambda:PutFunctionConcurrency lambda:PutFunctionEventInvokeConfig lambda:PutFunctionRecursionConfig lambda:PutFunctionScalingConfig lambda:PutProvisionedConcurrencyConfig lambda:PutRuntimeManagementConfig lambda:RemoveLayerVersionPermission lambda:RemovePermission lambda:UpdateAlias lambda:UpdateCapacityProvider lambda:UpdateCodeSigningConfig lambda:UpdateEventSourceMapping lambda:UpdateFunctionCode lambda:UpdateFunctionConfiguration lambda:UpdateFunctionEventInvokeConfig lambda:UpdateFunctionUrlConfig |
| lex | lex:BatchCreateCustomVocabularyItem lex:BatchDeleteCustomVocabularyItem lex:BatchUpdateCustomVocabularyItem lex:BuildBotLocale lex:CreateBotAlias lex:CreateBotReplica lex:CreateBotVersion lex:CreateExport lex:CreateIntentVersion lex:CreateResourcePolicy lex:CreateSlotTypeVersion lex:CreateTestSetDiscrepancyReport lex:CreateUploadUrl lex:DeleteBot lex:DeleteBotChannelAssociation lex:DeleteBotReplica lex:DeleteExport lex:DeleteImport lex:DeleteIntentVersion lex:DeleteResourcePolicy lex:DeleteSlotTypeVersion lex:DeleteTestSet lex:DeleteUtterances lex:DescribeBotAlias lex:DescribeBotRecommendation lex:DescribeBotReplica lex:DescribeBotResourceGeneration lex:DescribeBotVersion lex:DescribeCustomVocabularyMetadata lex:DescribeExport lex:DescribeImport lex:DescribeResourcePolicy lex:DescribeTestExecution lex:DescribeTestSet lex:DescribeTestSetDiscrepancyReport lex:DescribeTestSetGeneration lex:GenerateBotElement lex:GetBot lex:GetBotAlias lex:GetBotAliases lex:GetBotChannelAssociation lex:GetBotChannelAssociations lex:GetBotVersions lex:GetBots lex:GetBuiltinIntent lex:GetBuiltinIntents lex:GetBuiltinSlotTypes lex:GetExport lex:GetImport lex:GetIntent lex:GetIntentVersions lex:GetIntents lex:GetMigration lex:GetMigrations lex:GetSlotType lex:GetSlotTypeVersions lex:GetSlotTypes lex:GetTestExecutionArtifactsUrl lex:GetUtterancesView lex:ListBotAliasReplicas lex:ListBotAliases lex:ListBotRecommendations lex:ListBotReplicas lex:ListBotResourceGenerations lex:ListBotVersionReplicas lex:ListBotVersions lex:ListBots lex:ListBuiltInIntents lex:ListBuiltInSlotTypes lex:ListCustomVocabularyItems lex:ListExports lex:ListImports lex:ListIntentMetrics lex:ListIntentPaths lex:ListRecommendedIntents lex:ListSessionAnalyticsData lex:ListSessionMetrics lex:ListTestExecutionResultItems lex:ListTestExecutions lex:ListTestSets lex:PutBot lex:PutBotAlias lex:PutIntent lex:PutSlotType lex:SearchAssociatedTranscripts lex:StartBotRecommendation lex:StartImport lex:StartMigration lex:StartTestExecution lex:StartTestSetGeneration lex:StopBotRecommendation lex:UpdateBotAlias lex:UpdateBotRecommendation lex:UpdateExport lex:UpdateResourcePolicy |
| license-manager-linux-subscriptions | license-manager-linux-subscriptions:DeregisterSubscriptionProvider license-manager-linux-subscriptions:GetRegisteredSubscriptionProvider license-manager-linux-subscriptions:GetServiceSettings license-manager-linux-subscriptions:ListLinuxSubscriptionInstances license-manager-linux-subscriptions:ListLinuxSubscriptions license-manager-linux-subscriptions:ListRegisteredSubscriptionProviders license-manager-linux-subscriptions:RegisterSubscriptionProvider license-manager-linux-subscriptions:UpdateServiceSettings |
| lightsail | lightsail:AllocateStaticIp lightsail:AttachCertificateToDistribution lightsail:AttachDisk lightsail:AttachInstancesToLoadBalancer lightsail:AttachLoadBalancerTlsCertificate lightsail:AttachStaticIp lightsail:CloseInstancePublicPorts lightsail:CopySnapshot lightsail:CreateBucket lightsail:CreateBucketAccessKey lightsail:CreateCertificate lightsail:CreateCloudFormationStack lightsail:CreateContactMethod lightsail:CreateContainerService lightsail:CreateContainerServiceDeployment lightsail:CreateContainerServiceRegistryLogin lightsail:CreateDisk lightsail:CreateDiskFromSnapshot lightsail:CreateDiskSnapshot lightsail:CreateDistribution lightsail:CreateDomain lightsail:CreateGUISessionAccessDetails lightsail:CreateInstanceSnapshot lightsail:CreateInstances lightsail:CreateInstancesFromSnapshot lightsail:CreateKeyPair lightsail:CreateLoadBalancer lightsail:CreateLoadBalancerTlsCertificate lightsail:CreateRelationalDatabase lightsail:CreateRelationalDatabaseFromSnapshot lightsail:CreateRelationalDatabaseSnapshot lightsail:DeleteAlarm lightsail:DeleteAutoSnapshot lightsail:DeleteBucket lightsail:DeleteBucketAccessKey lightsail:DeleteCertificate lightsail:DeleteContactMethod lightsail:DeleteContainerImage lightsail:DeleteContainerService lightsail:DeleteDisk lightsail:DeleteDiskSnapshot lightsail:DeleteDistribution lightsail:DeleteDomain lightsail:DeleteDomainEntry lightsail:DeleteInstance lightsail:DeleteInstanceSnapshot lightsail:DeleteKeyPair lightsail:DeleteKnownHostKeys lightsail:DeleteLoadBalancer lightsail:DeleteLoadBalancerTlsCertificate lightsail:DeleteRelationalDatabase lightsail:DeleteRelationalDatabaseSnapshot lightsail:DetachCertificateFromDistribution lightsail:DetachDisk lightsail:DetachInstancesFromLoadBalancer lightsail:DetachStaticIp lightsail:DisableAddOn lightsail:DownloadDefaultKeyPair lightsail:EnableAddOn lightsail:ExportSnapshot lightsail:GetActiveNames lightsail:GetAlarms lightsail:GetAutoSnapshots lightsail:GetBlueprints lightsail:GetBucketAccessKeys lightsail:GetBucketBundles lightsail:GetBucketMetricData lightsail:GetBuckets lightsail:GetBundles lightsail:GetCertificates lightsail:GetCloudFormationStackRecords lightsail:GetContactMethods lightsail:GetContainerAPIMetadata lightsail:GetContainerImages lightsail:GetContainerLog lightsail:GetContainerServiceDeployments lightsail:GetContainerServiceMetricData lightsail:GetContainerServicePowers lightsail:GetContainerServices lightsail:GetCostEstimate lightsail:GetDisk lightsail:GetDiskSnapshot lightsail:GetDiskSnapshots lightsail:GetDisks lightsail:GetDistributionBundles lightsail:GetDistributionLatestCacheReset lightsail:GetDistributionMetricData lightsail:GetDistributions lightsail:GetDomain lightsail:GetExportSnapshotRecords lightsail:GetInstance lightsail:GetInstanceMetricData lightsail:GetInstancePortStates lightsail:GetInstanceSnapshot lightsail:GetInstanceSnapshots lightsail:GetInstanceState lightsail:GetInstances lightsail:GetKeyPair lightsail:GetKeyPairs lightsail:GetLoadBalancer lightsail:GetLoadBalancerMetricData lightsail:GetLoadBalancerTlsCertificates lightsail:GetLoadBalancerTlsPolicies lightsail:GetLoadBalancers lightsail:GetOperation lightsail:GetOperations lightsail:GetOperationsForResource lightsail:GetRegions lightsail:GetRelationalDatabase lightsail:GetRelationalDatabaseBlueprints lightsail:GetRelationalDatabaseBundles lightsail:GetRelationalDatabaseEvents lightsail:GetRelationalDatabaseLogEvents lightsail:GetRelationalDatabaseLogStreams lightsail:GetRelationalDatabaseMasterUserPassword lightsail:GetRelationalDatabaseMetricData lightsail:GetRelationalDatabaseParameters lightsail:GetRelationalDatabaseSnapshot lightsail:GetRelationalDatabaseSnapshots lightsail:GetRelationalDatabases lightsail:GetSetupHistory lightsail:GetStaticIp lightsail:GetStaticIps lightsail:ImportKeyPair lightsail:IsVpcPeered lightsail:OpenInstancePublicPorts lightsail:PeerVpc lightsail:PutAlarm lightsail:PutInstancePublicPorts lightsail:RebootInstance lightsail:RebootRelationalDatabase lightsail:RegisterContainerImage lightsail:ReleaseStaticIp lightsail:ResetDistributionCache lightsail:SendContactMethodVerification lightsail:SetIpAddressType lightsail:SetResourceAccessForBucket lightsail:SetupInstanceHttps lightsail:StartGUISession lightsail:StartInstance lightsail:StartRelationalDatabase lightsail:StopGUISession lightsail:StopInstance lightsail:StopRelationalDatabase lightsail:TestAlarm lightsail:UnpeerVpc lightsail:UpdateBucket lightsail:UpdateBucketBundle lightsail:UpdateContainerService lightsail:UpdateDistribution lightsail:UpdateDistributionBundle lightsail:UpdateDomainEntry lightsail:UpdateInstanceMetadataOptions lightsail:UpdateLoadBalancerAttribute lightsail:UpdateRelationalDatabase lightsail:UpdateRelationalDatabaseParameters |
| 日誌 | logs:AssociateKmsKey log:AssociateSourceToS3TableIntegration logs:CancelExportTask log:CancelImportTask logs:CreateDelivery logs:CreateExportTask logs:CreateLogAnomalyDetector logs:CreateLogGroup logs:CreateLogStream logs:DeleteDataProtectionPolicy logs:DeleteDelivery logs:DeleteDeliveryDestination logs:DeleteDeliveryDestinationPolicy logs:DeleteDeliverySource logs:DeleteDestination logs:DeleteIndexPolicy logs:DeleteIntegration logs:DeleteLogAnomalyDetector logs:DeleteLogGroup logs:DeleteLogStream logs:DeleteMetricFilter logs:DeleteQueryDefinition logs:DeleteResourcePolicy logs:DeleteRetentionPolicy log:DeleteScheduledQuery logs:DeleteSubscriptionFilter logs:DeleteTransformer logs:DescribeAccountPolicies logs:DescribeConfigurationTemplates logs:DescribeDeliveries logs:DescribeDeliveryDestinations logs:DescribeDeliverySources logs:DescribeDestinations logs:DescribeExportTasks logs:DescribeFieldIndexes log:DescribeImportTaskBatches log:DescribeImportTasks logs:DescribeIndexPolicies logs:DescribeLogGroups logs:DescribeLogStreams logs:DescribeMetricFilters logs:DescribeQueries logs:DescribeQueryDefinitions logs:DescribeResourcePolicies logs:DescribeSubscriptionFilters logs:DisassociateKmsKey log:DisassociateSourceFromS3TableIntegration logs:GetDataProtectionPolicy logs:GetDelivery logs:GetDeliveryDestination logs:GetDeliveryDestinationPolicy logs:GetDeliverySource logs:GetIntegration logs:GetLogAnomalyDetector log:GetLogFields logs:GetLogGroupFields logs:GetLogRecord logs:GetQueryResults log:GetScheduledQuery log:GetScheduledQueryHistory logs:GetTransformer log:IntegrateWithS3Table logs:ListAnomalies logs:ListIntegrations logs:ListLogAnomalyDetectors logs:ListLogGroupsForQuery log:ListScheduledQueries log:ListSourcesForS3TableIntegration log:ProcessWithPipeline logs:PutDataProtectionPolicy logs:PutDeliveryDestination logs:PutDeliveryDestinationPolicy logs:PutDeliverySource logs:PutDestination logs:PutDestinationPolicy logs:PutIndexPolicy logs:PutIntegration log:PutLogGroupDeletionProtection logs:PutMetricFilter logs:PutQueryDefinition logs:PutResourcePolicy logs:PutRetentionPolicy logs:PutSubscriptionFilter logs:PutTransformer logs:StartLiveTail logs:StartQuery logs:StopQuery logs:TestMetricFilter logs:TestTransformer logs:UpdateAnomaly logs:UpdateDeliveryConfiguration logs:UpdateLogAnomalyDetector |
| lookoutequipment | lookoutequipment:CreateDataset lookoutequipment:CreateInferenceScheduler lookoutequipment:CreateLabel lookoutequipment:CreateLabelGroup lookoutequipment:CreateModel lookoutequipment:DeleteDataset lookoutequipment:DeleteInferenceScheduler lookoutequipment:DeleteLabel lookoutequipment:DeleteLabelGroup lookoutequipment:DeleteModel lookoutequipment:DeleteResourcePolicy lookoutequipment:DeleteRetrainingScheduler lookoutequipment:DescribeDataIngestionJob lookoutequipment:DescribeDataset lookoutequipment:DescribeInferenceScheduler lookoutequipment:DescribeLabelGroup lookoutequipment:DescribeModel lookoutequipment:DescribeModelVersion lookoutequipment:DescribeResourcePolicy lookoutequipment:DescribeRetrainingScheduler lookoutequipment:Describelabel lookoutequipment:ImportDataset lookoutequipment:ImportModelVersion lookoutequipment:ListDataIngestionJobs lookoutequipment:ListDatasets lookoutequipment:ListInferenceEvents lookoutequipment:ListInferenceExecutions lookoutequipment:ListInferenceSchedulers lookoutequipment:ListLabelGroups lookoutequipment:ListLabels lookoutequipment:ListModelVersions lookoutequipment:ListModels lookoutequipment:ListRetrainingSchedulers lookoutequipment:ListSensorStatistics lookoutequipment:PutResourcePolicy lookoutequipment:StartDataIngestionJob lookoutequipment:StartInferenceScheduler lookoutequipment:StartRetrainingScheduler lookoutequipment:StopInferenceScheduler lookoutequipment:StopRetrainingScheduler lookoutequipment:UpdateActiveModelVersion lookoutequipment:UpdateInferenceScheduler lookoutequipment:UpdateLabelGroup lookoutequipment:UpdateModel lookoutequipment:UpdateRetrainingScheduler |
| lookoutmetrics | lookoutmetrics:ActivateAnomalyDetector lookoutmetrics:BackTestAnomalyDetector lookoutmetrics:CreateAlert lookoutmetrics:CreateAnomalyDetector lookoutmetrics:CreateMetricSet lookoutmetrics:DeactivateAnomalyDetector lookoutmetrics:DeleteAlert lookoutmetrics:DeleteAnomalyDetector lookoutmetrics:DescribeAlert lookoutmetrics:DescribeAnomalyDetectionExecutions lookoutmetrics:DescribeAnomalyDetector lookoutmetrics:DescribeMetricSet lookoutmetrics:DetectMetricSetConfig lookoutmetrics:GetAnomalyGroup lookoutmetrics:GetDataQualityMetrics lookoutmetrics:GetFeedback lookoutmetrics:GetSampleData lookoutmetrics:ListAlerts lookoutmetrics:ListAnomalyDetectors lookoutmetrics:ListAnomalyGroupRelatedMetrics lookoutmetrics:ListAnomalyGroupSummaries lookoutmetrics:ListAnomalyGroupTimeSeries lookoutmetrics:ListMetricSets lookoutmetrics:PutFeedback lookoutmetrics:UpdateAlert lookoutmetrics:UpdateAnomalyDetector lookoutmetrics:UpdateMetricSet |
| lookoutvision | lookoutvision:CreateDataset lookoutvision:CreateModel lookoutvision:CreateProject lookoutvision:DeleteDataset lookoutvision:DeleteModel lookoutvision:DeleteProject lookoutvision:DescribeDataset lookoutvision:DescribeModel lookoutvision:DescribeModelPackagingJob lookoutvision:DescribeProject lookoutvision:DetectAnomalies lookoutvision:ListDatasetEntries lookoutvision:ListModelPackagingJobs lookoutvision:ListModels lookoutvision:ListProjects lookoutvision:StartModel lookoutvision:StartModelPackagingJob lookoutvision:StopModel lookoutvision:UpdateDatasetEntries |
| m2 | m2:CancelBatchJobExecution m2:CreateApplication m2:CreateDataSetExportTask m2:CreateDataSetImportTask m2:CreateDeployment m2:CreateEnvironment m2:DeleteApplication m2:DeleteApplicationFromEnvironment m2:DeleteEnvironment m2:GetApplication m2:GetApplicationVersion m2:GetBatchJobExecution m2:GetDataSetDetails m2:GetDataSetExportTask m2:GetDataSetImportTask m2:GetDeployment m2:GetEnvironment m2:GetSignedBluinsightsUrl m2:ListApplicationVersions m2:ListApplications m2:ListBatchJobDefinitions m2:ListBatchJobExecutions m2:ListBatchJobRestartPoints m2:ListDataSetExportHistory m2:ListDataSetImportHistory m2:ListDataSets m2:ListDeployments m2:ListEngineVersions m2:ListEnvironments m2:StartApplication m2:StartBatchJob m2:StopApplication m2:UpdateApplication m2:UpdateEnvironment |
| managedblockchain | managedblockchain:CreateAccessor managedblockchain:CreateMember managedblockchain:CreateNetwork managedblockchain:CreateNode managedblockchain:CreateProposal managedblockchain:DeleteAccessor managedblockchain:DeleteMember managedblockchain:DeleteNode managedblockchain:GetAccessor managedblockchain:GetMember managedblockchain:GetNetwork managedblockchain:GetNode managedblockchain:GetProposal managedblockchain:InvokeRpcPolygonMainnet managedblockchain:InvokeRpcPolygonMumbaiTestnet managedblockchain:ListAccessors managedblockchain:ListInvitations managedblockchain:ListMembers managedblockchain:ListNetworks managedblockchain:ListNodes managedblockchain:ListProposalVotes managedblockchain:ListProposals managedblockchain:RejectInvitation managedblockchain:UpdateMember managedblockchain:UpdateNode managedblockchain:VoteOnProposal |
| mediaconnect | mediaconnect:AddBridgeOutputs mediaconnect:AddBridgeSources mediaconnect:AddFlowMediaStreams mediaconnect:AddFlowOutputs mediaconnect:AddFlowSources mediaconnect:AddFlowVpcInterfaces mediaconnect:CreateBridge mediaconnect:CreateFlow mediaconnect:CreateGateway mediaconnect:DeleteBridge mediaconnect:DeleteFlow mediaconnect:DeleteGateway mediaconnect:DeleteRouterInput mediaconnect:DeleteRouterNetworkInterface mediaconnect:DeleteRouterOutput mediaconnect:DeregisterGatewayInstance mediaconnect:DescribeBridge mediaconnect:DescribeFlow mediaconnect:DescribeFlowSourceMetadata mediaconnect:DescribeFlowSourceThumbnail mediaconnect:DescribeGateway mediaconnect:DescribeGatewayInstance mediaconnect:DescribeOffering mediaconnect:DescribeReservation mediaconnect:GetRouterInput mediaconnect:GetRouterInputSourceMetadata mediaconnect:GetRouterInputThumbnail mediaconnect:GetRouterNetworkInterface mediaconnect:GetRouterOutput mediaconnect:GrantFlowEntitlements mediaconnect:ListBridges mediaconnect:ListEntitlements mediaconnect:ListFlows mediaconnect:ListGatewayInstances mediaconnect:ListGateways mediaconnect:ListOfferings mediaconnect:ListReservations mediaconnect:ListRouterInputs mediaconnect:ListRouterNetworkInterfaces mediaconnect:ListRouterOutputs mediaconnect:PurchaseOffering mediaconnect:RemoveBridgeOutput mediaconnect:RemoveBridgeSource mediaconnect:RemoveFlowMediaStream mediaconnect:RemoveFlowOutput mediaconnect:RemoveFlowSource mediaconnect:RemoveFlowVpcInterface mediaconnect:RestartRouterInput mediaconnect:RestartRouterOutput mediaconnect:RevokeFlowEntitlement mediaconnect:StartFlow mediaconnect:StartRouterInput mediaconnect:StartRouterOutput mediaconnect:StopFlow mediaconnect:StopRouterInput mediaconnect:StopRouterOutput mediaconnect:TakeRouterInput mediaconnect:UpdateBridge mediaconnect:UpdateBridgeOutput mediaconnect:UpdateBridgeSource mediaconnect:UpdateBridgeState mediaconnect:UpdateFlow mediaconnect:UpdateFlowEntitlement mediaconnect:UpdateFlowMediaStream mediaconnect:UpdateGatewayInstance |
| mediaconvert | mediaconvert:AssociateCertificate mediaconvert:CancelJob mediaconvert:CreateJob mediaconvert:CreateJobTemplate mediaconvert:CreatePreset mediaconvert:CreateQueue mediaconvert:CreateResourceShare mediaconvert:DeleteJobTemplate mediaconvert:DeletePolicy mediaconvert:DeletePreset mediaconvert:DeleteQueue mediaconvert:DescribeEndpoints mediaconvert:DisassociateCertificate mediaconvert:GetJob mediaconvert:GetJobTemplate mediaconvert:GetPolicy mediaconvert:GetPreset mediaconvert:GetQueue mediaconvert:ListJobTemplates mediaconvert:ListJobs mediaconvert:ListPresets mediaconvert:ListQueues mediaconvert:ListVersions mediaconvert:Probe mediaconvert:PutPolicy mediaconvert:SearchJobs mediaconvert:UpdateJobTemplate mediaconvert:UpdatePreset mediaconvert:UpdateQueue |
| medialive | medialive:AcceptInputDeviceTransfer medialive:BatchDelete medialive:BatchStart medialive:BatchStop medialive:BatchUpdateSchedule medialive:CancelInputDeviceTransfer medialive:ClaimDevice medialive:CreateChannel medialive:CreateChannelPlacementGroup medialive:CreateCloudWatchAlarmTemplate medialive:CreateCloudWatchAlarmTemplateGroup medialive:CreateCluster medialive:CreateEventBridgeRuleTemplate medialive:CreateEventBridgeRuleTemplateGroup medialive:CreateInput medialive:CreateInputSecurityGroup medialive:CreateMultiplex medialive:CreateMultiplexProgram medialive:CreateNetwork medialive:CreateNode medialive:CreateNodeRegistrationScript medialive:CreatePartnerInput medialive:CreateSdiSource medialive:CreateSignalMap medialive:DeleteChannel medialive:DeleteChannelPlacementGroup medialive:DeleteCloudWatchAlarmTemplate medialive:DeleteCloudWatchAlarmTemplateGroup medialive:DeleteCluster medialive:DeleteEventBridgeRuleTemplate medialive:DeleteEventBridgeRuleTemplateGroup medialive:DeleteInput medialive:DeleteInputSecurityGroup medialive:DeleteMultiplex medialive:DeleteMultiplexProgram medialive:DeleteNetwork medialive:DeleteNode medialive:DeleteReservation medialive:DeleteSchedule medialive:DeleteSdiSource medialive:DeleteSignalMap medialive:DescribeAccountConfiguration medialive:DescribeChannel medialive:DescribeChannelPlacementGroup medialive:DescribeCluster medialive:DescribeInput medialive:DescribeInputDevice medialive:DescribeInputDeviceThumbnail medialive:DescribeInputSecurityGroup medialive:DescribeMultiplex medialive:DescribeMultiplexProgram medialive:DescribeNetwork medialive:DescribeNode medialive:DescribeOffering medialive:DescribeReservation medialive:DescribeSchedule medialive:DescribeSdiSource medialive:DescribeThumbnails medialive:GetCloudWatchAlarmTemplate medialive:GetCloudWatchAlarmTemplateGroup medialive:GetEventBridgeRuleTemplate medialive:GetEventBridgeRuleTemplateGroup medialive:GetSignalMap medialive:ListAlerts medialive:ListChannelPlacementGroups medialive:ListChannels medialive:ListCloudWatchAlarmTemplateGroups medialive:ListCloudWatchAlarmTemplates medialive:ListClusterAlerts medialive:ListClusters medialive:ListEventBridgeRuleTemplateGroups medialive:ListEventBridgeRuleTemplates medialive:ListInputDeviceTransfers medialive:ListInputDevices medialive:ListInputSecurityGroups medialive:ListInputs medialive:ListMultiplexAlerts medialive:ListMultiplexPrograms medialive:ListMultiplexes medialive:ListNetworks medialive:ListNodes medialive:ListOfferings medialive:ListReservations medialive:ListSdiSources medialive:ListSignalMaps medialive:ListVersions medialive:PurchaseOffering medialive:RebootInputDevice medialive:RejectInputDeviceTransfer medialive:RestartChannelPipelines medialive:StartChannel medialive:StartDeleteMonitorDeployment medialive:StartInputDevice medialive:StartInputDeviceMaintenanceWindow medialive:StartMonitorDeployment medialive:StartMultiplex medialive:StartUpdateSignalMap medialive:StopChannel medialive:StopInputDevice medialive:StopMultiplex medialive:TransferInputDevice medialive:UpdateAccountConfiguration medialive:UpdateChannel medialive:UpdateChannelClass medialive:UpdateChannelPlacementGroup medialive:UpdateCloudWatchAlarmTemplate medialive:UpdateCloudWatchAlarmTemplateGroup medialive:UpdateCluster medialive:UpdateEventBridgeRuleTemplate medialive:UpdateEventBridgeRuleTemplateGroup medialive:UpdateInput medialive:UpdateInputDevice medialive:UpdateInputSecurityGroup medialive:UpdateMultiplex medialive:UpdateMultiplexProgram medialive:UpdateNetwork medialive:UpdateNode medialive:UpdateNodeState medialive:UpdateReservation medialive:UpdateSdiSource |
| mediastore | mediastore:CreateContainer mediastore:DeleteContainer mediastore:DeleteContainerPolicy mediastore:DeleteCorsPolicy mediastore:DeleteLifecyclePolicy mediastore:DeleteMetricPolicy mediastore:DescribeContainer mediastore:GetContainerPolicy mediastore:GetCorsPolicy mediastore:GetLifecyclePolicy mediastore:GetMetricPolicy mediastore:ListContainers mediastore:PutContainerPolicy mediastore:PutCorsPolicy mediastore:PutLifecyclePolicy mediastore:PutMetricPolicy mediastore:StartAccessLogging mediastore:StopAccessLogging |
| mediatailor | mediatailor:ConfigureLogsForPlaybackConfiguration mediatailor:CreateChannel mediatailor:CreateLiveSource mediatailor:CreatePrefetchSchedule mediatailor:CreateProgram mediatailor:CreateSourceLocation mediatailor:CreateVodSource mediatailor:DeleteChannel mediatailor:DeleteChannelPolicy mediatailor:DeleteLiveSource mediatailor:DeletePlaybackConfiguration mediatailor:DeletePrefetchSchedule mediatailor:DeleteProgram mediatailor:DeleteSourceLocation mediatailor:DeleteVodSource mediatailor:DescribeChannel mediatailor:DescribeLiveSource mediatailor:DescribeProgram mediatailor:DescribeSourceLocation mediatailor:DescribeVodSource mediatailor:GetChannelPolicy mediatailor:GetChannelSchedule mediatailor:GetPlaybackConfiguration mediatailor:GetPrefetchSchedule mediatailor:ListAlerts mediatailor:ListChannels mediatailor:ListLiveSources mediatailor:ListPlaybackConfigurations mediatailor:ListPrefetchSchedules mediatailor:ListSourceLocations mediatailor:ListVodSources mediatailor:PutChannelPolicy mediatailor:PutPlaybackConfiguration mediatailor:StartChannel mediatailor:StopChannel mediatailor:UpdateChannel mediatailor:UpdateLiveSource mediatailor:UpdateProgram mediatailor:UpdateSourceLocation mediatailor:UpdateVodSource |
| memorydb | memorydb:BatchUpdateCluster memorydb:CopySnapshot memorydb:CreateAcl memorydb:CreateCluster memorydb:CreateMultiRegionCluster memorydb:CreateParameterGroup memorydb:CreateSnapshot memorydb:CreateSubnetGroup memorydb:CreateUser memorydb:DeleteAcl memorydb:DeleteCluster memorydb:DeleteMultiRegionCluster memorydb:DeleteParameterGroup memorydb:DeleteSnapshot memorydb:DeleteSubnetGroup memorydb:DeleteUser memorydb:DescribeAcls memorydb:DescribeClusters memorydb:DescribeEngineVersions memorydb:DescribeEvents memorydb:DescribeMultiRegionClusters memorydb:DescribeMultiRegionParameterGroups memorydb:DescribeMultiRegionParameters memorydb:DescribeParameterGroups memorydb:DescribeParameters memorydb:DescribeReservedNodes memorydb:DescribeReservedNodesOfferings memorydb:DescribeServiceUpdates memorydb:DescribeSnapshots memorydb:DescribeSubnetGroups memorydb:DescribeUsers memorydb:FailoverShard memorydb:ListAllowedMultiRegionClusterUpdates memorydb:ListAllowedNodeTypeUpdates memorydb:PurchaseReservedNodesOffering memorydb:ResetParameterGroup memorydb:UpdateAcl memorydb:UpdateCluster memorydb:UpdateMultiRegionCluster memorydb:UpdateParameterGroup memorydb:UpdateSubnetGroup memorydb:UpdateUser |
| mgh | mgh:AssociateCreatedArtifact mgh:AssociateDiscoveredResource mgh:AssociateSourceResource mgh:CreateHomeRegionControl mgh:CreateProgressUpdateStream mgh:DeleteHomeRegionControl mgh:DeleteProgressUpdateStream mgh:DescribeApplicationState mgh:DescribeHomeRegionControls mgh:DescribeMigrationTask mgh:DisassociateCreatedArtifact mgh:DisassociateDiscoveredResource mgh:DisassociateSourceResource mgh:GetHomeRegion mgh:ImportMigrationTask mgh:ListApplicationStates mgh:ListCreatedArtifacts mgh:ListDiscoveredResources mgh:ListMigrationTaskUpdates mgh:ListMigrationTasks mgh:ListProgressUpdateStreams mgh:ListSourceResources mgh:NotifyApplicationState mgh:NotifyMigrationTaskState mgh:PutResourceAttributes |
| mgn | mgn:ArchiveApplication mgn:ArchiveWave mgn:AssociateApplications mgn:AssociateSourceServers mgn:ChangeServerLifeCycleState mgn:CreateApplication mgn:CreateConnector mgn:CreateLaunchConfigurationTemplate mgn:CreateReplicationConfigurationTemplate mgn:CreateWave mgn:DeleteApplication mgn:DeleteConnector mgn:DeleteJob mgn:DeleteLaunchConfigurationTemplate mgn:DeleteReplicationConfigurationTemplate mgn:DeleteSourceServer mgn:DeleteVcenterClient mgn:DeleteWave mgn:DescribeJobLogItems mgn:DescribeJobs mgn:DescribeLaunchConfigurationTemplates mgn:DescribeReplicationConfigurationTemplates mgn:DescribeVcenterClients mgn:DisassociateApplications mgn:DisassociateSourceServers mgn:DisconnectFromService mgn:FinalizeCutover mgn:GetReplicationConfiguration mgn:InitializeService mgn:ListConnectors mgn:ListExportErrors mgn:ListExports mgn:ListImportErrors mgn:ListImports mgn:ListManagedAccounts mgn:ListSourceServerActions mgn:ListTemplateActions mgn:MarkAsArchived mgn:PauseReplication mgn:PutSourceServerAction mgn:PutTemplateAction mgn:RemoveSourceServerAction mgn:RemoveTemplateAction mgn:ResumeReplication mgn:RetryDataReplication mgn:StartCutover mgn:StartExport mgn:StartImport mgn:StartReplication mgn:StartTest mgn:StopReplication mgn:TerminateTargetInstances mgn:UnarchiveApplication mgn:UnarchiveWave mgn:UpdateApplication mgn:UpdateConnector mgn:UpdateLaunchConfigurationTemplate mgn:UpdateReplicationConfiguration mgn:UpdateReplicationConfigurationTemplate mgn:UpdateSourceServer mgn:UpdateSourceServerReplicationType mgn:UpdateWave |
| migrationhub-strategy | migrationhub-strategy:GetAntiPattern migrationhub-strategy:GetApplicationComponentDetails migrationhub-strategy:GetApplicationComponentStrategies migrationhub-strategy:GetAssessment migrationhub-strategy:GetImportFileTask migrationhub-strategy:GetLatestAssessmentId migrationhub-strategy:GetMessage migrationhub-strategy:GetPortfolioPreferences migrationhub-strategy:GetPortfolioSummary migrationhub-strategy:GetRecommendationReportDetails migrationhub-strategy:GetServerDetails migrationhub-strategy:GetServerStrategies migrationhub-strategy:ListAnalyzableServers migrationhub-strategy:ListAntiPatterns migrationhub-strategy:ListApplicationComponents migrationhub-strategy:ListCollectors migrationhub-strategy:ListImportFileTask migrationhub-strategy:ListJarArtifacts migrationhub-strategy:ListServers migrationhub-strategy:PutLogData migrationhub-strategy:PutMetricData migrationhub-strategy:PutPortfolioPreferences migrationhub-strategy:RegisterCollector migrationhub-strategy:SendMessage migrationhub-strategy:StartAssessment migrationhub-strategy:StartImportFileTask migrationhub-strategy:StartRecommendationReportGeneration migrationhub-strategy:StopAssessment migrationhub-strategy:UpdateApplicationComponentConfig migrationhub-strategy:UpdateCollectorConfiguration migrationhub-strategy:UpdateServerConfig |
| mobiletargeting | mobiletargeting:CreateApp mobiletargeting:CreateCampaign mobiletargeting:CreateEmailTemplate mobiletargeting:CreateExportJob mobiletargeting:CreateImportJob mobiletargeting:CreateInAppTemplate mobiletargeting:CreateJourney mobiletargeting:CreatePushTemplate mobiletargeting:CreateRecommenderConfiguration mobiletargeting:CreateSegment mobiletargeting:CreateSmsTemplate mobiletargeting:CreateVoiceTemplate mobiletargeting:DeleteAdmChannel mobiletargeting:DeleteApnsChannel mobiletargeting:DeleteApnsSandboxChannel mobiletargeting:DeleteApnsVoipChannel mobiletargeting:DeleteApnsVoipSandboxChannel mobiletargeting:DeleteApp mobiletargeting:DeleteBaiduChannel mobiletargeting:DeleteCampaign mobiletargeting:DeleteEmailChannel mobiletargeting:DeleteEmailTemplate mobiletargeting:DeleteEndpoint mobiletargeting:DeleteEventStream mobiletargeting:DeleteGcmChannel mobiletargeting:DeleteInAppTemplate mobiletargeting:DeleteJourney mobiletargeting:DeletePushTemplate mobiletargeting:DeleteRecommenderConfiguration mobiletargeting:DeleteSegment mobiletargeting:DeleteSmsChannel mobiletargeting:DeleteSmsTemplate mobiletargeting:DeleteUserEndpoints mobiletargeting:DeleteVoiceChannel mobiletargeting:DeleteVoiceTemplate mobiletargeting:GetAdmChannel mobiletargeting:GetApnsChannel mobiletargeting:GetApnsSandboxChannel mobiletargeting:GetApnsVoipChannel mobiletargeting:GetApnsVoipSandboxChannel mobiletargeting:GetApp mobiletargeting:GetApplicationDateRangeKpi mobiletargeting:GetApplicationSettings mobiletargeting:GetApps mobiletargeting:GetBaiduChannel mobiletargeting:GetCampaign mobiletargeting:GetCampaignActivities mobiletargeting:GetCampaignDateRangeKpi mobiletargeting:GetCampaignVersion mobiletargeting:GetCampaignVersions mobiletargeting:GetCampaigns mobiletargeting:GetChannels mobiletargeting:GetEmailChannel mobiletargeting:GetEmailTemplate mobiletargeting:GetEndpoint mobiletargeting:GetEventStream mobiletargeting:GetExportJob mobiletargeting:GetExportJobs mobiletargeting:GetGcmChannel mobiletargeting:GetImportJob mobiletargeting:GetImportJobs mobiletargeting:GetInAppMessages mobiletargeting:GetInAppTemplate mobiletargeting:GetJourney mobiletargeting:GetJourneyDateRangeKpi mobiletargeting:GetJourneyExecutionActivityMetrics mobiletargeting:GetJourneyExecutionMetrics mobiletargeting:GetJourneyRunExecutionActivityMetrics mobiletargeting:GetJourneyRunExecutionMetrics mobiletargeting:GetJourneyRuns mobiletargeting:GetPushTemplate mobiletargeting:GetRecommenderConfiguration mobiletargeting:GetRecommenderConfigurations mobiletargeting:GetSegment mobiletargeting:GetSegmentExportJobs mobiletargeting:GetSegmentImportJobs mobiletargeting:GetSegmentVersion mobiletargeting:GetSegmentVersions mobiletargeting:GetSegments mobiletargeting:GetSmsChannel mobiletargeting:GetSmsTemplate mobiletargeting:GetUserEndpoints mobiletargeting:GetVoiceChannel mobiletargeting:GetVoiceTemplate mobiletargeting:ListJourneys mobiletargeting:ListTemplateVersions mobiletargeting:ListTemplates mobiletargeting:PhoneNumberValidate mobiletargeting:PutEventStream mobiletargeting:RemoveAttributes mobiletargeting:UpdateAdmChannel mobiletargeting:UpdateApnsChannel mobiletargeting:UpdateApnsSandboxChannel mobiletargeting:UpdateApnsVoipChannel mobiletargeting:UpdateApnsVoipSandboxChannel mobiletargeting:UpdateApplicationSettings mobiletargeting:UpdateBaiduChannel mobiletargeting:UpdateCampaign mobiletargeting:UpdateEmailChannel mobiletargeting:UpdateEmailTemplate mobiletargeting:UpdateEndpoint mobiletargeting:UpdateEndpointsBatch mobiletargeting:UpdateGcmChannel mobiletargeting:UpdateInAppTemplate mobiletargeting:UpdateJourney mobiletargeting:UpdateJourneyState mobiletargeting:UpdatePushTemplate mobiletargeting:UpdateRecommenderConfiguration mobiletargeting:UpdateSegment mobiletargeting:UpdateSmsChannel mobiletargeting:UpdateSmsTemplate mobiletargeting:UpdateTemplateActiveVersion mobiletargeting:UpdateVoiceChannel mobiletargeting:UpdateVoiceTemplate mobiletargeting:VerifyOTPMessage |
| mq | mq:CreateBroker mq:CreateConfiguration mq:CreateUser mq:DeleteBroker mq:DeleteConfiguration mq:DeleteUser mq:DescribeBroker mq:DescribeBrokerEngineTypes mq:DescribeBrokerInstanceOptions mq:DescribeConfiguration mq:DescribeConfigurationRevision mq:DescribeUser mq:ListBrokers mq:ListConfigurationRevisions mq:ListConfigurations mq:ListUsers mq:Promote mq:RebootBroker mq:UpdateBroker mq:UpdateConfiguration mq:UpdateUser |
| networkmanager | networkmanager:AcceptAttachment networkmanager:AssociateConnectPeer networkmanager:AssociateCustomerGateway networkmanager:AssociateLink networkmanager:AssociateTransitGatewayConnectPeer networkmanager:CreateConnectAttachment networkmanager:CreateConnectPeer networkmanager:CreateConnection networkmanager:CreateCoreNetwork networkmanager:CreateDevice networkmanager:CreateDirectConnectGatewayAttachment networkmanager:CreateGlobalNetwork networkmanager:CreateLink networkmanager:CreateSite networkmanager:CreateSiteToSiteVpnAttachment networkmanager:CreateTransitGatewayPeering networkmanager:CreateTransitGatewayRouteTableAttachment networkmanager:CreateVpcAttachment networkmanager:DeleteAttachment networkmanager:DeleteConnectPeer networkmanager:DeleteConnection networkmanager:DeleteCoreNetwork networkmanager:DeleteCoreNetworkPolicyVersion networkmanager:DeleteDevice networkmanager:DeleteGlobalNetwork networkmanager:DeleteLink networkmanager:DeletePeering networkmanager:DeleteResourcePolicy networkmanager:DeleteSite networkmanager:DeregisterTransitGateway networkmanager:DescribeGlobalNetworks networkmanager:DisassociateConnectPeer networkmanager:DisassociateCustomerGateway networkmanager:DisassociateLink networkmanager:DisassociateTransitGatewayConnectPeer networkmanager:ExecuteCoreNetworkChangeSet networkmanager:GetConnectAttachment networkmanager:GetConnectPeer networkmanager:GetConnectPeerAssociations networkmanager:GetConnections networkmanager:GetCoreNetwork networkmanager:GetCoreNetworkChangeEvents networkmanager:GetCoreNetworkChangeSet networkmanager:GetCoreNetworkPolicy networkmanager:GetCustomerGatewayAssociations networkmanager:GetDevices networkmanager:GetLinkAssociations networkmanager:GetLinks networkmanager:GetNetworkResourceCounts networkmanager:GetNetworkResourceRelationships networkmanager:GetNetworkResources networkmanager:GetNetworkRoutes networkmanager:GetNetworkTelemetry networkmanager:GetResourcePolicy networkmanager:GetRouteAnalysis networkmanager:GetSiteToSiteVpnAttachment networkmanager:GetSites networkmanager:GetTransitGatewayConnectPeerAssociations networkmanager:GetTransitGatewayPeering networkmanager:GetTransitGatewayRegistrations networkmanager:GetTransitGatewayRouteTableAttachment networkmanager:GetVpcAttachment networkmanager:ListAttachmentRoutingPolicyAssociations networkmanager:ListAttachments networkmanager:ListConnectPeers networkmanager:ListCoreNetworkPolicyVersions networkmanager:ListCoreNetworkPrefixListAssociations networkmanager:ListCoreNetworkRoutingInformation networkmanager:ListCoreNetworks networkmanager:ListOrganizationServiceAccessStatus networkmanager:ListPeerings networkmanager:PutAttachmentRoutingPolicyLabel networkmanager:PutCoreNetworkPolicy networkmanager:PutResourcePolicy networkmanager:RegisterTransitGateway networkmanager:RejectAttachment networkmanager:RemoveAttachmentRoutingPolicyLabel networkmanager:RestoreCoreNetworkPolicyVersion networkmanager:StartOrganizationServiceAccessUpdate networkmanager:StartRouteAnalysis networkmanager:UpdateConnection networkmanager:UpdateCoreNetwork networkmanager:UpdateDevice networkmanager:UpdateDirectConnectGatewayAttachment networkmanager:UpdateGlobalNetwork networkmanager:UpdateLink networkmanager:UpdateNetworkResourceMetadata networkmanager:UpdateSite networkmanager:UpdateVpcAttachment |
| nimble | nimble:AcceptEulas nimble:CreateLaunchProfile nimble:CreateStreamingImage nimble:CreateStreamingSession nimble:CreateStreamingSessionStream nimble:CreateStudio nimble:CreateStudioComponent nimble:DeleteLaunchProfile nimble:DeleteLaunchProfileMember nimble:DeleteStreamingImage nimble:DeleteStreamingSession nimble:DeleteStudio nimble:DeleteStudioComponent nimble:DeleteStudioMember nimble:GetEula nimble:GetLaunchProfileDetails nimble:GetStreamingImage nimble:GetStreamingSession nimble:GetStreamingSessionBackup nimble:GetStreamingSessionStream nimble:GetStudio nimble:GetStudioComponent nimble:GetStudioMember nimble:ListEulas nimble:ListLaunchProfileMembers nimble:ListLaunchProfiles nimble:ListStreamingImages nimble:ListStreamingSessionBackups nimble:ListStreamingSessions nimble:ListStudioComponents nimble:ListStudioMembers nimble:ListStudios nimble:PutLaunchProfileMembers nimble:PutStudioMembers nimble:StartStreamingSession nimble:StartStudioSSOConfigurationRepair nimble:StopStreamingSession nimble:UpdateLaunchProfile nimble:UpdateLaunchProfileMember nimble:UpdateStreamingImage nimble:UpdateStudio nimble:UpdateStudioComponent |
| omics | omics:AbortMultipartReadSetUpload omics:AcceptShare omics:BatchDeleteReadSet omics:CancelAnnotationImportJob omics:CancelRun omics:CancelVariantImportJob omics:CompleteMultipartReadSetUpload omics:CreateAnnotationStore omics:CreateAnnotationStoreVersion omics:CreateMultipartReadSetUpload omics:CreateReferenceStore omics:CreateRunGroup omics:CreateSequenceStore omics:CreateShare omics:CreateVariantStore omics:CreateWorkflow omics:CreateWorkflowVersion omics:DeleteAnnotationStore omics:DeleteAnnotationStoreVersions omics:DeleteReference omics:DeleteReferenceStore omics:DeleteRun omics:DeleteRunGroup omics:DeleteSequenceStore omics:DeleteShare omics:DeleteVariantStore omics:DeleteWorkflow omics:DeleteWorkflowVersion omics:GetAnnotationImportJob omics:GetAnnotationStore omics:GetAnnotationStoreVersion omics:GetReadSet omics:GetReadSetActivationJob omics:GetReadSetExportJob omics:GetReadSetImportJob omics:GetReadSetMetadata omics:GetReference omics:GetReferenceImportJob omics:GetReferenceMetadata omics:GetReferenceStore omics:GetRun omics:GetRunGroup omics:GetRunTask omics:GetSequenceStore omics:GetShare omics:GetVariantImportJob omics:GetVariantStore omics:GetWorkflow omics:GetWorkflowVersion omics:ListAnnotationImportJobs omics:ListAnnotationStoreVersions omics:ListAnnotationStores omics:ListMultipartReadSetUploads omics:ListReadSetActivationJobs omics:ListReadSetExportJobs omics:ListReadSetImportJobs omics:ListReadSetUploadParts omics:ListReadSets omics:ListReferenceImportJobs omics:ListReferenceStores omics:ListReferences omics:ListRunGroups omics:ListRunTasks omics:ListRuns omics:ListSequenceStores omics:ListShares omics:ListVariantImportJobs omics:ListVariantStores omics:ListWorkflowVersions omics:ListWorkflows omics:StartAnnotationImportJob omics:StartReadSetActivationJob omics:StartReadSetExportJob omics:StartReadSetImportJob omics:StartReferenceImportJob omics:StartRun omics:StartVariantImportJob omics:UpdateAnnotationStore omics:UpdateAnnotationStoreVersion omics:UpdateRunGroup omics:UpdateVariantStore omics:UpdateWorkflow omics:UpdateWorkflowVersion omics:UploadReadSetPart |
| opsworks | opsworks:AssignInstance opsworks:AssignVolume opsworks:AssociateElasticIp opsworks:AttachElasticLoadBalancer opsworks:CloneStack opsworks:CreateApp opsworks:CreateDeployment opsworks:CreateInstance opsworks:CreateLayer opsworks:CreateStack opsworks:CreateUserProfile opsworks:DeleteApp opsworks:DeleteInstance opsworks:DeleteLayer opsworks:DeleteStack opsworks:DeleteUserProfile opsworks:DeregisterEcsCluster opsworks:DeregisterElasticIp opsworks:DeregisterInstance opsworks:DeregisterRdsDbInstance opsworks:DeregisterVolume opsworks:DescribeAgentVersions opsworks:DescribeApps opsworks:DescribeCommands opsworks:DescribeDeployments opsworks:DescribeEcsClusters opsworks:DescribeElasticIps opsworks:DescribeElasticLoadBalancers opsworks:DescribeInstances opsworks:DescribeLayers opsworks:DescribeLoadBasedAutoScaling opsworks:DescribeMyUserProfile opsworks:DescribeOperatingSystems opsworks:DescribePermissions opsworks:DescribeRaidArrays opsworks:DescribeRdsDbInstances opsworks:DescribeServiceErrors opsworks:DescribeStackProvisioningParameters opsworks:DescribeStackSummary opsworks:DescribeStacks opsworks:DescribeTimeBasedAutoScaling opsworks:DescribeUserProfiles opsworks:DescribeVolumes opsworks:DetachElasticLoadBalancer opsworks:DisassociateElasticIp opsworks:GetHostnameSuggestion opsworks:GrantAccess opsworks:RebootInstance opsworks:RegisterEcsCluster opsworks:RegisterElasticIp opsworks:RegisterInstance opsworks:RegisterRdsDbInstance opsworks:RegisterVolume opsworks:SetLoadBasedAutoScaling opsworks:SetPermission opsworks:SetTimeBasedAutoScaling opsworks:StartInstance opsworks:StartStack opsworks:StopInstance opsworks:StopStack opsworks:UnassignInstance opsworks:UnassignVolume opsworks:UpdateApp opsworks:UpdateElasticIp opsworks:UpdateInstance opsworks:UpdateLayer opsworks:UpdateMyUserProfile opsworks:UpdateRdsDbInstance opsworks:UpdateStack opsworks:UpdateUserProfile opsworks:UpdateVolume |
| opsworks-cm | opsworks-cm:AssociateNode opsworks-cm:CreateBackup opsworks-cm:CreateServer opsworks-cm:DeleteBackup opsworks-cm:DeleteServer opsworks-cm:DescribeAccountAttributes opsworks-cm:DescribeBackups opsworks-cm:DescribeEvents opsworks-cm:DescribeNodeAssociationStatus opsworks-cm:DescribeServers opsworks-cm:DisassociateNode opsworks-cm:ExportServerEngineAttribute opsworks-cm:RestoreServer opsworks-cm:StartMaintenance opsworks-cm:UpdateServer opsworks-cm:UpdateServerEngineAttributes |
| 組織 | organizations:AcceptHandshake organizations:AttachPolicy organizations:CancelHandshake organizations:CloseAccount organizations:CreateAccount organizations:CreateGovCloudAccount organizations:CreateOrganization organizations:CreateOrganizationalUnit organizations:CreatePolicy organizations:DeclineHandshake organizations:DeleteOrganization organizations:DeleteOrganizationalUnit organizations:DeletePolicy organizations:DeleteResourcePolicy organizations:DeregisterDelegatedAdministrator organizations:DescribeAccount organizations:DescribeCreateAccountStatus organizations:DescribeEffectivePolicy organizations:DescribeHandshake organizations:DescribeOrganization organizations:DescribeOrganizationalUnit organizations:DescribePolicy organizations:DescribeResourcePolicy organizations:DescribeResponsibilityTransfer organizations:DetachPolicy organizations:DisableAWSServiceAccess organizations:DisablePolicyType organizations:EnableAWSServiceAccess organizations:EnableAllFeatures organizations:EnablePolicyType organizations:InviteAccountToOrganization organizations:LeaveOrganization organizations:ListAWSServiceAccessForOrganization organizations:ListAccounts organizations:ListAccountsForParent organizations:ListAccountsWithInvalidEffectivePolicy organizations:ListChildren organizations:ListCreateAccountStatus organizations:ListDelegatedAdministrators organizations:ListDelegatedServicesForAccount organizations:ListHandshakesForAccount organizations:ListHandshakesForOrganization organizations:ListInboundResponsibilityTransfers organizations:ListOrganizationalUnitsForParent organizations:ListOutboundResponsibilityTransfers organizations:ListParents organizations:ListPolicies organizations:ListPoliciesForTarget organizations:ListRoots organizations:ListTargetsForPolicy organizations:MoveAccount organizations:PutResourcePolicy organizations:RegisterDelegatedAdministrator organizations:RemoveAccountFromOrganization organizations:TerminateResponsibilityTransfer organizations:UpdateOrganizationalUnit organizations:UpdatePolicy organizations:UpdateResponsibilityTransfer |
| outposts | outposts:CancelCapacityTask outposts:CancelOrder outposts:CreateOrder outposts:CreateOutpost outposts:CreatePrivateConnectivityConfig outposts:CreateSite outposts:DeleteOutpost outposts:DeleteSite outposts:GetCapacityTask outposts:GetCatalogItem outposts:GetConnection outposts:GetOrder outposts:GetOutpost outposts:GetOutpostBillingInformation outposts:GetOutpostInstanceTypes outposts:GetOutpostSupportedInstanceTypes outposts:GetPrivateConnectivityConfig outposts:GetSite outposts:GetSiteAddress outposts:ListAssetInstances outposts:ListAssets outposts:ListBlockingInstancesForCapacityTask outposts:ListCapacityTasks outposts:ListCatalogItems outposts:ListOrders outposts:ListOutposts outposts:ListSites outposts:StartCapacityTask outposts:StartConnection outposts:UpdateOutpost outposts:UpdateSite outposts:UpdateSiteAddress outposts:UpdateSiteRackPhysicalProperties |
| panorama | panorama:CreateApplicationInstance panorama:CreateJobForDevices panorama:CreateNodeFromTemplateJob panorama:CreatePackage panorama:CreatePackageImportJob panorama:DeleteDevice panorama:DeletePackage panorama:DeregisterPackageVersion panorama:DescribeApplicationInstance panorama:DescribeApplicationInstanceDetails panorama:DescribeDevice panorama:DescribeDeviceJob panorama:DescribeNode panorama:DescribeNodeFromTemplateJob panorama:DescribePackage panorama:DescribePackageImportJob panorama:DescribePackageVersion panorama:ListApplicationInstanceDependencies panorama:ListApplicationInstanceNodeInstances panorama:ListApplicationInstances panorama:ListDevices panorama:ListDevicesJobs panorama:ListNodeFromTemplateJobs panorama:ListNodes panorama:ListPackageImportJobs panorama:ListPackages panorama:ProvisionDevice panorama:RegisterPackageVersion panorama:RemoveApplicationInstance panorama:SignalApplicationInstanceNodeInstances panorama:UpdateDeviceMetadata |
| pi | pi:CreatePerformanceAnalysisReport pi:DeletePerformanceAnalysisReport pi:DescribeDimensionKeys pi:GetDimensionKeyDetails pi:GetPerformanceAnalysisReport pi:GetResourceMetadata pi:GetResourceMetrics pi:ListAvailableResourceDimensions pi:ListAvailableResourceMetrics pi:ListPerformanceAnalysisReports |
| pipes | pipes:CreatePipe pipes:DeletePipe pipes:DescribePipe pipes:ListPipes pipes:StartPipe pipes:StopPipe pipes:UpdatePipe |
| polly | polly:DeleteLexicon polly:DescribeVoices polly:GetLexicon polly:GetSpeechSynthesisTask polly:ListLexicons polly:ListSpeechSynthesisTasks polly:PutLexicon polly:StartSpeechSynthesisTask polly:SynthesizeSpeech |
| profile | profile:AddProfileKey profile:BatchGetCalculatedAttributeForProfile profile:BatchGetProfile profile:CreateCalculatedAttributeDefinition profile:CreateDomain profile:CreateEventStream profile:CreateProfile profile:CreateRecommender profile:CreateSegmentDefinition profile:CreateSegmentEstimate profile:CreateSegmentSnapshot profile:CreateUploadJob profile:DeleteCalculatedAttributeDefinition profile:DeleteDomain profile:DeleteDomainObjectType profile:DeleteEventStream profile:DeleteIntegration profile:DeleteProfile profile:DeleteProfileKey profile:DeleteProfileObject profile:DeleteProfileObjectType profile:DeleteRecommender profile:DeleteSegmentDefinition profile:DeleteWorkflow profile:DetectProfileObjectType profile:GetAutoMergingPreview profile:GetCalculatedAttributeDefinition profile:GetCalculatedAttributeForProfile profile:GetDomain profile:GetDomainObjectType profile:GetEventStream profile:GetIdentityResolutionJob profile:GetIntegration profile:GetMatches profile:GetObjectTypeAttributeStatistics profile:GetProfileObjectType profile:GetProfileObjectTypeTemplate profile:GetProfileRecommendations profile:GetRecommender profile:GetSegmentDefinition profile:GetSegmentEstimate profile:GetSegmentMembership profile:GetSegmentSnapshot profile:GetSimilarProfiles profile:GetUploadJob profile:GetUploadJobPath profile:GetWorkflow profile:GetWorkflowSteps profile:ListAccountIntegrations profile:ListCalculatedAttributeDefinitions profile:ListCalculatedAttributesForProfile profile:ListDomainLayouts profile:ListDomainObjectTypes profile:ListDomains profile:ListEventStreams profile:ListIdentityResolutionJobs profile:ListIntegrations profile:ListObjectTypeAttributeValues profile:ListObjectTypeAttributes profile:ListProfileAttributeValues profile:ListProfileObjectTypeTemplates profile:ListProfileObjectTypes profile:ListProfileObjects profile:ListRecommenderRecipes profile:ListRecommenders profile:ListRuleBasedMatches profile:ListSegmentDefinitions profile:ListUploadJobs profile:ListWorkflows profile:MergeProfiles profile:PutDomainObjectType profile:PutIntegration profile:PutProfileObject profile:PutProfileObjectType profile:SearchProfiles profile:StartRecommender profile:StartUploadJob profile:StopRecommender profile:StopUploadJob profile:UpdateCalculatedAttributeDefinition profile:UpdateDomain profile:UpdateProfile profile:UpdateRecommender |
| qldb | qldb:CancelJournalKinesisStream qldb:CreateLedger qldb:DeleteLedger qldb:DescribeJournalKinesisStream qldb:DescribeJournalS3Export qldb:DescribeLedger qldb:ExportJournalToS3 qldb:GetBlock qldb:GetDigest qldb:GetRevision qldb:ListJournalKinesisStreamsForLedger qldb:ListJournalS3Exports qldb:ListJournalS3ExportsForLedger qldb:ListLedgers qldb:StreamJournalToKinesis qldb:UpdateLedger qldb:UpdateLedgerPermissionsMode |
| ram | ram:AcceptResourceShareInvitation ram:AssociateResourceShare ram:AssociateResourceSharePermission ram:CreatePermission ram:CreatePermissionVersion ram:CreateResourceShare ram:DeletePermission ram:DeletePermissionVersion ram:DeleteResourceShare ram:DisassociateResourceShare ram:DisassociateResourceSharePermission ram:EnableSharingWithAwsOrganization ram:GetPermission ram:GetResourcePolicies ram:GetResourceShareAssociations ram:GetResourceShareInvitations ram:GetResourceShares ram:ListPendingInvitationResources ram:ListPermissionAssociations ram:ListPermissionVersions ram:ListPermissions ram:ListPrincipals ram:ListReplacePermissionAssociationsWork ram:ListResourceSharePermissions ram:ListResourceTypes ram:ListResources ram:PromotePermissionCreatedFromPolicy ram:PromoteResourceShareCreatedFromPolicy ram:RejectResourceShareInvitation ram:ReplacePermissionAssociations ram:SetDefaultPermissionVersion ram:UpdateResourceShare |
| rbin | rbin:CreateRule rbin:DeleteRule rbin:GetRule rbin:ListRules rbin:LockRule rbin:UnlockRule rbin:UpdateRule |
| rds | rds:AddRoleToDBCluster rds:AddRoleToDBInstance rds:AddSourceIdentifierToSubscription rds:ApplyPendingMaintenanceAction rds:AuthorizeDBSecurityGroupIngress rds:BacktrackDBCluster rds:CancelExportTask rds:CopyDBClusterParameterGroup rds:CopyDBClusterSnapshot rds:CopyDBParameterGroup rds:CopyDBSnapshot rds:CopyOptionGroup rds:CreateCustomDBEngineVersion rds:CreateDBClusterParameterGroup rds:CreateDBParameterGroup rds:CreateDBProxy rds:CreateDBProxyEndpoint rds:CreateDBSecurityGroup rds:CreateDBSubnetGroup rds:CreateEventSubscription rds:CreateGlobalCluster rds:CreateOptionGroup rds:DeleteBlueGreenDeployment rds:DeleteDBClusterAutomatedBackup rds:DeleteDBClusterParameterGroup rds:DeleteDBClusterSnapshot rds:DeleteDBInstanceAutomatedBackup rds:DeleteDBParameterGroup rds:DeleteDBProxy rds:DeleteDBProxyEndpoint rds:DeleteDBSecurityGroup rds:DeleteDBSnapshot rds:DeleteDBSubnetGroup rds:DeleteEventSubscription rds:DeleteGlobalCluster rds:DeleteOptionGroup rds:DeregisterDBProxyTargets rds:DescribeAccountAttributes rds:DescribeBlueGreenDeployments rds:DescribeCertificates rds:DescribeDBClusterAutomatedBackups rds:DescribeDBClusterBacktracks rds:DescribeDBClusterEndpoints rds:DescribeDBClusterParameterGroups rds:DescribeDBClusterParameters rds:DescribeDBClusterSnapshotAttributes rds:DescribeDBClusterSnapshots rds:DescribeDBClusters rds:DescribeDBEngineVersions rds:DescribeDBInstanceAutomatedBackups rds:DescribeDBInstances rds:DescribeDBLogFiles rds:DescribeDBMajorEngineVersions rds:DescribeDBParameterGroups rds:DescribeDBParameters rds:DescribeDBProxies rds:DescribeDBProxyEndpoints rds:DescribeDBProxyTargetGroups rds:DescribeDBProxyTargets rds:DescribeDBRecommendations rds:DescribeDBSecurityGroups rds:DescribeDBSnapshotAttributes rds:DescribeDBSnapshotTenantDatabases rds:DescribeDBSnapshots rds:DescribeDBSubnetGroups rds:DescribeEngineDefaultClusterParameters rds:DescribeEngineDefaultParameters rds:DescribeEventCategories rds:DescribeEventSubscriptions rds:DescribeEvents rds:DescribeExportTasks rds:DescribeGlobalClusters rds:DescribeIntegrations rds:DescribeOptionGroupOptions rds:DescribeOptionGroups rds:DescribeOrderableDBInstanceOptions rds:DescribePendingMaintenanceActions rds:DescribeReservedDBInstances rds:DescribeReservedDBInstancesOfferings rds:DescribeSourceRegions rds:DescribeTenantDatabases rds:DescribeValidDBInstanceModifications rds:DownloadCompleteDBLogFile rds:DownloadDBLogFilePortion rds:FailoverDBCluster rds:FailoverGlobalCluster rds:ModifyActivityStream rds:ModifyCertificates rds:ModifyCurrentDBClusterCapacity rds:ModifyDBClusterEndpoint rds:ModifyDBClusterParameterGroup rds:ModifyDBClusterSnapshotAttribute rds:ModifyDBParameterGroup rds:ModifyDBProxy rds:ModifyDBProxyEndpoint rds:ModifyDBProxyTargetGroup rds:ModifyDBRecommendation rds:ModifyDBSnapshot rds:ModifyDBSnapshotAttribute rds:ModifyDBSubnetGroup rds:ModifyEventSubscription rds:ModifyGlobalCluster rds:ModifyOptionGroup rds:ModifyTenantDatabase rds:PurchaseReservedDBInstancesOffering rds:RebootDBCluster rds:RegisterDBProxyTargets rds:RemoveFromGlobalCluster rds:RemoveRoleFromDBCluster rds:RemoveRoleFromDBInstance rds:RemoveSourceIdentifierFromSubscription rds:ResetDBClusterParameterGroup rds:ResetDBParameterGroup rds:RestoreDBClusterFromS3 rds:RestoreDBClusterFromSnapshot rds:RestoreDBClusterToPointInTime rds:RestoreDBInstanceFromDBSnapshot rds:RestoreDBInstanceFromS3 rds:RestoreDBInstanceToPointInTime rds:RevokeDBSecurityGroupIngress rds:StartActivityStream rds:StartDBCluster rds:StartDBInstance rds:StartDBInstanceAutomatedBackupsReplication rds:StartExportTask rds:StopActivityStream rds:StopDBCluster rds:StopDBInstance rds:StopDBInstanceAutomatedBackupsReplication rds:SwitchoverBlueGreenDeployment rds:SwitchoverGlobalCluster rds:SwitchoverReadReplica |
| redshift | redshift:AcceptReservedNodeExchange redshift:AddPartner redshift:AssociateDataShareConsumer redshift:AuthorizeClusterSecurityGroupIngress redshift:AuthorizeDataShare redshift:AuthorizeEndpointAccess redshift:AuthorizeSnapshotAccess redshift:BatchDeleteClusterSnapshots redshift:BatchModifyClusterSnapshots redshift:CancelQuery redshift:CancelResize redshift:CopyClusterSnapshot redshift:CreateAuthenticationProfile redshift:CreateCluster redshift:CreateClusterParameterGroup redshift:CreateClusterSecurityGroup redshift:CreateClusterSnapshot redshift:CreateClusterSubnetGroup redshift:CreateCustomDomainAssociation redshift:CreateEndpointAccess redshift:CreateEventSubscription redshift:CreateHsmClientCertificate redshift:CreateHsmConfiguration redshift:CreateIntegration redshift:CreateRedshiftIdcApplication redshift:CreateScheduledAction redshift:CreateSnapshotCopyGrant redshift:CreateSnapshotSchedule redshift:CreateUsageLimit redshift:DeauthorizeDataShare redshift:DeleteAuthenticationProfile redshift:DeleteCluster redshift:DeleteClusterParameterGroup redshift:DeleteClusterSecurityGroup redshift:DeleteClusterSnapshot redshift:DeleteClusterSubnetGroup redshift:DeleteCustomDomainAssociation redshift:DeleteEndpointAccess redshift:DeleteEventSubscription redshift:DeleteHsmClientCertificate redshift:DeleteHsmConfiguration redshift:DeletePartner redshift:DeleteRedshiftIdcApplication redshift:DeleteResourcePolicy redshift:DeleteScheduledAction redshift:DeleteSnapshotCopyGrant redshift:DeleteSnapshotSchedule redshift:DeleteUsageLimit redshift:DeregisterNamespace redshift:DescribeAccountAttributes redshift:DescribeAuthenticationProfiles redshift:DescribeClusterDbRevisions redshift:DescribeClusterParameterGroups redshift:DescribeClusterParameters redshift:DescribeClusterSecurityGroups redshift:DescribeClusterSnapshots redshift:DescribeClusterSubnetGroups redshift:DescribeClusterTracks redshift:DescribeClusterVersions redshift:DescribeClusters redshift:DescribeCustomDomainAssociations redshift:DescribeDataShares redshift:DescribeDataSharesForConsumer redshift:DescribeDataSharesForProducer redshift:DescribeDefaultClusterParameters redshift:DescribeEndpointAccess redshift:DescribeEndpointAuthorization redshift:DescribeEventCategories redshift:DescribeEventSubscriptions redshift:DescribeEvents redshift:DescribeHsmClientCertificates redshift:DescribeHsmConfigurations redshift:DescribeInboundIntegrations redshift:DescribeIntegrations redshift:DescribeLoggingStatus redshift:DescribeNodeConfigurationOptions redshift:DescribeOrderableClusterOptions redshift:DescribePartners redshift:DescribeRedshiftIdcApplications redshift:DescribeReservedNodeExchangeStatus redshift:DescribeReservedNodeOfferings redshift:DescribeReservedNodes redshift:DescribeResize redshift:DescribeScheduledActions redshift:DescribeSnapshotCopyGrants redshift:DescribeSnapshotSchedules redshift:DescribeStorage redshift:DescribeTableRestoreStatus redshift:DescribeUsageLimits redshift:DisableLogging redshift:DisableSnapshotCopy redshift:DisassociateDataShareConsumer redshift:EnableLogging redshift:EnableSnapshotCopy redshift:FailoverPrimaryCompute redshift:GetClusterCredentials redshift:GetClusterCredentialsWithIAM redshift:GetIdentityCenterAuthToken redshift:GetReservedNodeExchangeConfigurationOptions redshift:GetReservedNodeExchangeOfferings redshift:GetResourcePolicy redshift:ListRecommendations redshift:ModifyAquaConfiguration redshift:ModifyAuthenticationProfile redshift:ModifyCluster redshift:ModifyClusterDbRevision redshift:ModifyClusterIamRoles redshift:ModifyClusterMaintenance redshift:ModifyClusterParameterGroup redshift:ModifyClusterSnapshot redshift:ModifyClusterSnapshotSchedule redshift:ModifyClusterSubnetGroup redshift:ModifyCustomDomainAssociation redshift:ModifyEndpointAccess redshift:ModifyEventSubscription redshift:ModifyRedshiftIdcApplication redshift:ModifyScheduledAction redshift:ModifySnapshotCopyRetentionPeriod redshift:ModifySnapshotSchedule redshift:ModifyUsageLimit redshift:PauseCluster redshift:PurchaseReservedNodeOffering redshift:PutResourcePolicy redshift:RebootCluster redshift:RegisterNamespace redshift:RejectDataShare redshift:ResetClusterParameterGroup redshift:ResizeCluster redshift:RestoreFromClusterSnapshot redshift:RestoreTableFromClusterSnapshot redshift:ResumeCluster redshift:RevokeClusterSecurityGroupIngress redshift:RevokeEndpointAccess redshift:RevokeSnapshotAccess redshift:RotateEncryptionKey redshift:UpdatePartnerStatus |
| redshift-data | redshift-data:BatchExecuteStatement redshift-data:CancelStatement redshift-data:DescribeStatement redshift-data:DescribeTable redshift-data:ExecuteStatement redshift-data:GetStatementResult redshift-data:ListDatabases redshift-data:ListSchemas redshift-data:ListStatements redshift-data:ListTables |
| refactor-spaces | refactor-spaces:CreateApplication refactor-spaces:CreateEnvironment refactor-spaces:CreateRoute refactor-spaces:CreateService refactor-spaces:DeleteApplication refactor-spaces:DeleteEnvironment refactor-spaces:DeleteResourcePolicy refactor-spaces:DeleteRoute refactor-spaces:DeleteService refactor-spaces:GetApplication refactor-spaces:GetEnvironment refactor-spaces:GetResourcePolicy refactor-spaces:GetRoute refactor-spaces:GetService refactor-spaces:ListApplications refactor-spaces:ListEnvironmentVpcs refactor-spaces:ListEnvironments refactor-spaces:ListRoutes refactor-spaces:ListServices refactor-spaces:PutResourcePolicy refactor-spaces:UpdateRoute |
| rekognition | rekognition:AssociateFaces rekognition:CompareFaces rekognition:CopyProjectVersion rekognition:CreateCollection rekognition:CreateDataset rekognition:CreateFaceLivenessSession rekognition:CreateProject rekognition:CreateProjectVersion rekognition:CreateStreamProcessor rekognition:CreateUser rekognition:DeleteCollection rekognition:DeleteDataset rekognition:DeleteFaces rekognition:DeleteProject rekognition:DeleteProjectPolicy rekognition:DeleteProjectVersion rekognition:DeleteStreamProcessor rekognition:DeleteUser rekognition:DescribeCollection rekognition:DescribeDataset rekognition:DescribeProjectVersions rekognition:DescribeProjects rekognition:DescribeStreamProcessor rekognition:DetectCustomLabels rekognition:DetectFaces rekognition:DetectLabels rekognition:DetectModerationLabels rekognition:DetectProtectiveEquipment rekognition:DetectText rekognition:DisassociateFaces rekognition:DistributeDatasetEntries rekognition:GetCelebrityInfo rekognition:GetCelebrityRecognition rekognition:GetContentModeration rekognition:GetFaceDetection rekognition:GetFaceLivenessSessionResults rekognition:GetFaceSearch rekognition:GetLabelDetection rekognition:GetMediaAnalysisJob rekognition:GetPersonTracking rekognition:GetSegmentDetection rekognition:GetTextDetection rekognition:IndexFaces rekognition:ListCollections rekognition:ListDatasetEntries rekognition:ListDatasetLabels rekognition:ListFaces rekognition:ListMediaAnalysisJobs rekognition:ListProjectPolicies rekognition:ListStreamProcessors rekognition:ListUsers rekognition:PutProjectPolicy rekognition:RecognizeCelebrities rekognition:SearchFaces rekognition:SearchFacesByImage rekognition:SearchUsers rekognition:SearchUsersByImage rekognition:StartCelebrityRecognition rekognition:StartContentModeration rekognition:StartFaceDetection rekognition:StartFaceLivenessSession rekognition:StartFaceSearch rekognition:StartLabelDetection rekognition:StartMediaAnalysisJob rekognition:StartPersonTracking rekognition:StartProjectVersion rekognition:StartSegmentDetection rekognition:StartStreamProcessor rekognition:StartTextDetection rekognition:StopProjectVersion rekognition:StopStreamProcessor rekognition:UpdateDatasetEntries rekognition:UpdateStreamProcessor |
| resiliencehub | resiliencehub:AcceptResourceGroupingRecommendations resiliencehub:AddDraftAppVersionResourceMappings resiliencehub:BatchUpdateRecommendationStatus resiliencehub:CreateApp resiliencehub:CreateAppVersionAppComponent resiliencehub:CreateAppVersionResource resiliencehub:CreateRecommendationTemplate resiliencehub:CreateResiliencyPolicy resiliencehub:DeleteApp resiliencehub:DeleteAppAssessment resiliencehub:DeleteAppInputSource resiliencehub:DeleteAppVersionAppComponent resiliencehub:DeleteAppVersionResource resiliencehub:DeleteRecommendationTemplate resiliencehub:DeleteResiliencyPolicy resiliencehub:DescribeApp resiliencehub:DescribeAppAssessment resiliencehub:DescribeAppVersion resiliencehub:DescribeAppVersionAppComponent resiliencehub:DescribeAppVersionResource resiliencehub:DescribeAppVersionResourcesResolutionStatus resiliencehub:DescribeAppVersionTemplate resiliencehub:DescribeDraftAppVersionResourcesImportStatus resiliencehub:DescribeMetricsExport resiliencehub:DescribeResiliencyPolicy resiliencehub:DescribeResourceGroupingRecommendationTask resiliencehub:ImportResourcesToDraftAppVersion resiliencehub:ListAlarmRecommendations resiliencehub:ListAppAssessmentComplianceDrifts resiliencehub:ListAppAssessmentResourceDrifts resiliencehub:ListAppAssessments resiliencehub:ListAppComponentCompliances resiliencehub:ListAppComponentRecommendations resiliencehub:ListAppInputSources resiliencehub:ListAppVersionAppComponents resiliencehub:ListAppVersionResourceMappings resiliencehub:ListAppVersionResources resiliencehub:ListAppVersions resiliencehub:ListApps resiliencehub:ListMetrics resiliencehub:ListRecommendationTemplates resiliencehub:ListResiliencyPolicies resiliencehub:ListResourceGroupingRecommendations resiliencehub:ListSopRecommendations resiliencehub:ListSuggestedResiliencyPolicies resiliencehub:ListTestRecommendations resiliencehub:ListUnsupportedAppVersionResources resiliencehub:PublishAppVersion resiliencehub:PutDraftAppVersionTemplate resiliencehub:RejectResourceGroupingRecommendations resiliencehub:RemoveDraftAppVersionResourceMappings resiliencehub:ResolveAppVersionResources resiliencehub:StartAppAssessment resiliencehub:StartResourceGroupingRecommendationTask resiliencehub:UpdateApp resiliencehub:UpdateAppVersion resiliencehub:UpdateAppVersionAppComponent resiliencehub:UpdateAppVersionResource resiliencehub:UpdateResiliencyPolicy |
| resource-explorer-2 | resource-explorer-2:AssociateDefaultView resource-explorer-2:BatchGetView resource-explorer-2:CreateIndex resource-explorer-2:CreateResourceExplorerSetup resource-explorer-2:CreateView resource-explorer-2:DeleteIndex resource-explorer-2:DeleteResourceExplorerSetup resource-explorer-2:DeleteView resource-explorer-2:DisassociateDefaultView resource-explorer-2:GetAccountLevelServiceConfiguration resource-explorer-2:GetDefaultView resource-explorer-2:GetIndex resource-explorer-2:GetManagedView resource-explorer-2:GetResourceExplorerSetup resource-explorer-2:GetServiceIndex resource-explorer-2:GetServiceView resource-explorer-2:ListIndexes resource-explorer-2:ListIndexesForMembers resource-explorer-2:ListManagedViews resource-explorer-2:ListServiceIndexes resource-explorer-2:ListServiceViews resource-explorer-2:ListStreamingAccessForServices resource-explorer-2:ListSupportedResourceTypes resource-explorer-2:ListViews resource-explorer-2:Search resource-explorer-2:UpdateIndexType resource-explorer-2:UpdateView |
| resource-groups | resource-groups:CancelTagSyncTask resource-groups:GetAccountSettings resource-groups:GetGroup resource-groups:GetGroupConfiguration resource-groups:GetGroupQuery resource-groups:GetTagSyncTask resource-groups:GroupResources resource-groups:ListGroupResources resource-groups:ListGroupingStatuses resource-groups:ListGroups resource-groups:ListTagSyncTasks resource-groups:PutGroupConfiguration resource-groups:SearchResources resource-groups:StartTagSyncTask resource-groups:UngroupResources resource-groups:UpdateAccountSettings resource-groups:UpdateGroup resource-groups:UpdateGroupQuery |
| robomaker | robomaker:BatchDeleteWorlds robomaker:BatchDescribeSimulationJob robomaker:CancelDeploymentJob robomaker:CancelSimulationJob robomaker:CancelSimulationJobBatch robomaker:CancelWorldExportJob robomaker:CancelWorldGenerationJob robomaker:CreateDeploymentJob robomaker:CreateFleet robomaker:CreateRobot robomaker:CreateRobotApplication robomaker:CreateRobotApplicationVersion robomaker:CreateSimulationApplication robomaker:CreateSimulationApplicationVersion robomaker:CreateSimulationJob robomaker:CreateWorldExportJob robomaker:CreateWorldGenerationJob robomaker:CreateWorldTemplate robomaker:DeleteFleet robomaker:DeleteRobot robomaker:DeleteRobotApplication robomaker:DeleteSimulationApplication robomaker:DeleteWorldTemplate robomaker:DeregisterRobot robomaker:DescribeDeploymentJob robomaker:DescribeFleet robomaker:DescribeRobot robomaker:DescribeRobotApplication robomaker:DescribeSimulationApplication robomaker:DescribeSimulationJob robomaker:DescribeSimulationJobBatch robomaker:DescribeWorld robomaker:DescribeWorldExportJob robomaker:DescribeWorldGenerationJob robomaker:DescribeWorldTemplate robomaker:GetWorldTemplateBody robomaker:ListDeploymentJobs robomaker:ListFleets robomaker:ListRobotApplications robomaker:ListRobots robomaker:ListSimulationApplications robomaker:ListSimulationJobBatches robomaker:ListSimulationJobs robomaker:ListWorldExportJobs robomaker:ListWorldGenerationJobs robomaker:ListWorldTemplates robomaker:ListWorlds robomaker:RegisterRobot robomaker:RestartSimulationJob robomaker:StartSimulationJobBatch robomaker:SyncDeploymentJob robomaker:UpdateRobotApplication robomaker:UpdateSimulationApplication robomaker:UpdateWorldTemplate |
| rolesanywhere | rolesanywhere:CreateProfile rolesanywhere:CreateTrustAnchor rolesanywhere:DeleteAttributeMapping rolesanywhere:DeleteCrl rolesanywhere:DeleteProfile rolesanywhere:DeleteTrustAnchor rolesanywhere:DisableCrl rolesanywhere:DisableProfile rolesanywhere:DisableTrustAnchor rolesanywhere:EnableCrl rolesanywhere:EnableProfile rolesanywhere:EnableTrustAnchor rolesanywhere:GetCrl rolesanywhere:GetProfile rolesanywhere:GetSubject rolesanywhere:GetTrustAnchor rolesanywhere:ImportCrl rolesanywhere:ListCrls rolesanywhere:ListProfiles rolesanywhere:ListSubjects rolesanywhere:ListTrustAnchors rolesanywhere:PutAttributeMapping rolesanywhere:PutNotificationSettings rolesanywhere:ResetNotificationSettings rolesanywhere:UpdateCrl rolesanywhere:UpdateProfile rolesanywhere:UpdateTrustAnchor |
| route53 | route53:ActivateKeySigningKey route53:AssociateVPCWithHostedZone route53:ChangeCidrCollection route53:ChangeResourceRecordSets route53:CreateCidrCollection route53:CreateHealthCheck route53:CreateHostedZone route53:CreateKeySigningKey route53:CreateQueryLoggingConfig route53:CreateReusableDelegationSet route53:CreateTrafficPolicy route53:CreateTrafficPolicyInstance route53:CreateTrafficPolicyVersion route53:CreateVPCAssociationAuthorization route53:DeactivateKeySigningKey route53:DeleteCidrCollection route53:DeleteHealthCheck route53:DeleteHostedZone route53:DeleteKeySigningKey route53:DeleteQueryLoggingConfig route53:DeleteReusableDelegationSet route53:DeleteTrafficPolicy route53:DeleteTrafficPolicyInstance route53:DeleteVPCAssociationAuthorization route53:DisableHostedZoneDNSSEC route53:DisassociateVPCFromHostedZone route53:EnableHostedZoneDNSSEC route53:GetAccountLimit route53:GetChange route53:GetCheckerIpRanges route53:GetDNSSEC route53:GetGeoLocation route53:GetHealthCheck route53:GetHealthCheckCount route53:GetHealthCheckLastFailureReason route53:GetHealthCheckStatus route53:GetHostedZone route53:GetHostedZoneCount route53:GetHostedZoneLimit route53:GetQueryLoggingConfig route53:GetReusableDelegationSet route53:GetReusableDelegationSetLimit route53:GetTrafficPolicy route53:GetTrafficPolicyInstance route53:GetTrafficPolicyInstanceCount route53:ListCidrBlocks route53:ListCidrCollections route53:ListCidrLocations route53:ListGeoLocations route53:ListHealthChecks route53:ListHostedZones route53:ListHostedZonesByName route53:ListHostedZonesByVPC route53:ListQueryLoggingConfigs route53:ListResourceRecordSets route53:ListReusableDelegationSets route53:ListTrafficPolicies route53:ListTrafficPolicyInstances route53:ListTrafficPolicyInstancesByHostedZone route53:ListTrafficPolicyInstancesByPolicy route53:ListTrafficPolicyVersions route53:ListVPCAssociationAuthorizations route53:TestDNSAnswer route53:UpdateHealthCheck route53:UpdateHostedZoneComment route53:UpdateTrafficPolicyComment route53:UpdateTrafficPolicyInstance |
| route53-recovery-control-config | route53-recovery-control-config:CreateCluster route53-recovery-control-config:CreateControlPanel route53-recovery-control-config:CreateRoutingControl route53-recovery-control-config:CreateSafetyRule route53-recovery-control-config:DeleteCluster route53-recovery-control-config:DeleteControlPanel route53-recovery-control-config:DeleteRoutingControl route53-recovery-control-config:DeleteSafetyRule route53-recovery-control-config:DescribeCluster route53-recovery-control-config:DescribeControlPanel route53-recovery-control-config:DescribeRoutingControl route53-recovery-control-config:DescribeSafetyRule route53-recovery-control-config:GetResourcePolicy route53-recovery-control-config:ListAssociatedRoute53HealthChecks route53-recovery-control-config:ListClusters route53-recovery-control-config:ListControlPanels route53-recovery-control-config:ListRoutingControls route53-recovery-control-config:ListSafetyRules route53-recovery-control-config:UpdateCluster route53-recovery-control-config:UpdateControlPanel route53-recovery-control-config:UpdateRoutingControl route53-recovery-control-config:UpdateSafetyRule |
| route53-recovery-readiness | route53-recovery-readiness:CreateCell route53-recovery-readiness:CreateCrossAccountAuthorization route53-recovery-readiness:CreateReadinessCheck route53-recovery-readiness:CreateRecoveryGroup route53-recovery-readiness:CreateResourceSet route53-recovery-readiness:DeleteCell route53-recovery-readiness:DeleteCrossAccountAuthorization route53-recovery-readiness:DeleteReadinessCheck route53-recovery-readiness:DeleteRecoveryGroup route53-recovery-readiness:DeleteResourceSet route53-recovery-readiness:GetArchitectureRecommendations route53-recovery-readiness:GetCell route53-recovery-readiness:GetCellReadinessSummary route53-recovery-readiness:GetReadinessCheck route53-recovery-readiness:GetReadinessCheckResourceStatus route53-recovery-readiness:GetReadinessCheckStatus route53-recovery-readiness:GetRecoveryGroup route53-recovery-readiness:GetRecoveryGroupReadinessSummary route53-recovery-readiness:GetResourceSet route53-recovery-readiness:ListCells route53-recovery-readiness:ListCrossAccountAuthorizations route53-recovery-readiness:ListReadinessChecks route53-recovery-readiness:ListRecoveryGroups route53-recovery-readiness:ListResourceSets route53-recovery-readiness:ListRules route53-recovery-readiness:UpdateCell route53-recovery-readiness:UpdateReadinessCheck route53-recovery-readiness:UpdateRecoveryGroup route53-recovery-readiness:UpdateResourceSet |
| route53resolver | route53resolver:AssociateFirewallRuleGroup route53resolver:AssociateResolverEndpointIpAddress route53resolver:AssociateResolverQueryLogConfig route53resolver:AssociateResolverRule route53resolver:CreateFirewallDomainList route53resolver:CreateFirewallRule route53resolver:CreateFirewallRuleGroup route53resolver:CreateResolverEndpoint route53resolver:CreateResolverQueryLogConfig route53resolver:CreateResolverRule route53resolver:DeleteFirewallDomainList route53resolver:DeleteFirewallRule route53resolver:DeleteFirewallRuleGroup route53resolver:DeleteOutpostResolver route53resolver:DeleteResolverEndpoint route53resolver:DeleteResolverQueryLogConfig route53resolver:DeleteResolverRule route53resolver:DisassociateFirewallRuleGroup route53resolver:DisassociateResolverEndpointIpAddress route53resolver:DisassociateResolverQueryLogConfig route53resolver:DisassociateResolverRule route53resolver:GetFirewallConfig route53resolver:GetFirewallDomainList route53resolver:GetFirewallRuleGroup route53resolver:GetFirewallRuleGroupAssociation route53resolver:GetFirewallRuleGroupPolicy route53resolver:GetOutpostResolver route53resolver:GetResolverConfig route53resolver:GetResolverDnssecConfig route53resolver:GetResolverEndpoint route53resolver:GetResolverQueryLogConfig route53resolver:GetResolverQueryLogConfigAssociation route53resolver:GetResolverQueryLogConfigPolicy route53resolver:GetResolverRule route53resolver:GetResolverRuleAssociation route53resolver:GetResolverRulePolicy route53resolver:ImportFirewallDomains route53resolver:ListFirewallConfigs route53resolver:ListFirewallDomainLists route53resolver:ListFirewallDomains route53resolver:ListFirewallRuleGroupAssociations route53resolver:ListFirewallRuleGroups route53resolver:ListFirewallRules route53resolver:ListOutpostResolvers route53resolver:ListResolverConfigs route53resolver:ListResolverDnssecConfigs route53resolver:ListResolverEndpointIpAddresses route53resolver:ListResolverEndpoints route53resolver:ListResolverQueryLogConfigAssociations route53resolver:ListResolverQueryLogConfigs route53resolver:ListResolverRuleAssociations route53resolver:ListResolverRules route53resolver:PutFirewallRuleGroupPolicy route53resolver:PutResolverQueryLogConfigPolicy route53resolver:UpdateFirewallConfig route53resolver:UpdateFirewallDomains route53resolver:UpdateFirewallRule route53resolver:UpdateFirewallRuleGroupAssociation route53resolver:UpdateOutpostResolver route53resolver:UpdateResolverConfig route53resolver:UpdateResolverDnssecConfig route53resolver:UpdateResolverEndpoint route53resolver:UpdateResolverRule |
| rum | rum:BatchCreateRumMetricDefinitions rum:BatchDeleteRumMetricDefinitions rum:BatchGetRumMetricDefinitions rum:CreateAppMonitor rum:DeleteAppMonitor rum:DeleteResourcePolicy rum:DeleteRumMetricsDestination rum:GetAppMonitor rum:GetAppMonitorData rum:GetResourcePolicy rum:ListAppMonitors rum:ListRumMetricsDestinations rum:PutResourcePolicy rum:PutRumMetricsDestination rum:UpdateAppMonitor rum:UpdateRumMetricDefinition |
| s3 | s3:AssociateAccessGrantsIdentityCenter s3:CreateAccessGrant s3:CreateAccessGrantsInstance s3:CreateAccessGrantsLocation s3:CreateAccessPoint s3:CreateAccessPointForObjectLambda s3:CreateBucket s3:CreateBucketMetadataTableConfiguration s3:CreateJob s3:CreateMultiRegionAccessPoint s3:DeleteAccessGrant s3:DeleteAccessGrantsInstance s3:DeleteAccessGrantsInstanceResourcePolicy s3:DeleteAccessGrantsLocation s3:DeleteAccessPoint s3:DeleteAccessPointForObjectLambda s3:DeleteAccessPointPolicy s3:DeleteAccessPointPolicyForObjectLambda s3:DeleteBucket s3:DeleteBucketMetadataTableConfiguration s3:DeleteBucketPolicy s3:DeleteBucketWebsite s3:DeleteMultiRegionAccessPoint s3:DeleteStorageLensConfiguration s3:DescribeJob s3:DescribeMultiRegionAccessPointOperation s3:DissociateAccessGrantsIdentityCenter s3:GetAccelerateConfiguration s3:GetAccessGrant s3:GetAccessGrantsInstance s3:GetAccessGrantsInstanceForPrefix s3:GetAccessGrantsInstanceResourcePolicy s3:GetAccessGrantsLocation s3:GetAccessPoint s3:GetAccessPointConfigurationForObjectLambda s3:GetAccessPointForObjectLambda s3:GetAccessPointPolicy s3:GetAccessPointPolicyForObjectLambda s3:GetAccessPointPolicyStatus s3:GetAccessPointPolicyStatusForObjectLambda s3:GetAccountPublicAccessBlock s3:GetAnalyticsConfiguration s3:GetBucketAbac s3:GetBucketAcl s3:GetBucketCORS s3:GetBucketLocation s3:GetBucketLogging s3:GetBucketNotification s3:GetBucketObjectLockConfiguration s3:GetBucketOwnershipControls s3:GetBucketPolicy s3:GetBucketPolicyStatus s3:GetBucketPublicAccessBlock s3:GetBucketRequestPayment s3:GetBucketVersioning s3:GetBucketWebsite s3:GetDataAccess s3:GetEncryptionConfiguration s3:GetIntelligentTieringConfiguration s3:GetInventoryConfiguration s3:GetLifecycleConfiguration s3:GetMetricsConfiguration s3:GetMultiRegionAccessPoint s3:GetMultiRegionAccessPointPolicy s3:GetMultiRegionAccessPointPolicyStatus s3:GetMultiRegionAccessPointRoutes s3:GetReplicationConfiguration s3:GetStorageLensConfiguration s3:GetStorageLensDashboard s3:ListAccessGrants s3:ListAccessGrantsInstances s3:ListAccessGrantsLocations s3:ListAccessPoints s3:ListAccessPointsForObjectLambda s3:ListAllMyBuckets s3:ListBucketMultipartUploads s3:ListCallerAccessGrants s3:ListJobs s3:ListMultiRegionAccessPoints s3:ListStorageLensConfigurations s3:PutAccelerateConfiguration s3:PutAccessGrantsInstanceResourcePolicy s3:PutAccessPointConfigurationForObjectLambda s3:PutAccessPointPolicy s3:PutAccessPointPolicyForObjectLambda s3:PutAccountPublicAccessBlock s3:PutAnalyticsConfiguration s3:PutBucketAbac s3:PutBucketAcl s3:PutBucketCORS s3:PutBucketLogging s3:PutBucketNotification s3:PutBucketObjectLockConfiguration s3:PutBucketOwnershipControls s3:PutBucketPolicy s3:PutBucketPublicAccessBlock s3:PutBucketRequestPayment s3:PutBucketVersioning s3:PutBucketWebsite s3:PutEncryptionConfiguration s3:PutIntelligentTieringConfiguration s3:PutInventoryConfiguration s3:PutLifecycleConfiguration s3:PutMetricsConfiguration s3:PutMultiRegionAccessPointPolicy s3:PutReplicationConfiguration s3:PutStorageLensConfiguration s3:SubmitMultiRegionAccessPointRoutes s3:UpdateAccessGrantsLocation s3:UpdateBucketMetadataJournalTableConfiguration s3:UpdateJobPriority s3:UpdateJobStatus |
| s3-outposts | s3-outposts:CreateEndpoint s3-outposts:DeleteEndpoint s3-outposts:ListEndpoints s3-outposts:ListOutpostsWithS3 s3-outposts:ListSharedEndpoints |
| sagemaker-geospatial | sagemaker-geospatial:DeleteEarthObservationJob sagemaker-geospatial:DeleteVectorEnrichmentJob sagemaker-geospatial:ExportEarthObservationJob sagemaker-geospatial:ExportVectorEnrichmentJob sagemaker-geospatial:GetEarthObservationJob sagemaker-geospatial:GetRasterDataCollection sagemaker-geospatial:GetTile sagemaker-geospatial:GetVectorEnrichmentJob sagemaker-geospatial:ListEarthObservationJobs sagemaker-geospatial:ListRasterDataCollections sagemaker-geospatial:ListVectorEnrichmentJobs sagemaker-geospatial:SearchRasterDataCollection sagemaker-geospatial:StartEarthObservationJob sagemaker-geospatial:StartVectorEnrichmentJob sagemaker-geospatial:StopEarthObservationJob sagemaker-geospatial:StopVectorEnrichmentJob |
| savingsplans | savingsplans:CreateSavingsPlan savingsplans:DeleteQueuedSavingsPlan savingsplans:DescribeSavingsPlanRates savingsplans:DescribeSavingsPlans savingsplans:DescribeSavingsPlansOfferingRates savingsplans:DescribeSavingsPlansOfferings savingsplans:ReturnSavingsPlan |
| schemas | schemas:CreateDiscoverer schemas:CreateRegistry schemas:CreateSchema schemas:DeleteDiscoverer schemas:DeleteRegistry schemas:DeleteResourcePolicy schemas:DeleteSchema schemas:DeleteSchemaVersion schemas:DescribeCodeBinding schemas:DescribeDiscoverer schemas:DescribeRegistry schemas:DescribeSchema schemas:ExportSchema schemas:GetCodeBindingSource schemas:GetDiscoveredSchema schemas:GetResourcePolicy schemas:ListDiscoverers schemas:ListRegistries schemas:ListSchemaVersions schemas:ListSchemas schemas:PutCodeBinding schemas:PutResourcePolicy schemas:SearchSchemas schemas:StartDiscoverer schemas:StopDiscoverer schemas:UpdateDiscoverer schemas:UpdateRegistry schemas:UpdateSchema |
| sdb | sdb:CreateDomain sdb:DeleteDomain sdb:DomainMetadata sdb:ListDomains |
| secretsmanager | secretsmanager:CancelRotateSecret secretsmanager:CreateSecret secretsmanager:DeleteResourcePolicy secretsmanager:DeleteSecret secretsmanager:DescribeSecret secretsmanager:GetRandomPassword secretsmanager:GetResourcePolicy secretsmanager:GetSecretValue secretsmanager:ListSecretVersionIds secretsmanager:ListSecrets secretsmanager:PutResourcePolicy secretsmanager:PutSecretValue secretsmanager:RemoveRegionsFromReplication secretsmanager:ReplicateSecretToRegions secretsmanager:RestoreSecret secretsmanager:RotateSecret secretsmanager:StopReplicationToReplica secretsmanager:UpdateSecret secretsmanager:ValidateResourcePolicy |
| securityhub | securityhub:AcceptAdministratorInvitation securityhub:AcceptInvitation securityhub:BatchDeleteAutomationRules securityhub:BatchDisableStandards securityhub:BatchEnableStandards securityhub:BatchGetAutomationRules securityhub:BatchGetConfigurationPolicyAssociations securityhub:BatchGetSecurityControls securityhub:BatchGetStandardsControlAssociations securityhub:BatchImportFindings securityhub:BatchUpdateAutomationRules securityhub:BatchUpdateFindings securityhub:BatchUpdateStandardsControlAssociations securityhub:ConnectorRegistrationsV2 securityhub:CreateActionTarget securityhub:CreateAggregatorV2 securityhub:CreateAutomationRule securityhub:CreateAutomationRuleV2 securityhub:CreateConfigurationPolicy securityhub:CreateConnectorV2 securityhub:CreateFindingAggregator securityhub:CreateInsight securityhub:CreateMembers securityhub:CreateTicketV2 securityhub:DeclineInvitations securityhub:DeleteActionTarget securityhub:DeleteAggregatorV2 securityhub:DeleteAutomationRuleV2 securityhub:DeleteConfigurationPolicy securityhub:DeleteConnectorV2 securityhub:DeleteFindingAggregator securityhub:DeleteInsight securityhub:DeleteInvitations securityhub:DeleteMembers securityhub:DescribeActionTargets securityhub:DescribeHub securityhub:DescribeOrganizationConfiguration securityhub:DescribeProducts securityhub:DescribeSecurityHubV2 securityhub:DescribeStandards securityhub:DisableImportFindingsForProduct securityhub:DisableOrganizationAdminAccount securityhub:DisableSecurityHub securityhub:DisableSecurityHubV2 securityhub:DisassociateFromAdministratorAccount securityhub:DisassociateFromMasterAccount securityhub:DisassociateMembers securityhub:EnableImportFindingsForProduct securityhub:EnableOrganizationAdminAccount securityhub:EnableSecurityHub securityhub:GetAdministratorAccount securityhub:GetAggregatorV2 securityhub:GetAutomationRuleV2 securityhub:GetConfigurationPolicy securityhub:GetConfigurationPolicyAssociation securityhub:GetConnectorV2 securityhub:GetEnabledStandards securityhub:GetFindingAggregator securityhub:GetFindingHistory securityhub:GetFindings securityhub:GetInsightResults securityhub:GetInsights securityhub:GetInvitationsCount securityhub:GetMasterAccount securityhub:GetMembers securityhub:GetSecurityControlDefinition securityhub:InviteMembers securityhub:ListAggregatorsV2 securityhub:ListAutomationRules securityhub:ListAutomationRulesV2 securityhub:ListConfigurationPolicies securityhub:ListConfigurationPolicyAssociations securityhub:ListConnectorsV2 securityhub:ListEnabledProductsForImport securityhub:ListFindingAggregators securityhub:ListInvitations securityhub:ListMembers securityhub:ListOrganizationAdminAccounts securityhub:ListSecurityControlDefinitions securityhub:ListStandardsControlAssociations securityhub:StartConfigurationPolicyAssociation securityhub:StartConfigurationPolicyDisassociation securityhub:UpdateActionTarget securityhub:UpdateAggregatorV2 securityhub:UpdateAutomationRuleV2 securityhub:UpdateConfigurationPolicy securityhub:UpdateConnectorV2 securityhub:UpdateFindingAggregator securityhub:UpdateFindings securityhub:UpdateInsight securityhub:UpdateOrganizationConfiguration securityhub:UpdateSecurityControl securityhub:UpdateSecurityHubConfiguration |
| securitylake | securitylake:CreateAwsLogSource securitylake:CreateCustomLogSource securitylake:CreateDataLakeExceptionSubscription securitylake:CreateDataLakeOrganizationConfiguration securitylake:CreateSubscriber securitylake:CreateSubscriberNotification securitylake:DeleteAwsLogSource securitylake:DeleteCustomLogSource securitylake:DeleteDataLakeExceptionSubscription securitylake:DeleteDataLakeOrganizationConfiguration securitylake:DeleteSubscriber securitylake:DeleteSubscriberNotification securitylake:DeregisterDataLakeDelegatedAdministrator securitylake:GetDataLakeExceptionSubscription securitylake:GetDataLakeOrganizationConfiguration securitylake:GetDataLakeSources securitylake:GetSubscriber securitylake:ListDataLakes securitylake:ListLogSources securitylake:ListSubscribers securitylake:RegisterDataLakeDelegatedAdministrator securitylake:UpdateDataLakeExceptionSubscription securitylake:UpdateSubscriber securitylake:UpdateSubscriberNotification |
| serverlessrepo | serverlessrepo:CreateApplication serverlessrepo:CreateApplicationVersion serverlessrepo:CreateCloudFormationChangeSet serverlessrepo:CreateCloudFormationTemplate serverlessrepo:DeleteApplication serverlessrepo:GetApplication serverlessrepo:GetApplicationPolicy serverlessrepo:GetCloudFormationTemplate serverlessrepo:ListApplicationDependencies serverlessrepo:ListApplicationVersions serverlessrepo:ListApplications serverlessrepo:PutApplicationPolicy serverlessrepo:UnshareApplication serverlessrepo:UpdateApplication |
| servicecatalog | servicecatalog:AcceptPortfolioShare servicecatalog:AssociateBudgetWithResource servicecatalog:AssociatePrincipalWithPortfolio servicecatalog:AssociateProductWithPortfolio servicecatalog:AssociateServiceActionWithProvisioningArtifact servicecatalog:BatchAssociateServiceActionWithProvisioningArtifact servicecatalog:BatchDisassociateServiceActionFromProvisioningArtifact servicecatalog:CopyProduct servicecatalog:CreateAttributeGroup servicecatalog:CreateConstraint servicecatalog:CreatePortfolio servicecatalog:CreatePortfolioShare servicecatalog:CreateProduct servicecatalog:CreateProvisionedProductPlan servicecatalog:CreateProvisioningArtifact servicecatalog:CreateServiceAction servicecatalog:DeleteAttributeGroup servicecatalog:DeleteConstraint servicecatalog:DeletePortfolio servicecatalog:DeletePortfolioShare servicecatalog:DeleteProduct servicecatalog:DeleteProvisionedProductPlan servicecatalog:DeleteProvisioningArtifact servicecatalog:DeleteServiceAction servicecatalog:DescribeConstraint servicecatalog:DescribeCopyProductStatus servicecatalog:DescribePortfolio servicecatalog:DescribePortfolioShareStatus servicecatalog:DescribePortfolioShares servicecatalog:DescribeProduct servicecatalog:DescribeProductAsAdmin servicecatalog:DescribeProductView servicecatalog:DescribeProvisionedProduct servicecatalog:DescribeProvisionedProductPlan servicecatalog:DescribeProvisioningArtifact servicecatalog:DescribeProvisioningParameters servicecatalog:DescribeRecord servicecatalog:DescribeServiceAction servicecatalog:DescribeServiceActionExecutionParameters servicecatalog:DisableAWSOrganizationsAccess servicecatalog:DisassociateBudgetFromResource servicecatalog:DisassociatePrincipalFromPortfolio servicecatalog:DisassociateProductFromPortfolio servicecatalog:DisassociateServiceActionFromProvisioningArtifact servicecatalog:EnableAWSOrganizationsAccess servicecatalog:ExecuteProvisionedProductPlan servicecatalog:ExecuteProvisionedProductServiceAction servicecatalog:GetAWSOrganizationsAccessStatus servicecatalog:GetProvisionedProductOutputs servicecatalog:ImportAsProvisionedProduct servicecatalog:ListAcceptedPortfolioShares servicecatalog:ListAttributeGroups servicecatalog:ListBudgetsForResource servicecatalog:ListConstraintsForPortfolio servicecatalog:ListLaunchPaths servicecatalog:ListOrganizationPortfolioAccess servicecatalog:ListPortfolioAccess servicecatalog:ListPortfolios servicecatalog:ListPortfoliosForProduct servicecatalog:ListPrincipalsForPortfolio servicecatalog:ListProvisionedProductPlans servicecatalog:ListProvisioningArtifacts servicecatalog:ListProvisioningArtifactsForServiceAction servicecatalog:ListRecordHistory servicecatalog:ListServiceActions servicecatalog:ListServiceActionsForProvisioningArtifact servicecatalog:ListStackInstancesForProvisionedProduct servicecatalog:NotifyProvisionProductEngineWorkflowResult servicecatalog:NotifyTerminateProvisionedProductEngineWorkflowResult servicecatalog:NotifyUpdateProvisionedProductEngineWorkflowResult servicecatalog:ProvisionProduct servicecatalog:RejectPortfolioShare servicecatalog:ScanProvisionedProducts servicecatalog:SearchProducts servicecatalog:SearchProductsAsAdmin servicecatalog:SearchProvisionedProducts servicecatalog:TerminateProvisionedProduct servicecatalog:UpdateConstraint servicecatalog:UpdatePortfolio servicecatalog:UpdatePortfolioShare servicecatalog:UpdateProduct servicecatalog:UpdateProvisionedProduct servicecatalog:UpdateProvisionedProductProperties servicecatalog:UpdateProvisioningArtifact servicecatalog:UpdateServiceAction |
| servicediscovery | servicediscovery:CreateHttpNamespace servicediscovery:CreatePrivateDnsNamespace servicediscovery:CreatePublicDnsNamespace servicediscovery:CreateService servicediscovery:DeleteNamespace servicediscovery:DeleteService servicediscovery:DeleteServiceAttributes servicediscovery:DeregisterInstance servicediscovery:GetInstance servicediscovery:GetInstancesHealthStatus servicediscovery:GetNamespace servicediscovery:GetOperation servicediscovery:GetService servicediscovery:ListInstances servicediscovery:ListNamespaces servicediscovery:ListOperations servicediscovery:ListServices servicediscovery:RegisterInstance servicediscovery:UpdateHttpNamespace servicediscovery:UpdateInstanceCustomHealthStatus servicediscovery:UpdatePrivateDnsNamespace servicediscovery:UpdatePublicDnsNamespace servicediscovery:UpdateService servicediscovery:UpdateServiceAttributes |
| servicequotas | servicequotas:AssociateServiceQuotaTemplate servicequotas:CreateSupportCase servicequotas:DeleteServiceQuotaIncreaseRequestFromTemplate servicequotas:DisassociateServiceQuotaTemplate servicequotas:GetAWSDefaultServiceQuota servicequotas:GetAssociationForServiceQuotaTemplate servicequotas:GetAutoManagementConfiguration servicequotas:GetQuotaUtilizationReport servicequotas:GetRequestedServiceQuotaChange servicequotas:GetServiceQuota servicequotas:GetServiceQuotaIncreaseRequestFromTemplate servicequotas:ListAWSDefaultServiceQuotas servicequotas:ListRequestedServiceQuotaChangeHistory servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota servicequotas:ListServiceQuotaIncreaseRequestsInTemplate servicequotas:ListServiceQuotas servicequotas:ListServices servicequotas:PutServiceQuotaIncreaseRequestIntoTemplate servicequotas:RequestServiceQuotaIncrease servicequotas:StartAutoManagement servicequotas:StartQuotaUtilizationReport servicequotas:StopAutoManagement servicequotas:UpdateAutoManagement |
| ses | ses:BatchGetMetricData ses:CloneReceiptRuleSet ses:CreateAddonInstance ses:CreateAddonSubscription ses:CreateAddressList ses:CreateAddressListImportJob ses:CreateArchive ses:CreateConfigurationSet ses:CreateConfigurationSetEventDestination ses:CreateConfigurationSetTrackingOptions ses:CreateContact ses:CreateContactList ses:CreateCustomVerificationEmailTemplate ses:CreateDedicatedIpPool ses:CreateDeliverabilityTestReport ses:CreateEmailIdentity ses:CreateEmailIdentityPolicy ses:CreateEmailTemplate ses:CreateImportJob ses:CreateIngressPoint ses:CreateMultiRegionEndpoint ses:CreateReceiptFilter ses:CreateReceiptRule ses:CreateReceiptRuleSet ses:CreateRelay ses:CreateRuleSet ses:CreateTemplate ses:CreateTenant ses:CreateTenantResourceAssociation ses:CreateTrafficPolicy ses:DeleteAddonInstance ses:DeleteAddonSubscription ses:DeleteAddressList ses:DeleteArchive ses:DeleteConfigurationSet ses:DeleteConfigurationSetEventDestination ses:DeleteConfigurationSetTrackingOptions ses:DeleteContact ses:DeleteContactList ses:DeleteCustomVerificationEmailTemplate ses:DeleteDedicatedIpPool ses:DeleteEmailIdentity ses:DeleteEmailIdentityPolicy ses:DeleteEmailTemplate ses:DeleteIdentity ses:DeleteIdentityPolicy ses:DeleteIngressPoint ses:DeleteMultiRegionEndpoint ses:DeleteReceiptFilter ses:DeleteReceiptRule ses:DeleteReceiptRuleSet ses:DeleteRelay ses:DeleteRuleSet ses:DeleteSuppressedDestination ses:DeleteTemplate ses:DeleteTenant ses:DeleteTenantResourceAssociation ses:DeleteTrafficPolicy ses:DeleteVerifiedEmailAddress ses:DeregisterMemberFromAddressList ses:DescribeActiveReceiptRuleSet ses:DescribeConfigurationSet ses:DescribeReceiptRule ses:DescribeReceiptRuleSet ses:GetAccount ses:GetAccountSendingEnabled ses:GetAddonInstance ses:GetAddonSubscription ses:GetAddressList ses:GetArchive ses:GetArchiveExport ses:GetArchiveMessage ses:GetArchiveMessageContent ses:GetArchiveSearch ses:GetArchiveSearchResults ses:GetBlacklistReports ses:GetConfigurationSet ses:GetConfigurationSetEventDestinations ses:GetContact ses:GetContactList ses:GetCustomVerificationEmailTemplate ses:GetDedicatedIp ses:GetDedicatedIpPool ses:GetDedicatedIps ses:GetDeliverabilityDashboardOptions ses:GetDeliverabilityTestReport ses:GetDomainDeliverabilityCampaign ses:GetDomainStatisticsReport ses:GetEmailAddressInsights ses:GetEmailIdentity ses:GetEmailIdentityPolicies ses:GetEmailTemplate ses:GetIdentityDkimAttributes ses:GetIdentityMailFromDomainAttributes ses:GetIdentityNotificationAttributes ses:GetIdentityPolicies ses:GetIdentityVerificationAttributes ses:GetImportJob ses:GetIngressPoint ses:GetMemberOfAddressList ses:GetMessageInsights ses:GetMultiRegionEndpoint ses:GetRelay ses:GetRuleSet ses:GetSendQuota ses:GetSendStatistics ses:GetSuppressedDestination ses:GetTemplate ses:GetTenant ses:GetTrafficPolicy ses:ListAddonInstances ses:ListAddonSubscriptions ses:ListAddressListImportJobs ses:ListAddressLists ses:ListArchiveExports ses:ListArchiveSearches ses:ListArchives ses:ListConfigurationSets ses:ListContactLists ses:ListContacts ses:ListCustomVerificationEmailTemplates ses:ListDedicatedIpPools ses:ListDeliverabilityTestReports ses:ListDomainDeliverabilityCampaigns ses:ListEmailIdentities ses:ListEmailTemplates ses:ListExportJobs ses:ListIdentities ses:ListIdentityPolicies ses:ListImportJobs ses:ListIngressPoints ses:ListMembersOfAddressList ses:ListMultiRegionEndpoints ses:ListReceiptFilters ses:ListReceiptRuleSets ses:ListRecommendations ses:ListRelays ses:ListReputationEntities ses:ListResourceTenants ses:ListRuleSets ses:ListSuppressedDestinations ses:ListTemplates ses:ListTenantResources ses:ListTenants ses:ListTrafficPolicies ses:ListVerifiedEmailAddresses ses:PutAccountDedicatedIpWarmupAttributes ses:PutAccountDetails ses:PutAccountSendingAttributes ses:PutAccountSuppressionAttributes ses:PutAccountVdmAttributes ses:PutConfigurationSetArchivingOptions ses:PutConfigurationSetDeliveryOptions ses:PutConfigurationSetReputationOptions ses:PutConfigurationSetSendingOptions ses:PutConfigurationSetSuppressionOptions ses:PutConfigurationSetTrackingOptions ses:PutConfigurationSetVdmOptions ses:PutDedicatedIpInPool ses:PutDedicatedIpPoolScalingAttributes ses:PutDedicatedIpWarmupAttributes ses:PutDeliverabilityDashboardOption ses:PutEmailIdentityConfigurationSetAttributes ses:PutEmailIdentityDkimAttributes ses:PutEmailIdentityDkimSigningAttributes ses:PutEmailIdentityFeedbackAttributes ses:PutEmailIdentityMailFromAttributes ses:PutIdentityPolicy ses:PutSuppressedDestination ses:RegisterMemberToAddressList ses:ReorderReceiptRuleSet ses:SendBounce ses:SendCustomVerificationEmail ses:SetActiveReceiptRuleSet ses:SetIdentityDkimEnabled ses:SetIdentityFeedbackForwardingEnabled ses:SetIdentityHeadersInNotificationsEnabled ses:SetIdentityMailFromDomain ses:SetIdentityNotificationTopic ses:SetReceiptRulePosition ses:StartArchiveExport ses:StartArchiveSearch ses:StopArchiveExport ses:StopArchiveSearch ses:TestRenderEmailTemplate ses:TestRenderTemplate ses:UpdateAccountSendingEnabled ses:UpdateArchive ses:UpdateConfigurationSetEventDestination ses:UpdateConfigurationSetReputationMetricsEnabled ses:UpdateConfigurationSetSendingEnabled ses:UpdateConfigurationSetTrackingOptions ses:UpdateContact ses:UpdateContactList ses:UpdateCustomVerificationEmailTemplate ses:UpdateEmailIdentityPolicy ses:UpdateEmailTemplate ses:UpdateIngressPoint ses:UpdateReceiptRule ses:UpdateRelay ses:UpdateRuleSet ses:UpdateTemplate ses:UpdateTrafficPolicy ses:VerifyDomainDkim ses:VerifyDomainIdentity ses:VerifyEmailAddress ses:VerifyEmailIdentity |
| shield | shield:AssociateDRTLogBucket shield:AssociateHealthCheck shield:AssociateProactiveEngagementDetails shield:CreateProtection shield:CreateProtectionGroup shield:CreateSubscription shield:DeleteProtection shield:DeleteProtectionGroup shield:DeleteSubscription shield:DescribeAttack shield:DescribeAttackStatistics shield:DescribeDRTAccess shield:DescribeEmergencyContactSettings shield:DescribeProtection shield:DescribeProtectionGroup shield:DescribeSubscription shield:DisableApplicationLayerAutomaticResponse shield:DisableProactiveEngagement shield:DisassociateDRTLogBucket shield:DisassociateDRTRole shield:DisassociateHealthCheck shield:EnableApplicationLayerAutomaticResponse shield:EnableProactiveEngagement shield:GetSubscriptionState shield:ListAttacks shield:ListProtectionGroups shield:ListProtections shield:ListResourcesInProtectionGroup shield:UpdateApplicationLayerAutomaticResponse shield:UpdateEmergencyContactSettings shield:UpdateProtectionGroup shield:UpdateSubscription |
| signer | signer:AddProfilePermission signer:CancelSigningProfile signer:DescribeSigningJob signer:GetSigningPlatform signer:GetSigningProfile signer:ListProfilePermissions signer:ListSigningJobs signer:ListSigningPlatforms signer:ListSigningProfiles signer:PutSigningProfile signer:RemoveProfilePermission signer:RevokeSignature signer:RevokeSigningProfile signer:SignPayload signer:StartSigningJob |
| simspaceweaver | simspaceweaver:CreateSnapshot simspaceweaver:DeleteApp simspaceweaver:DeleteSimulation simspaceweaver:DescribeApp simspaceweaver:DescribeSimulation simspaceweaver:ListApps simspaceweaver:ListSimulations simspaceweaver:StartApp simspaceweaver:StartClock simspaceweaver:StartSimulation simspaceweaver:StopApp simspaceweaver:StopClock simspaceweaver:StopSimulation |
| sms | sms:CreateApp sms:CreateReplicationJob sms:DeleteApp sms:DeleteAppLaunchConfiguration sms:DeleteAppReplicationConfiguration sms:DeleteAppValidationConfiguration sms:DeleteReplicationJob sms:DeleteServerCatalog sms:DisassociateConnector sms:GenerateChangeSet sms:GenerateTemplate sms:GetApp sms:GetAppLaunchConfiguration sms:GetAppReplicationConfiguration sms:GetAppValidationConfiguration sms:GetAppValidationOutput sms:GetConnectors sms:GetReplicationJobs sms:GetReplicationRuns sms:GetServers sms:ImportAppCatalog sms:ImportServerCatalog sms:LaunchApp sms:ListApps sms:NotifyAppValidationOutput sms:PutAppLaunchConfiguration sms:PutAppReplicationConfiguration sms:PutAppValidationConfiguration sms:StartAppReplication sms:StartOnDemandAppReplication sms:StartOnDemandReplicationRun sms:StopAppReplication sms:TerminateApp sms:UpdateApp sms:UpdateReplicationJob |
| sms-voice | sms-voice:AssociateProtectConfiguration sms-voice:CreateConfigurationSet sms-voice:CreateConfigurationSetEventDestination sms-voice:CreateEventDestination sms-voice:CreateOptOutList sms-voice:CreatePool sms-voice:CreateProtectConfiguration sms-voice:CreateRegistration sms-voice:CreateRegistrationAssociation sms-voice:CreateRegistrationAttachment sms-voice:CreateRegistrationVersion sms-voice:CreateVerifiedDestinationNumber sms-voice:DeleteAccountDefaultProtectConfiguration sms-voice:DeleteConfigurationSet sms-voice:DeleteConfigurationSetEventDestination sms-voice:DeleteDefaultMessageType sms-voice:DeleteDefaultSenderId sms-voice:DeleteEventDestination sms-voice:DeleteKeyword sms-voice:DeleteMediaMessageSpendLimitOverride sms-voice:DeleteOptOutList sms-voice:DeleteOptedOutNumber sms-voice:DeletePool sms-voice:DeleteProtectConfiguration sms-voice:DeleteProtectConfigurationRuleSetNumberOverride sms-voice:DeleteRegistration sms-voice:DeleteRegistrationAttachment sms-voice:DeleteResourcePolicy sms-voice:DeleteTextMessageSpendLimitOverride sms-voice:DeleteVerifiedDestinationNumber sms-voice:DeleteVoiceMessageSpendLimitOverride sms-voice:DescribeAccountAttributes sms-voice:DescribeAccountLimits sms-voice:DescribeConfigurationSets sms-voice:DescribeKeywords sms-voice:DescribeOptOutLists sms-voice:DescribeOptedOutNumbers sms-voice:DescribePhoneNumbers sms-voice:DescribePools sms-voice:DescribeProtectConfigurations sms-voice:DescribeRegistrationAttachments sms-voice:DescribeRegistrationFieldDefinitions sms-voice:DescribeRegistrationFieldValues sms-voice:DescribeRegistrationSectionDefinitions sms-voice:DescribeRegistrationTypeDefinitions sms-voice:DescribeRegistrationVersions sms-voice:DescribeRegistrations sms-voice:DescribeSenderIds sms-voice:DescribeSpendLimits sms-voice:DescribeVerifiedDestinationNumbers sms-voice:DisassociateOriginationIdentity sms-voice:DisassociateProtectConfiguration sms-voice:DiscardRegistrationVersion sms-voice:GetConfigurationSetEventDestinations sms-voice:GetProtectConfigurationCountryRuleSet sms-voice:GetResourcePolicy sms-voice:ListConfigurationSets sms-voice:ListPoolOriginationIdentities sms-voice:ListProtectConfigurationRuleSetNumberOverrides sms-voice:ListRegistrationAssociations sms-voice:PutKeyword sms-voice:PutOptedOutNumber sms-voice:PutProtectConfigurationRuleSetNumberOverride sms-voice:PutResourcePolicy sms-voice:ReleasePhoneNumber sms-voice:ReleaseSenderId sms-voice:RequestPhoneNumber sms-voice:RequestSenderId sms-voice:SendDestinationNumberVerificationCode sms-voice:SetAccountDefaultProtectConfiguration sms-voice:SetDefaultMessageFeedbackEnabled sms-voice:SetDefaultMessageType sms-voice:SetDefaultSenderId sms-voice:SetMediaMessageSpendLimitOverride sms-voice:SetTextMessageSpendLimitOverride sms-voice:SetVoiceMessageSpendLimitOverride sms-voice:SubmitRegistrationVersion sms-voice:UpdateConfigurationSetEventDestination sms-voice:UpdateEventDestination sms-voice:UpdatePhoneNumber sms-voice:UpdatePool sms-voice:UpdateProtectConfiguration sms-voice:UpdateProtectConfigurationCountryRuleSet sms-voice:UpdateSenderId |
| snowball | snowball:CancelCluster snowball:CancelJob snowball:CreateAddress snowball:CreateCluster snowball:CreateJob snowball:CreateLongTermPricing snowball:CreateReturnShippingLabel snowball:DescribeAddress snowball:DescribeAddresses snowball:DescribeCluster snowball:DescribeJob snowball:DescribeReturnShippingLabel snowball:GetJobManifest snowball:GetJobUnlockCode snowball:GetSnowballUsage snowball:GetSoftwareUpdates snowball:ListClusterJobs snowball:ListClusters snowball:ListCompatibleImages snowball:ListJobs snowball:ListLongTermPricing snowball:ListPickupLocations snowball:ListServiceVersions snowball:UpdateCluster snowball:UpdateJob snowball:UpdateJobShipmentState snowball:UpdateLongTermPricing |
| sqs | sqs:AddPermission sqs:CancelMessageMoveTask sqs:CreateQueue sqs:DeleteQueue sqs:PurgeQueue sqs:RemovePermission sqs:SetQueueAttributes |
| ssm | ssm:AssociateOpsItemRelatedItem ssm:CancelCommand ssm:CancelMaintenanceWindowExecution ssm:CreateActivation ssm:CreateAssociation ssm:CreateAssociationBatch ssm:CreateDocument ssm:CreateMaintenanceWindow ssm:CreateOpsItem ssm:CreateOpsMetadata ssm:CreatePatchBaseline ssm:CreateResourceDataSync ssm:DeleteActivation ssm:DeleteAssociation ssm:DeleteDocument ssm:DeleteInventory ssm:DeleteMaintenanceWindow ssm:DeleteOpsItem ssm:DeleteOpsMetadata ssm:DeleteParameter ssm:DeleteParameters ssm:DeletePatchBaseline ssm:DeleteResourceDataSync ssm:DeleteResourcePolicy ssm:DeregisterManagedInstance ssm:DeregisterPatchBaselineForPatchGroup ssm:DeregisterTargetFromMaintenanceWindow ssm:DeregisterTaskFromMaintenanceWindow ssm:DescribeActivations ssm:DescribeAssociation ssm:DescribeAssociationExecutionTargets ssm:DescribeAssociationExecutions ssm:DescribeAutomationExecutions ssm:DescribeAutomationStepExecutions ssm:DescribeAvailablePatches ssm:DescribeDocument ssm:DescribeDocumentParameters ssm:DescribeDocumentPermission ssm:DescribeEffectiveInstanceAssociations ssm:DescribeEffectivePatchesForPatchBaseline ssm:DescribeInstanceAssociationsStatus ssm:DescribeInstanceInformation ssm:DescribeInstancePatchStates ssm:DescribeInstancePatchStatesForPatchGroup ssm:DescribeInstancePatches ssm:DescribeInstanceProperties ssm:DescribeInventoryDeletions ssm:DescribeMaintenanceWindowExecutionTaskInvocations ssm:DescribeMaintenanceWindowExecutionTasks ssm:DescribeMaintenanceWindowExecutions ssm:DescribeMaintenanceWindowSchedule ssm:DescribeMaintenanceWindowTargets ssm:DescribeMaintenanceWindowTasks ssm:DescribeMaintenanceWindows ssm:DescribeMaintenanceWindowsForTarget ssm:DescribeOpsItems ssm:DescribeParameters ssm:DescribePatchBaselines ssm:DescribePatchGroupState ssm:DescribePatchGroups ssm:DescribePatchProperties ssm:DescribeSessions ssm:DisassociateOpsItemRelatedItem ssm:GetAccessToken ssm:GetAutomationExecution ssm:GetCalendarState ssm:GetCommandInvocation ssm:GetConnectionStatus ssm:GetDefaultPatchBaseline ssm:GetDeployablePatchSnapshotForInstance ssm:GetDocument ssm:GetExecutionPreview ssm:GetInventory ssm:GetInventorySchema ssm:GetMaintenanceWindow ssm:GetMaintenanceWindowExecution ssm:GetMaintenanceWindowExecutionTask ssm:GetMaintenanceWindowExecutionTaskInvocation ssm:GetMaintenanceWindowTask ssm:GetOpsItem ssm:GetOpsMetadata ssm:GetOpsSummary ssm:GetParameter ssm:GetParameterHistory ssm:GetParameters ssm:GetParametersByPath ssm:GetPatchBaseline ssm:GetPatchBaselineForPatchGroup ssm:GetResourcePolicies ssm:GetServiceSetting ssm:LabelParameterVersion ssm:ListAssociationVersions ssm:ListAssociations ssm:ListCommandInvocations ssm:ListCommands ssm:ListComplianceItems ssm:ListComplianceSummaries ssm:ListDocumentMetadataHistory ssm:ListDocumentVersions ssm:ListDocuments ssm:ListInstanceAssociations ssm:ListInventoryEntries ssm:ListNodes ssm:ListNodesSummary ssm:ListOpsItemEvents ssm:ListOpsItemRelatedItems ssm:ListOpsMetadata ssm:ListResourceComplianceSummaries ssm:ListResourceDataSync ssm:ModifyDocumentPermission ssm:PutComplianceItems ssm:PutInventory ssm:PutParameter ssm:PutResourcePolicy ssm:RegisterDefaultPatchBaseline ssm:RegisterManagedInstance ssm:RegisterPatchBaselineForPatchGroup ssm:RegisterTargetWithMaintenanceWindow ssm:RegisterTaskWithMaintenanceWindow ssm:ResetServiceSetting ssm:ResumeSession ssm:SendAutomationSignal ssm:SendCommand ssm:StartAssociationsOnce ssm:StartAutomationExecution ssm:StartChangeRequestExecution ssm:StartSession ssm:StopAutomationExecution ssm:TerminateSession ssm:UnlabelParameterVersion ssm:UpdateAssociation ssm:UpdateAssociationStatus ssm:UpdateDocument ssm:UpdateDocumentDefaultVersion ssm:UpdateDocumentMetadata ssm:UpdateInstanceInformation ssm:UpdateMaintenanceWindow ssm:UpdateMaintenanceWindowTarget ssm:UpdateMaintenanceWindowTask ssm:UpdateManagedInstanceRole ssm:UpdateOpsItem ssm:UpdateOpsMetadata ssm:UpdatePatchBaseline ssm:UpdateResourceDataSync ssm:UpdateServiceSetting |
| ssm-incidents | ssm-incidents:BatchGetIncidentFindings ssm-incidents:CreateReplicationSet ssm-incidents:CreateResponsePlan ssm-incidents:CreateTimelineEvent ssm-incidents:DeleteIncidentRecord ssm-incidents:DeleteReplicationSet ssm-incidents:DeleteResourcePolicy ssm-incidents:DeleteResponsePlan ssm-incidents:DeleteTimelineEvent ssm-incidents:GetIncidentRecord ssm-incidents:GetReplicationSet ssm-incidents:GetResourcePolicies ssm-incidents:GetResponsePlan ssm-incidents:GetTimelineEvent ssm-incidents:ListIncidentFindings ssm-incidents:ListIncidentRecords ssm-incidents:ListRelatedItems ssm-incidents:ListReplicationSets ssm-incidents:ListResponsePlans ssm-incidents:ListTimelineEvents ssm-incidents:PutResourcePolicy ssm-incidents:StartIncident ssm-incidents:UpdateDeletionProtection ssm-incidents:UpdateIncidentRecord ssm-incidents:UpdateRelatedItems ssm-incidents:UpdateReplicationSet ssm-incidents:UpdateResponsePlan ssm-incidents:UpdateTimelineEvent |
| ssm-sap | ssm-sap:BackupDatabase ssm-sap:DeleteResourcePermission ssm-sap:DeregisterApplication ssm-sap:GetApplication ssm-sap:GetComponent ssm-sap:GetConfigurationCheckOperation ssm-sap:GetDatabase ssm-sap:GetOperation ssm-sap:GetResourcePermission ssm-sap:ListApplications ssm-sap:ListComponents ssm-sap:ListConfigurationCheckDefinitions ssm-sap:ListConfigurationCheckOperations ssm-sap:ListDatabases ssm-sap:ListOperationEvents ssm-sap:ListOperations ssm-sap:ListSubCheckResults ssm-sap:ListSubCheckRuleResults ssm-sap:PutResourcePermission ssm-sap:RegisterApplication ssm-sap:RestoreDatabase ssm-sap:StartApplication ssm-sap:StartApplicationRefresh ssm-sap:StartConfigurationChecks ssm-sap:StopApplication ssm-sap:UpdateApplicationSettings ssm-sap:UpdateHANABackupSettings |
| states | states:CreateActivity states:CreateStateMachine states:CreateStateMachineAlias states:DeleteActivity states:DeleteStateMachine states:DeleteStateMachineAlias states:DeleteStateMachineVersion states:DescribeActivity states:DescribeExecution states:DescribeMapRun states:DescribeStateMachine states:DescribeStateMachineAlias states:DescribeStateMachineForExecution states:GetExecutionHistory states:ListActivities states:ListExecutions states:ListMapRuns states:ListStateMachineAliases states:ListStateMachineVersions states:ListStateMachines states:SendTaskFailure states:SendTaskHeartbeat states:SendTaskSuccess states:StartExecution states:StopExecution states:UpdateMapRun states:UpdateStateMachine states:UpdateStateMachineAlias states:ValidateStateMachineDefinition |
| sts | sts:AssumeRole sts:AssumeRoleWithSAML sts:AssumeRoleWithWebIdentity sts:DecodeAuthorizationMessage sts:GetAccessKeyInfo sts:GetCallerIdentity sts:GetFederationToken sts:GetSessionToken sts:GetWebIdentityToken |
| swf | swf:DeleteActivityType swf:DeleteWorkflowType swf:DeprecateActivityType swf:DeprecateDomain swf:DeprecateWorkflowType swf:DescribeActivityType swf:DescribeDomain swf:DescribeWorkflowType swf:ListActivityTypes swf:ListDomains swf:ListWorkflowTypes swf:RegisterActivityType swf:RegisterDomain swf:RegisterWorkflowType swf:UndeprecateActivityType swf:UndeprecateDomain swf:UndeprecateWorkflowType |
| synthetics | synthetics:AssociateResource synthetics:CreateCanary synthetics:CreateGroup synthetics:DeleteCanary synthetics:DeleteGroup synthetics:DescribeCanaries synthetics:DescribeCanariesLastRun synthetics:DescribeRuntimeVersions synthetics:DisassociateResource synthetics:GetCanary synthetics:GetCanaryRuns synthetics:GetGroup synthetics:ListAssociatedGroups synthetics:ListGroupResources synthetics:ListGroups synthetics:StartCanary synthetics:StartCanaryDryRun synthetics:StopCanary synthetics:UpdateCanary |
| 標籤 | tag:DescribeReportCreation tag:GetComplianceSummary tag:GetResources tag:StartReportCreation |
| textract | textract:AnalyzeDocument textract:AnalyzeExpense textract:AnalyzeID textract:CreateAdapter textract:CreateAdapterVersion textract:DeleteAdapter textract:DeleteAdapterVersion textract:DetectDocumentText textract:GetAdapter textract:GetAdapterVersion textract:GetDocumentAnalysis textract:GetDocumentTextDetection textract:GetExpenseAnalysis textract:GetLendingAnalysis textract:GetLendingAnalysisSummary textract:ListAdapterVersions textract:ListAdapters textract:StartDocumentAnalysis textract:StartDocumentTextDetection textract:StartExpenseAnalysis textract:StartLendingAnalysis textract:UpdateAdapter |
| timestream | timestream:CancelQuery timestream:CreateDatabase timestream:CreateScheduledQuery timestream:CreateTable timestream:DeleteDatabase timestream:DeleteScheduledQuery timestream:DeleteTable timestream:DescribeAccountSettings timestream:DescribeDatabase timestream:DescribeScheduledQuery timestream:DescribeTable timestream:ExecuteScheduledQuery timestream:ListBatchLoadTasks timestream:ListDatabases timestream:ListScheduledQueries timestream:ListTables timestream:PrepareQuery timestream:UpdateAccountSettings timestream:UpdateDatabase timestream:UpdateScheduledQuery timestream:UpdateTable |
| tnb | tnb:CancelSolNetworkOperation tnb:CreateSolFunctionPackage tnb:CreateSolNetworkInstance tnb:CreateSolNetworkPackage tnb:DeleteSolFunctionPackage tnb:DeleteSolNetworkInstance tnb:DeleteSolNetworkPackage tnb:GetSolFunctionInstance tnb:GetSolFunctionPackage tnb:GetSolFunctionPackageContent tnb:GetSolFunctionPackageDescriptor tnb:GetSolNetworkInstance tnb:GetSolNetworkOperation tnb:GetSolNetworkPackage tnb:GetSolNetworkPackageContent tnb:GetSolNetworkPackageDescriptor tnb:InstantiateSolNetworkInstance tnb:ListSolFunctionInstances tnb:ListSolFunctionPackages tnb:ListSolNetworkInstances tnb:ListSolNetworkOperations tnb:ListSolNetworkPackages tnb:PutSolFunctionPackageContent tnb:PutSolNetworkPackageContent tnb:TerminateSolNetworkInstance tnb:UpdateSolFunctionPackage tnb:UpdateSolNetworkInstance tnb:UpdateSolNetworkPackage tnb:ValidateSolFunctionPackageContent tnb:ValidateSolNetworkPackageContent |
| transcribe | transcribe:CreateCallAnalyticsCategory transcribe:CreateLanguageModel transcribe:CreateMedicalVocabulary transcribe:CreateVocabulary transcribe:CreateVocabularyFilter transcribe:DeleteCallAnalyticsCategory transcribe:DeleteCallAnalyticsJob transcribe:DeleteLanguageModel transcribe:DeleteMedicalScribeJob transcribe:DeleteMedicalTranscriptionJob transcribe:DeleteMedicalVocabulary transcribe:DeleteTranscriptionJob transcribe:DeleteVocabulary transcribe:DeleteVocabularyFilter transcribe:DescribeLanguageModel transcribe:GetCallAnalyticsCategory transcribe:GetCallAnalyticsJob transcribe:GetMedicalScribeJob transcribe:GetMedicalTranscriptionJob transcribe:GetMedicalVocabulary transcribe:GetTranscriptionJob transcribe:GetVocabulary transcribe:GetVocabularyFilter transcribe:ListCallAnalyticsCategories transcribe:ListCallAnalyticsJobs transcribe:ListLanguageModels transcribe:ListMedicalScribeJobs transcribe:ListMedicalTranscriptionJobs transcribe:ListMedicalVocabularies transcribe:ListTranscriptionJobs transcribe:ListVocabularies transcribe:ListVocabularyFilters transcribe:StartCallAnalyticsJob transcribe:StartCallAnalyticsStreamTranscription transcribe:StartCallAnalyticsStreamTranscriptionWebSocket transcribe:StartMedicalScribeJob transcribe:StartMedicalStreamTranscription transcribe:StartMedicalStreamTranscriptionWebSocket transcribe:StartMedicalTranscriptionJob transcribe:StartStreamTranscription transcribe:StartStreamTranscriptionWebSocket transcribe:StartTranscriptionJob transcribe:UpdateCallAnalyticsCategory transcribe:UpdateMedicalVocabulary transcribe:UpdateVocabulary transcribe:UpdateVocabularyFilter |
| 傳輸 | transfer:CreateAccess transfer:CreateAgreement transfer:CreateConnector transfer:CreateProfile transfer:CreateServer transfer:CreateUser transfer:CreateWebApp transfer:CreateWorkflow transfer:DeleteAccess transfer:DeleteAgreement transfer:DeleteCertificate transfer:DeleteConnector transfer:DeleteHostKey transfer:DeleteProfile transfer:DeleteServer transfer:DeleteSshPublicKey transfer:DeleteUser transfer:DeleteWebApp transfer:DeleteWebAppCustomization transfer:DeleteWorkflow transfer:DescribeAccess transfer:DescribeAgreement transfer:DescribeCertificate transfer:DescribeConnector transfer:DescribeExecution transfer:DescribeHostKey transfer:DescribeProfile transfer:DescribeSecurityPolicy transfer:DescribeServer transfer:DescribeUser transfer:DescribeWebApp transfer:DescribeWebAppCustomization transfer:DescribeWorkflow transfer:ImportCertificate transfer:ImportHostKey transfer:ImportSshPublicKey transfer:ListAccesses transfer:ListCertificates transfer:ListConnectors transfer:ListExecutions transfer:ListFileTransferResults transfer:ListHostKeys transfer:ListProfiles transfer:ListSecurityPolicies transfer:ListServers transfer:ListUsers transfer:ListWebApps transfer:ListWorkflows transfer:SendWorkflowStepState transfer:StartDirectoryListing transfer:StartFileTransfer transfer:StartRemoteDelete transfer:StartRemoteMove transfer:StartServer transfer:StopServer transfer:TestConnection transfer:TestIdentityProvider transfer:UpdateAccess transfer:UpdateAgreement transfer:UpdateCertificate transfer:UpdateConnector transfer:UpdateHostKey transfer:UpdateProfile transfer:UpdateServer transfer:UpdateUser transfer:UpdateWebApp transfer:UpdateWebAppCustomization |
| translate | translate:CreateParallelData translate:DeleteParallelData translate:DeleteTerminology translate:DescribeTextTranslationJob translate:GetParallelData translate:GetTerminology translate:ImportTerminology translate:ListLanguages translate:ListParallelData translate:ListTerminologies translate:ListTextTranslationJobs translate:StartTextTranslationJob translate:StopTextTranslationJob translate:TranslateDocument translate:TranslateText translate:UpdateParallelData |
| voiceid | voiceid:AssociateFraudster voiceid:CreateDomain voiceid:CreateWatchlist voiceid:DeleteDomain voiceid:DeleteFraudster voiceid:DeleteSpeaker voiceid:DeleteWatchlist voiceid:DescribeDomain voiceid:DescribeFraudster voiceid:DescribeFraudsterRegistrationJob voiceid:DescribeSpeaker voiceid:DescribeSpeakerEnrollmentJob voiceid:DescribeWatchlist voiceid:DisassociateFraudster voiceid:EvaluateSession voiceid:ListDomains voiceid:ListFraudsterRegistrationJobs voiceid:ListFraudsters voiceid:ListSpeakerEnrollmentJobs voiceid:ListSpeakers voiceid:ListWatchlists voiceid:OptOutSpeaker voiceid:StartFraudsterRegistrationJob voiceid:StartSpeakerEnrollmentJob voiceid:UpdateDomain voiceid:UpdateWatchlist |
| vpc-lattice | vpc-lattice:CreateAccessLogSubscription vpc-lattice:CreateListener vpc-lattice:CreateResourceConfiguration vpc-lattice:CreateResourceGateway vpc-lattice:CreateRule vpc-lattice:CreateService vpc-lattice:CreateServiceNetwork vpc-lattice:CreateServiceNetworkResourceAssociation vpc-lattice:CreateServiceNetworkServiceAssociation vpc-lattice:CreateServiceNetworkVpcAssociation vpc-lattice:CreateTargetGroup vpc-lattice:DeleteAccessLogSubscription vpc-lattice:DeleteAuthPolicy vpc-lattice:DeleteDomainVerification vpc-lattice:DeleteListener vpc-lattice:DeleteResourceConfiguration vpc-lattice:DeleteResourceEndpointAssociation vpc-lattice:DeleteResourceGateway vpc-lattice:DeleteResourcePolicy vpc-lattice:DeleteRule vpc-lattice:DeleteService vpc-lattice:DeleteServiceNetwork vpc-lattice:DeleteServiceNetworkResourceAssociation vpc-lattice:DeleteServiceNetworkServiceAssociation vpc-lattice:DeleteServiceNetworkVpcAssociation vpc-lattice:DeleteTargetGroup vpc-lattice:DeregisterTargets vpc-lattice:GetAccessLogSubscription vpc-lattice:GetAuthPolicy vpc-lattice:GetDomainVerification vpc-lattice:GetListener vpc-lattice:GetResourceConfiguration vpc-lattice:GetResourceGateway vpc-lattice:GetResourcePolicy vpc-lattice:GetRule vpc-lattice:GetService vpc-lattice:GetServiceNetwork vpc-lattice:GetServiceNetworkResourceAssociation vpc-lattice:GetServiceNetworkServiceAssociation vpc-lattice:GetServiceNetworkVpcAssociation vpc-lattice:GetTargetGroup vpc-lattice:ListAccessLogSubscriptions vpc-lattice:ListDomainVerifications vpc-lattice:ListListeners vpc-lattice:ListResourceConfigurations vpc-lattice:ListResourceEndpointAssociations vpc-lattice:ListResourceGateways vpc-lattice:ListRules vpc-lattice:ListServiceNetworkResourceAssociations vpc-lattice:ListServiceNetworkServiceAssociations vpc-lattice:ListServiceNetworkVpcAssociations vpc-lattice:ListServiceNetworkVpcEndpointAssociations vpc-lattice:ListServiceNetworks vpc-lattice:ListServices vpc-lattice:ListTargetGroups vpc-lattice:ListTargets vpc-lattice:PutAuthPolicy vpc-lattice:PutResourcePolicy vpc-lattice:RegisterTargets vpc-lattice:StartDomainVerification vpc-lattice:UpdateAccessLogSubscription vpc-lattice:UpdateListener vpc-lattice:UpdateResourceConfiguration vpc-lattice:UpdateResourceGateway vpc-lattice:UpdateRule vpc-lattice:UpdateService vpc-lattice:UpdateServiceNetwork vpc-lattice:UpdateServiceNetworkVpcAssociation vpc-lattice:UpdateTargetGroup |
| wafv2 | wafv2:AssociateWebACL wafv2:CheckCapacity wafv2:CreateAPIKey wafv2:CreateIPSet wafv2:CreateRegexPatternSet wafv2:CreateRuleGroup wafv2:CreateWebACL wafv2:DeleteAPIKey wafv2:DeleteFirewallManagerRuleGroups wafv2:DeleteIPSet wafv2:DeleteLoggingConfiguration wafv2:DeletePermissionPolicy wafv2:DeleteRegexPatternSet wafv2:DeleteRuleGroup wafv2:DeleteWebACL wafv2:DescribeAllManagedProducts wafv2:DescribeManagedProductsByVendor wafv2:DescribeManagedRuleGroup wafv2:DisassociateWebACL wafv2:GenerateMobileSdkReleaseUrl wafv2:GetDecryptedAPIKey wafv2:GetIPSet wafv2:GetLoggingConfiguration wafv2:GetManagedRuleSet wafv2:GetMobileSdkRelease wafv2:GetRateBasedStatementManagedKeys wafv2:GetRegexPatternSet wafv2:GetRuleGroup wafv2:GetSampledRequests wafv2:GetWebACLForResource wafv2:ListAPIKeys wafv2:ListAvailableManagedRuleGroupVersions wafv2:ListAvailableManagedRuleGroups wafv2:ListIPSets wafv2:ListLoggingConfigurations wafv2:ListManagedRuleSets wafv2:ListMobileSdkReleases wafv2:ListRegexPatternSets wafv2:ListResourcesForWebACL wafv2:ListRuleGroups wafv2:ListWebACLs wafv2:PutLoggingConfiguration wafv2:PutManagedRuleSetVersions wafv2:UpdateIPSet wafv2:UpdateManagedRuleSetVersionExpiryDate wafv2:UpdateRegexPatternSet wafv2:UpdateRuleGroup wafv2:UpdateWebACL |
| wellarchitected | wellarchitected:AssociateLenses wellarchitected:AssociateProfiles wellarchitected:CreateLensShare wellarchitected:CreateLensVersion wellarchitected:CreateMilestone wellarchitected:CreateProfile wellarchitected:CreateProfileShare wellarchitected:CreateReviewTemplate wellarchitected:CreateWorkload wellarchitected:CreateWorkloadShare wellarchitected:DeleteLens wellarchitected:DeleteLensShare wellarchitected:DeleteProfile wellarchitected:DeleteProfileShare wellarchitected:DeleteReviewTemplate wellarchitected:DeleteTemplateShare wellarchitected:DeleteWorkload wellarchitected:DeleteWorkloadShare wellarchitected:DisassociateLenses wellarchitected:DisassociateProfiles wellarchitected:ExportLens wellarchitected:GetAnswer wellarchitected:GetConsolidatedReport wellarchitected:GetGlobalSettings wellarchitected:GetLens wellarchitected:GetLensReview wellarchitected:GetLensReviewReport wellarchitected:GetLensVersionDifference wellarchitected:GetMilestone wellarchitected:GetProfile wellarchitected:GetProfileTemplate wellarchitected:GetReviewTemplate wellarchitected:GetReviewTemplateAnswer wellarchitected:GetReviewTemplateLensReview wellarchitected:GetWorkload wellarchitected:ImportLens wellarchitected:ListAnswers wellarchitected:ListCheckDetails wellarchitected:ListCheckSummaries wellarchitected:ListLensReviewImprovements wellarchitected:ListLensReviews wellarchitected:ListLensShares wellarchitected:ListLenses wellarchitected:ListMilestones wellarchitected:ListNotifications wellarchitected:ListProfileNotifications wellarchitected:ListProfileShares wellarchitected:ListProfiles wellarchitected:ListReviewTemplateAnswers wellarchitected:ListReviewTemplates wellarchitected:ListShareInvitations wellarchitected:ListTemplateShares wellarchitected:ListWorkloadShares wellarchitected:ListWorkloads wellarchitected:UpdateAnswer wellarchitected:UpdateGlobalSettings wellarchitected:UpdateIntegration wellarchitected:UpdateLensReview wellarchitected:UpdateProfile wellarchitected:UpdateReviewTemplate wellarchitected:UpdateReviewTemplateLensReview wellarchitected:UpdateShareInvitation wellarchitected:UpdateWorkload wellarchitected:UpdateWorkloadShare wellarchitected:UpgradeLensReview wellarchitected:UpgradeProfileVersion wellarchitected:UpgradeReviewTemplateLensReview |
| wisdom | wisdom:CreateAssistant wisdom:CreateAssistantAssociation wisdom:CreateContent wisdom:CreateKnowledgeBase wisdom:CreateQuickResponse wisdom:CreateSession wisdom:DeleteAssistant wisdom:DeleteAssistantAssociation wisdom:DeleteContent wisdom:DeleteImportJob wisdom:DeleteKnowledgeBase wisdom:DeleteQuickResponse wisdom:GetAssistant wisdom:GetAssistantAssociation wisdom:GetContent wisdom:GetContentAssociation wisdom:GetContentSummary wisdom:GetImportJob wisdom:GetKnowledgeBase wisdom:GetRecommendations wisdom:GetSession wisdom:ListAssistantAssociations wisdom:ListAssistants wisdom:ListContentAssociations wisdom:ListContents wisdom:ListImportJobs wisdom:ListKnowledgeBases wisdom:ListQuickResponses wisdom:NotifyRecommendationsReceived wisdom:QueryAssistant wisdom:RemoveKnowledgeBaseTemplateUri wisdom:SearchContent wisdom:SearchQuickResponses wisdom:SearchSessions wisdom:StartContentUpload wisdom:StartImportJob wisdom:UpdateContent wisdom:UpdateKnowledgeBaseTemplateUri wisdom:UpdateQuickResponse wisdom:UpdateSession |
| worklink | worklink:AssociateDomain worklink:AssociateWebsiteAuthorizationProvider worklink:AssociateWebsiteCertificateAuthority worklink:CreateFleet worklink:DeleteFleet worklink:DescribeAuditStreamConfiguration worklink:DescribeCompanyNetworkConfiguration worklink:DescribeDevice worklink:DescribeDevicePolicyConfiguration worklink:DescribeDomain worklink:DescribeFleetMetadata worklink:DescribeIdentityProviderConfiguration worklink:DescribeWebsiteCertificateAuthority worklink:DisassociateDomain worklink:DisassociateWebsiteAuthorizationProvider worklink:DisassociateWebsiteCertificateAuthority worklink:ListDevices worklink:ListDomains worklink:ListFleets worklink:ListWebsiteAuthorizationProviders worklink:ListWebsiteCertificateAuthorities worklink:RestoreDomainAccess worklink:RevokeDomainAccess worklink:SignOutUser worklink:UpdateAuditStreamConfiguration worklink:UpdateCompanyNetworkConfiguration worklink:UpdateDevicePolicyConfiguration worklink:UpdateDomainMetadata worklink:UpdateFleetMetadata worklink:UpdateIdentityProviderConfiguration |
| 工作區 | workspaces:AcceptAccountLinkInvitation workspaces:AssociateConnectionAlias workspaces:AssociateIpGroups workspaces:AssociateWorkspaceApplication workspaces:CopyWorkspaceImage workspaces:CreateAccountLinkInvitation workspaces:CreateConnectClientAddIn workspaces:CreateConnectionAlias workspaces:CreateIpGroup workspaces:CreateStandbyWorkspaces workspaces:CreateUpdatedWorkspaceImage workspaces:CreateWorkspaceBundle workspaces:CreateWorkspaceImage workspaces:CreateWorkspaces workspaces:CreateWorkspacesPool workspaces:DeleteAccountLinkInvitation workspaces:DeleteClientBranding workspaces:DeleteConnectClientAddIn workspaces:DeleteConnectionAlias workspaces:DeleteIpGroup workspaces:DeleteWorkspaceBundle workspaces:DeleteWorkspaceImage workspaces:DeployWorkspaceApplications workspaces:DeregisterWorkspaceDirectory workspaces:DescribeAccount workspaces:DescribeAccountModifications workspaces:DescribeApplicationAssociations workspaces:DescribeApplications workspaces:DescribeBundleAssociations workspaces:DescribeClientBranding workspaces:DescribeClientProperties workspaces:DescribeConnectClientAddIns workspaces:DescribeConnectionAliasPermissions workspaces:DescribeConnectionAliases workspaces:DescribeCustomWorkspaceImageImport workspaces:DescribeImageAssociations workspaces:DescribeIpGroups workspaces:DescribeWorkspaceAssociations workspaces:DescribeWorkspaceBundles workspaces:DescribeWorkspaceDirectories workspaces:DescribeWorkspaceImagePermissions workspaces:DescribeWorkspaceSnapshots workspaces:DescribeWorkspaces workspaces:DescribeWorkspacesConnectionStatus workspaces:DescribeWorkspacesPoolSessions workspaces:DescribeWorkspacesPools workspaces:DisassociateConnectionAlias workspaces:DisassociateIpGroups workspaces:DisassociateWorkspaceApplication workspaces:GetAccountLink workspaces:ImportClientBranding workspaces:ImportWorkspaceImage workspaces:ListAccountLinks workspaces:ListAvailableManagementCidrRanges workspaces:MigrateWorkspace workspaces:ModifyAccount workspaces:ModifyCertificateBasedAuthProperties workspaces:ModifyClientProperties workspaces:ModifyEndpointEncryptionMode workspaces:ModifySamlProperties workspaces:ModifySelfservicePermissions workspaces:ModifyStreamingProperties workspaces:ModifyWorkspaceAccessProperties workspaces:ModifyWorkspaceCreationProperties workspaces:ModifyWorkspaceProperties workspaces:ModifyWorkspaceState workspaces:RebootWorkspaces workspaces:RebuildWorkspaces workspaces:RegisterWorkspaceDirectory workspaces:RejectAccountLinkInvitation workspaces:RestoreWorkspace workspaces:StartWorkspaces workspaces:StartWorkspacesPool workspaces:StopWorkspaces workspaces:StopWorkspacesPool workspaces:TerminateWorkspaces workspaces:TerminateWorkspacesPool workspaces:TerminateWorkspacesPoolSession workspaces:UpdateConnectClientAddIn workspaces:UpdateConnectionAliasPermission workspaces:UpdateWorkspaceBundle workspaces:UpdateWorkspaceImagePermission workspaces:UpdateWorkspacesPool |
| xray | xray:CreateGroup xray:CreateSamplingRule xray:DeleteGroup xray:DeleteResourcePolicy xray:DeleteSamplingRule xray:GetEncryptionConfig xray:GetGroup xray:GetGroups xray:GetInsight xray:GetInsightEvents xray:GetInsightImpactGraph xray:GetInsightSummaries xray:GetSamplingRules xray:ListResourcePolicies xray:PutEncryptionConfig xray:PutResourcePolicy xray:UpdateGroup xray:UpdateSamplingRule |