AWS的 受管政策AWS Config

AWS_ConfigRole – 新增 "lightsail：GetActiveNames" "lightsail：GetOperations" "s3：GetBucketAbac"

此政策現在支援 Amazon Lightsail和 Amazon Simple Storage Service (Amazon S3) 的額外許可。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy – 新增 "lightsail：GetActiveNames" "lightsail：GetOperations" "s3：GetBucketAbac"

此政策現在支援 Amazon Lightsail和 Amazon Simple Storage Service (Amazon S3) 的額外許可。

2025 年 11 月 20 日

AWSConfigServiceRolePolicy – 更新了 受管政策，具有跨 100 多項AWS服務進行AWS資源組態記錄的完整許可，包括運算、儲存、聯網、安全性、分析和機器學習服務。

此政策現在提供增強型的服務許可文件，並支援所有AWS Config支援組態記錄AWS的服務進行全面監控。

2025 年 11 月 11 日

AWS_ConfigRole – 更新了 受管政策，具有跨多項服務進行AWS資源組態記錄的完整許可AWS Identity and Access Management，包括 Amazon Elastic Compute Cloud、Amazon Simple Storage Service AWS Lambda、Amazon Relational Database Service 等。

此政策現在支援跨所有支援AWS的服務進行完整AWS資源組態記錄和監控的額外許可。

2025 年 11 月 10 日

AWS_ConfigRole – 新增 "amplify：GetDomainAssociation" "amplify：ListDomainAssociations" "amplify：ListTagsForResource" "appsync：GetSourceApiAssociation" "appsync：ListSourceApiAssociations" "bedrock：GetFlow" "bedrock：ListAgentCollaborators" "bedrock：ListFlows" "bedrock：ListPrompts" "cloudTrail：GetResourcePolicy" "cloudformation：DescribePublisher" "codeartifact：DescribePackageGroup" "codeartifact：ListAllowedRepositoriesForGroup"""codeartifact：ListPackageGroups""ListActionTypes ListTagsForResource ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups GetMatchingWorkflow ListMatchingWorkflows ListAssetModelCompositeModels ListAssetModelProperties ListAssetProperties ListAssociatedAssets ListPublicKeys GetProvisionedConcurrencyConfig GetRuntimeManagementConfig ListFunctionEventInvokeConfigs ListFunctionUrlConfigs DescribePipe ListPipes DescribeRefreshSchedule ListRefreshSchedules ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps ListModelPackages ListUserProfiles GetResourcePolicy ListSubscribers ListTagsForResource DescribeServiceAction ListApplications ListAssociatedResources ListProtectionGroups ListTagsForResource GetReplicationSet ListReplicationSets DescribeAssociation DescribePatchBaselines GetDefaultPatchBaseline GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter ListBrowsers GetBrowser ListAgentRuntimes GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

此政策現在支援AWS Amplify、AWS AppSync、Amazon Bedrock、AWS CloudTrailCloudFormation、AWS CodeArtifactAWS CodePipeline、Amazon Connect、AWS Deadline Cloud、Amazon EC2 AWS Entity Resolution、AWS IoT SiteWise、Amazon IVS、Amazon EventBridge AWS Lambda、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless AWS Identity and Access Management Roles Anywhere、Amazon SageMaker、AWS Secrets Manager、Amazon Security Lake AWS Service Catalog、AWS Shield、Amazon EC2 Systems Manager 和 的其他許可AWS WAFV2。

2025 年 10 月 1 日

AWSConfigServiceRolePolicy – 新增 "amplify：GetDomainAssociation" "amplify：ListDomainAssociations" "amplify：ListTagsForResource" "appsync：GetSourceApiAssociation" "appsync：ListSourceApiAssociations" "bedrock：GetFlow" "bedrock：ListAgentCollaborators" "bedrock：ListFlows" "bedrock：ListPrompts" "cloudTrail：GetResourcePolicy" "cloudformation：DescribePublisher" "codeartifact：DescribePackageGroup" "codeartifact：ListAllowedRepositoriesForGroup"""codeartifact：ListPackageGroupsListPacks""ListActionTypes ListTagsForResource ListWebhooks DescribeTrafficDistributionGroup ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups GetMatchingWorkflow ListMatchingWorkflows ListAssetModelCompositeModels ListAssetModelProperties ListAssetProperties ListAssociatedAssets ListPublicKeys GetProvisionedConcurrencyConfig GetRuntimeManagementConfig ListFunctionEventInvokeConfigs ListFunctionUrlConfigs DescribePipe ListPipes DescribeRefreshSchedule ListRefreshSchedules ListSnapshotCopyConfigurations GetResourcePolicy GetCrl ListCrls DescribeApp DescribeUserProfile ListApps ListModelPackages ListUserProfiles GetResourcePolicy ListSubscribers ListTagsForResource DescribeServiceAction ListApplications ListAssociatedResources ListProtectionGroups ListTagsForResource GetReplicationSet ListReplicationSets DescribeAssociation DescribePatchBaselines GetDefaultPatchBaseline GetPatchBaseline GetResourcePolicies ListAssociations ListResourceDataSync ListLoggingConfigurations ListCodeInterpreters GetCodeInterpreter ListBrowsers GetBrowser ListAgentRuntimes GetAgentRuntime ListAgentRuntimeEndpoints GetAgentRuntimeEndpoint

此政策現在支援AWS Amplify、AWS AppSync、Amazon Bedrock、AWS CloudTrailCloudFormation、AWS CodeArtifactAWS CodePipeline、Amazon Connect、AWS Deadline Cloud、Amazon EC2 AWS Entity Resolution、AWS IoT SiteWise、Amazon IVS、Amazon EventBridge AWS Lambda、Amazon Quick Suite、Amazon Redshift、Amazon Redshift Serverless AWS Identity and Access Management Roles Anywhere、Amazon SageMaker、AWS Secrets Manager、Amazon Security Lake AWS Service Catalog、AWS Shield、Amazon EC2 Systems Manager 和 的其他許可AWS WAFV2。

2025 年 10 月 1 日

AWS_ConfigRole – 新增「arc-zonal-shift：GetAutoshiftObserverNotificationStatus」， "bedrock：GetModelInvocationLoggingConfiguration"， "cloudtrail：GetEventConfiguration"， "codeartifact：DescribeDomain"， 「codeartifact：GetDomainPermissionsPolicy」， 「截止日期：GetFleet」， 「截止日期：GetQueueFleetAssociation」， 「截止日期：ListFleets」， 「截止日期：ListQueueFleetAssociations」， 「截止日期：ListTagsForResource」， "dms：DescribeDataMigrations"， "dms：ListMigrationProjects"， 「glue：GetDataCatalogEncryptionSettings」， "kafkaconnect：DescribeCustomPlugin"， "kafkaconnect：DescribeWorkerConfiguration"， "kafkaconnect：ListCustomPlugins"， "kafkaconnect：ListTagsForResource"， "kafkaconnect：ListWorkerConfigurations"， "lakeformation：DescribeLakeFormationIdentityCenterConfiguration"， "medialive：DescribeMultiplexProgram"， "medialive：ListMultiplexPrograms"， "mediapackagev2：GetChannelGroup"， "mediapackagev2：ListChannelGroups"， "rds：DescribeEngineDefaultParameters"， 「rolesanywhere：GetProfile」， 「rolesanywhere：GetTrustAnchor」， "rolesanywhere：ListProfiles"， 「rolesanywhere：ListTagsForResource」， 「rolesanywhere：ListTrustAnchors」， "s3：GetAccessGrant"， "s3：ListAccessGrants"， "secretsmanager：DescribeSecret"， "securitylake：ListDataLakeExceptions"， "securitylake：ListDataLakes"， "securitylake：ListLogSources"， "servicecatalog：GetAttributeGroup"， "servicecatalog：ListAttributeGroups"， 「servicecatalog：ListServiceActions」， 「servicecatalog：ListServiceActionsForProvisioningArtifact」， "ses：GetTrafficPolicy"， "ses：ListTagsForResource"， "ses：ListTrafficPolicies"， "xray：GetGroup"， "xray：GetGroups"， "xray：GetSamplingRules"， "xray：ListResourcePolicies"， "xray：ListTagsForResource"

此政策現在支援 Amazon Bedrock AWS ARC - Zonal Shift、、AWS CloudTrailAWS CodeArtifactAWS Deadline Cloud、AWS Database Migration ServiceAWS Glue、AWS Identity and Access Management、、Amazon Managed Streaming for Apache Kafka AWS Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLiveAWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service AWS Secrets Manager、Amazon Security Lake、AWS Service Catalog、Amazon Simple Email Service 和 的其他許可AWS X-Ray。

2025 年 7 月 28 日

AWSConfigServiceRolePolicy – 新增

「arc-zonal-shift：GetAutoshiftObserverNotificationStatus」， "bedrock：GetModelInvocationLoggingConfiguration"， "cloudtrail：GetEventConfiguration"， "codeartifact：DescribeDomain"， 「codeartifact：GetDomainPermissionsPolicy」， 「截止日期：GetFleet」， 「截止日期：GetQueueFleetAssociation」， 「截止日期：ListFleets」， 「截止日期：ListQueueFleetAssociations」， 「截止日期：ListTagsForResource」， "dms：DescribeDataMigrations"， "dms：ListMigrationProjects"， 「glue：GetDataCatalogEncryptionSettings」， "iam：ListPolicies"， "kafkaconnect：DescribeCustomPlugin"， "kafkaconnect：DescribeWorkerConfiguration"， "kafkaconnect：ListCustomPlugins"， "kafkaconnect：ListTagsForResource"， "kafkaconnect：ListWorkerConfigurations"， "lakeformation：DescribeLakeFormationIdentityCenterConfiguration"， "logs：DescribeIndexPolicies"， "logs：ListTagsForResource"， "medialive：DescribeMultiplexProgram"， "medialive：ListMultiplexPrograms"， "mediapackagev2：GetChannelGroup"， "mediapackagev2：ListChannelGroups"， "rds：DescribeEngineDefaultParameters"， 「rolesanywhere：GetProfile」， 「rolesanywhere：GetTrustAnchor」， "rolesanywhere：ListProfiles"， 「rolesanywhere：ListTagsForResource」， 「rolesanywhere：ListTrustAnchors」， "s3：GetAccessGrant"， "s3：ListAccessGrants"， "secretsmanager：DescribeSecret"， "securitylake：ListDataLakeExceptions"， "securitylake：ListDataLakes"， "securitylake：ListLogSources"， "servicecatalog：GetAttributeGroup"， "servicecatalog：ListAttributeGroups"， 「servicecatalog：ListServiceActions」， 「servicecatalog：ListServiceActionsForProvisioningArtifact」， "ses：GetTrafficPolicy"， "ses：ListTagsForResource"， "ses：ListTrafficPolicies"， "xray：GetGroup"， "xray：GetGroups"， "xray：GetSamplingRules"， "xray：ListResourcePolicies"， "xray：ListTagsForResource"， "arn：aws：apigateway：：/account"， "arn：aws：apigateway：：/usageplans"， "arn：aws：apigateway：：/usageplans/"。

此政策現在支援 Amazon Bedrock AWS ARC - Zonal Shift、AWS CloudTrail、AWS CodeArtifactAWS Deadline Cloud、AWS Database Migration ServiceAWS Glue、AWS Identity and Access Management、、Amazon Managed Streaming for Apache Kafka AWS Lake Formation、Amazon CloudWatch Logs、AWS Elemental MediaLiveAWS Elemental MediaPackage、Amazon Relational Database Service、Amazon Simple Storage Service AWS Secrets Manager、Amazon Security Lake AWS Service Catalog、Amazon Simple Email Service AWS X-Ray和 Amazon API Gateway 的其他許可。

2025 年 7 月 28 日

AWSConfigServiceRolePolicy – 新增「backup-gateway：GetHypervisor」， "backup-gateway：ListHypervisors"， "bcm-data-exports：GetExport"， "bcm-data-exports：ListExports"， "bcm-data-exports：ListTagsForResource"， "bedrock：GetAgent"， "bedrock：GetAgentActionGroup"， "bedrock：GetAgentKnowledgeBase"， "bedrock：GetDataSource"， "bedrock：GetFlowAlias"， "bedrock：GetFlowVersion"， "bedrock：ListAgentActionGroups"， "bedrock：ListAgentKnowledgeBases"， "bedrock：ListDataSources"， "bedrock：ListFlowAliases"， "bedrock：ListFlowVersions"， "cloudformation：BatchDescribeTypeConfigurations"， "cloudformation：DescribeStackInstance"， "cloudformation：DescribeStackSet"， "cloudformation：ListStackInstances"， "cloudformation：ListStackSets"， "cloudfront：GetPublicKey"， "cloudfront：GetRealtimeLogConfig"， "cloudfront：ListPublicKeys"， "cloudfront：ListRealtimeLogConfigs"， "entityresolution：GetIdMappingWorkflow"， "entityresolution：GetSchemaMapping"， "entityresolution：ListIdMappingWorkflows"， "entityresolution：ListSchemaMappings"， "entityresolution：ListTagsForResource"， "iotdeviceadvisor：GetSuiteDefinition"， "iotdeviceadvisor：ListSuiteDefinitions"， "lambda：GetEventSourceMapping"， "lambda：ListEventSourceMappings"， "mediapackagev2：GetChannel"， "mediapackagev2：ListChannels"， 「networkmanager：GetTransitGatewayPeering」， 「networkmanager：ListPeerings」， "pca-connector-ad：GetDirectoryRegistration"， 「pca-connector-ad：ListDirectoryRegistrations」， 「pca-connector-ad：ListTagsForResource」， "rds：DescribeDBShardGroups"， "rds：DescribeIntegrations"， "redshift：DescribeIntegrations"， "s3tables：GetTableBucket"， "s3tables：GetTableBucketEncryption"， "s3tables：GetTableBucketMaintenanceConfiguration"， "s3tables：ListTableBuckets"， "ssm-quicksetup：GetConfigurationManager"， 「ssm-quicksetup：ListConfigurationManagers」

此政策現在支援AWS Backup gateway、AWS 帳單與成本管理、Amazon Bedrock、AWS CloudFormation、Amazon CloudFront、AWS Entity ResolutionAWS IoT Core Device Advisor、AWS LambdaAWS Network Manager、AWS 私有憑證授權單位、Amazon Relational Database Service、Amazon Redshift、Amazon S3 Tables、 的其他許可AWS Systems Manager 快速設定。

AWS_ConfigRole – 新增「backup-gateway：GetHypervisor」， "backup-gateway：ListHypervisors"， "bcm-data-exports：GetExport"， "bcm-data-exports：ListExports"， "bcm-data-exports：ListTagsForResource"， "bedrock：GetAgent"， "bedrock：GetAgentActionGroup"， "bedrock：GetAgentKnowledgeBase"， "bedrock：GetDataSource"， "bedrock：GetFlowAlias"， "bedrock：GetFlowVersion"， "bedrock：ListAgentActionGroups"， "bedrock：ListAgentKnowledgeBases"， "bedrock：ListDataSources"， "bedrock：ListFlowAliases"， "bedrock：ListFlowVersions"， "cloudformation：BatchDescribeTypeConfigurations"， "cloudformation：DescribeStackInstance"， "cloudformation：DescribeStackSet"， "cloudformation：ListStackInstances"， "cloudformation：ListStackSets"， "cloudfront：GetPublicKey"， "cloudfront：GetRealtimeLogConfig"， "cloudfront：ListPublicKeys"， "cloudfront：ListRealtimeLogConfigs"， "entityresolution：GetIdMappingWorkflow"， "entityresolution：GetSchemaMapping"， "entityresolution：ListIdMappingWorkflows"， "entityresolution：ListSchemaMappings"， "entityresolution：ListTagsForResource"， "iotdeviceadvisor：GetSuiteDefinition"， "iotdeviceadvisor：ListSuiteDefinitions"， "lambda：GetEventSourceMapping"， "lambda：ListEventSourceMappings"， 「networkmanager：GetTransitGatewayPeering」， 「networkmanager：ListPeerings」， "pca-connector-ad：GetDirectoryRegistration"， 「pca-connector-ad：ListDirectoryRegistrations」， 「pca-connector-ad：ListTagsForResource」， "rds：DescribeDBShardGroups"， "rds：DescribeIntegrations"， "redshift：DescribeIntegrations"， "s3tables：GetTableBucket"， "s3tables：GetTableBucketEncryption"， "s3tables：GetTableBucketMaintenanceConfiguration"， "s3tables：ListTableBuckets"， "ssm-quicksetup：GetConfigurationManager"， 「ssm-quicksetup：ListConfigurationManagers」

此政策現在支援AWS Backup gateway、AWS 帳單與成本管理、Amazon Bedrock、AWS CloudFormation、Amazon CloudFront、AWS Entity ResolutionAWS IoT Core Device Advisor、AWS LambdaAWS Network Manager、AWS 私有憑證授權單位、Amazon Relational Database Service、Amazon Redshift、Amazon S3 Tables 的其他許可AWS Systems Manager 快速設定。

AWS_ConfigRole – 新增 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

此政策現在支援 Amazon Bedrock 的其他許可。

AWSConfigServiceRolePolicy – 新增 "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

此政策現在支援 Amazon Bedrock 的其他許可。

AWS_ConfigRole – 新增 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

此政策現在支援AWS B2B 資料交換、Amazon Bedrock、AWS Clean Rooms、AWS CodeConnectionsAWS Direct Connect、AWS Database Migration Service(AWS DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)AWS Security Hub CSPM、Amazon SageMaker AI AWS Systems Manager Incident ManagerAWS Systems Manager Incident Manager以及聯絡人和 的其他許可AWS Systems Manager。

AWSConfigServiceRolePolicy – 新增 "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

此政策現在支援AWS B2B 資料交換、Amazon Bedrock、AWS Clean Rooms、AWS CodeConnectionsAWS Direct Connect、AWS Database Migration Service(AWS DMS)、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)AWS Security Hub CSPM、Amazon SageMaker AI AWS Systems Manager Incident ManagerAWS Systems Manager Incident Manager以及聯絡人和 的其他許可AWS Systems Manager。此政策現在也支援透過包含資源模式「arn:aws:apigateway:::/domainnames/」來存取所有 Amazon API Gateway 網域名稱的許可。

AWS_ConfigRole – 新增 "ec2:GetAllowedImagesSettings"

此政策現在支援 Amazon Elastic Compute Cloud (Amazon EC2) 的其他許可。

AWSConfigServiceRolePolicy – 新增 "ec2:GetAllowedImagesSettings"

此政策現在支援 Amazon Elastic Compute Cloud (Amazon EC2) 的其他許可。

AWS_ConfigRole – 新增 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

此政策現在支援AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)AWS HealthOmics、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Email Service (Amazon SES) 的其他許可。

AWSConfigServiceRolePolicy – 新增 "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

此政策現在支援AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)AWS HealthOmics、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Email Service (Amazon SES) 的其他許可。

AWSConfigServiceRolePolicy – 新增 "organizations:ListAWSServiceAccessForOrganization"

此政策現在支援 的其他許可AWS Organizations。

AWS_ConfigRole – 新增 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

此政策現在支援AWS AppConfig、AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOpsGuru AWS Glue、Identity Store AWS IoT、AWS IoT FleetWise、AWS IoT Wireless、Amazon Interactive Video Service (Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)AWS Systems Manager、Amazon EventBridge Scheduler 和 Amazon VPC Lattice 的其他許可。

AWSConfigServiceRolePolicy – 新增 "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

此政策現在支援AWS AppConfig、AWS CloudTrail、Amazon Connect、Amazon DataZone、Amazon DevOpsGuru AWS Glue、Identity Store AWS IoT、AWS IoT FleetWise、AWS IoT Wireless、Amazon Interactive Video Service (Amazon IVS)、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager、AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)AWS Systems Manager、Amazon EventBridge Scheduler 和 Amazon VPC Lattice 的其他許可。

AWS_ConfigRole – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、AWS CloudTrailAWS Glue、EC2 Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS)AWS Elemental MediaConnectAWS Elemental MediaTailorAWS HealthOmics和 Amazon EventBridge Scheduler 的其他許可。

AWSConfigServiceRolePolicy – 新增 "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

此政策現在支援 Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、AWS CloudTrailAWS Glue、EC2 Image Builder AWS IoT、Amazon Interactive Video Service (Amazon IVS)AWS Elemental MediaConnectAWS Elemental MediaTailorAWS HealthOmics和 Amazon EventBridge Scheduler 的其他許可。

AWS_ConfigRole – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的其他許可適用於 SAP 的 AWS Systems Manager。

AWSConfigServiceRolePolicy – 新增 "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

此政策現在支援 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 的其他許可適用於 SAP 的 AWS Systems Manager。

此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)AWS Lambda、、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service (Amazon SNS) 的其他許可。

此政策現在支援 Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、AWS Glue、AWS Identity and Access Management(IAM)AWS Lambda、、AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI 和 Amazon Simple Notification Service (Amazon SNS) 的其他許可。

AWSConfigUserAccess –AWS Config開始追蹤此AWS受管政策的變更

此政策提供使用 的存取權AWS Config，包括依資源上的標籤搜尋和讀取所有標籤。這不提供設定 的許可AWS Config，這需要管理權限。

此政策現在支援 Amazon Managed Service for Prometheus AWS AppConfig、AWS Database Migration Service(AWS DMS)、(AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的其他許可。

此政策現在支援 Amazon Managed Service for Prometheus AWS AppConfig、AWS Database Migration Service(AWS DMS)、(AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Organizations、Amazon CloudWatch Logs 和 Amazon Simple Storage Service (Amazon S3) 的其他許可。

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、AWS Ground StationAWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon Quick Suite、Amazon Relational Database Service (Amazon RDS)AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可AWS Transfer Family。

此政策現在會新增AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID和 AWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、AWS Ground StationAWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon Quick Suite、Amazon Relational Database Service (Amazon RDS)AWS Service Catalog、Amazon Redshift、Amazon Route 53 和 的其他許可AWS Transfer Family。

此政策現在會新增AWSConfigServiceRolePolicyStatementID、AWSConfigSLRLogStatementID、AWSConfigSLRLogEventStatementID和 AWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

此政策現在支援AWS 私有 CA、AWS App Mesh、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoTAWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS LambdaAWS Network ManagerAWS Organizations、、 和 Amazon SageMaker AI 的其他許可。

此政策現在支援AWS 私有 CA、AWS App Mesh、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector AWS IoTAWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS LambdaAWS Network ManagerAWS Organizations、、 和 Amazon SageMaker AI 的其他許可。

此政策現在會移除AWS Systems Manager(Systems Manager) 的許可。

此政策現在支援AWS App Mesh、AWS CloudFormation、Amazon CloudFront AWS CodeArtifactAWS CodeBuild、Amazon Connect AWS Glue、Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector、AWS IoTAWS IoT TwinMaker、AWS IoT Wireless、、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、AWS Network Manager、AWS Organizations、AWS 資源總管、Amazon Route 53、Amazon Simple Storage Service (Amazon S3) 和 Amazon Simple Notification Service (Amazon SNS) 的其他許可。

此政策現在支援AWS App Mesh Amazon WorkSpaces 應用程式、AWS CloudFormation、Amazon CloudFront、AWS CodeArtifactAWS CodeBuild、Amazon Connect、AWS Glue、Amazon GuardDuty、AWS Identity and Access Management(IAM)、Amazon Inspector AWS IoT、AWS IoT TwinMaker、AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、AWS Elemental MediaConnect、AWS Network Manager、AWS OrganizationsAWS 資源總管、、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS) 和 Amazon EC2 Systems Manager (SSM) 的其他許可。

此政策現在支援 的其他許可AWS Amplify， Amazon Connect AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、AWS BatchAWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、 Amazon CodeGuru AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon CloudWatch Evidently AWS Organizations、 Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail、 Amazon CloudWatch Logs AWS Elemental MediaConnect、AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon Quick Suite AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI、AWS Transfer Family。

此政策現在支援 的其他許可AWS Amplify， Amazon Connect AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、AWS BatchAWS CloudFormation、AWS CloudTrail、AWS CodeArtifact、 Amazon CodeGuru AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon CloudWatch Evidently AWS Organizations、Amazon Forecast、AWS IoT Greengrass、AWS Ground Station、AWS Identity and Access Management(IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Lightsail、 Amazon CloudWatch Logs AWS Elemental MediaConnect、AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon Quick Suite AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI、AWS Transfer Family。

此政策現在支援適用於AWS App Mesh、AWS App Runner、Amazon CloudFront、AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra AWS Amplify、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、AWS Transfer Family、Amazon Pinpoint AWS Migration Hub、AWS Resilience Hub、Amazon CloudWatch、AWS Directory Service 和 的 Amazon Managed Workflows 額外許可AWS WAF。

此政策現在支援適用於AWS App Mesh、AWS App Runner、Amazon CloudFront、AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra AWS Amplify、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、AWS Transfer Family、Amazon Pinpoint AWS Migration Hub、AWS Resilience Hub、Amazon CloudWatch、AWS Directory Service 和 的 Amazon Managed Workflows 額外許可AWS WAF。

此政策現在支援 Amazon AppFlow AWS App Runner、Amazon WorkSpaces 應用程式、Amazon CloudFront、Amazon CloudWatch、AWS CodeArtifact、AWS CodeCommitAWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、AWS Ground Station、AWS Identity and Access Management(IAM)AWS IoT、Amazon MemoryDB、Amazon Pinpoint AWS Network Manager、AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI 的其他許可。

此政策現在支援 Amazon AppFlow AWS App Runner、Amazon WorkSpaces 應用程式、Amazon CloudFront AWS CloudFormation、Amazon CloudWatch、AWS CodeArtifactAWS CodeCommit、Amazon Elastic Compute Cloud (Amazon EC2)AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast AWS Ground Station、AWS Identity and Access Management(IAM)AWS IoT、、Amazon MemoryDB、Amazon Pinpoint AWS Network ManagerAWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift 和 Amazon SageMaker AI 的其他許可。

AWSConfigRulesExecutionRole –AWS Config開始追蹤此AWS受管政策的變更

此政策允許AWS Lambda函數存取 API AWS Config和定期AWS Config交付至 Amazon S3 的組態快照。評估AWS自訂 Lambda 規則組態變更的函數需要此存取權。

AWSConfigRoleForOrganizations –AWS Config開始追蹤此AWS受管政策的變更

此政策允許AWS Config呼叫唯讀AWS Organizations APIs。

AWSConfigRemediationServiceRolePolicy –AWS Config開始追蹤此AWS受管政策的變更

此政策允許AWS Config代表您修復NON_COMPLIANT資源。

AWSConfigServiceRolePolicy – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回AWS Audit Manager帳戶註冊狀態的許可。

AWS_ConfigRole – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回AWS Audit Manager帳戶註冊狀態的許可。

AWSConfigMultiAccountSetupPolicy –AWS Config開始追蹤此AWS受管政策的變更

此政策允許 呼叫AWS ConfigAWS服務，並使用 跨組織部署AWS Config資源AWS Organizations。

AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon WorkSpaces 應用程式、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的其他許可。

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon WorkSpaces 應用程式、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的其他許可。

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務，此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackageAWS Network Manager、、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的其他許可。

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackageAWS Network Manager、、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的其他許可。

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定AWS CloudFormation堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定AWS CloudFormation堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift 伺服器、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint OpsWorks、AWS Panorama、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、AWS RoboMaker、AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、 和AWS Security Token Service。

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift 伺服器、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint OpsWorks、AWS Panorama、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、AWS RoboMaker、AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、 和AWS Security Token Service。

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定AWS Glue資料表之 Data Catalog 中的資料表定義。

AWS_ConfigRole – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定AWS Glue資料表之 Data Catalog 中的資料表定義。

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的其他許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift 伺服器、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 映像建置器、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto ScalingAWS Backup、AWS Budgets、、AWS Cost ExplorerAWS Cloud9、AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoTAWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、、AWS Resilience Hub、AWS Signer和AWS Transfer Family。

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的其他許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift 伺服器、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 映像建置器、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto ScalingAWS Backup、AWS Budgets、、AWS Cost ExplorerAWS Cloud9、AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoTAWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、、AWS Resilience Hub、AWS Signer和AWS Transfer Family

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon WorkSpaces 應用程式、Amazon CodeGuru Reviewer、AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint、AWS Identity and Access Management(IAM)、Amazon GuardDuty 和 Amazon CloudWatch Logs 的其他許可。

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務，此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackageAWS Network Manager、、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的其他許可。

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援 Amazon Managed Service for Prometheus、AWS Audit Manager、AWS Device Farm、AWS Database Migration Service(AWS DMS)AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue、AWS IoT、Amazon Lightsail、AWS Elemental MediaPackageAWS Network Manager、、Amazon Quick Suite、Amazon Application Recovery Controller (ARC)AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3) 和 Amazon Timestream 的其他許可。

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定AWS CloudFormation堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此政策現在授予許可，以傳回指定AWS CloudFormation堆疊之所有資源的描述，並傳回狀態符合指定 之堆疊的摘要資訊StackStatusFilter。

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift 伺服器、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint OpsWorks、AWS Panorama、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、AWS RoboMaker、AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、 和AWS Security Token Service。

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

此政策現在支援 的其他許可AWS Certificate Manager， Amazon Managed Workflows for Apache Airflow、AWS Amplify、AWS AppConfig Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon Elastic Kubernetes Service (Amazon EKS)， Amazon EventBridge、AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift 伺服器、 Amazon Location Service AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint OpsWorks、AWS Panorama、AWS Resource Access Manager、 Amazon Quick Suite、 Amazon Relational Database Service (Amazon RDS)， Amazon Rekognition、AWS RoboMaker、AWS Resource Groups Amazon Route 53、 Amazon Simple Storage Service (Amazon S3)AWS Cloud Map、 和AWS Security Token Service。

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定AWS Glue資料表之 Data Catalog 中的資料表定義。

AWS_ConfigRole – 新增 Glue::GetTable

此政策現在授予許可，以擷取指定AWS Glue資料表之 Data Catalog 中的資料表定義。

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的其他許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift 伺服器、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 映像建置器、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto ScalingAWS Backup、AWS Budgets、、AWS Cost ExplorerAWS Cloud9、AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoTAWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、、AWS Resilience Hub、AWS Signer和AWS Transfer Family。

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

此政策現在支援 Amazon AppFlow 的其他許可， Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect 客戶設定檔、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)， Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge 結構描述Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift 伺服器、 Amazon Interactive Video Service (Amazon IVS)， Amazon Managed Service for Apache Flink、 EC2 映像建置器、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon Quick Suite、 Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、AWS AppConfigAWS AppSync、AWS Auto ScalingAWS Backup、AWS Budgets、、AWS Cost ExplorerAWS Cloud9、AWS Directory ServiceAWS DataSync、AWS Elemental MediaPackage、AWS Glue、AWS IoTAWS IoT Analytics、AWS IoT EventsAWS IoT SiteWise、AWS IoT TwinMaker、AWS Lake Formation、AWS License Manager、、AWS Resilience Hub、AWS Signer和AWS Transfer Family

AWSConfigServiceRolePolicy – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予許可，以傳回 中的客服人員、DataSync 來源和目的地和 DataSync 任務清單AWS DataSyncAWS 帳戶；列出與AWS Cloud Map中一或多個指定命名空間相關聯的命名空間和服務摘要資訊AWS 帳戶；並列出 中可用的所有 Amazon Simple Email Service (Amazon SES) 聯絡人清單AWS 帳戶。

AWS_ConfigRole – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予許可，以傳回 中的客服人員、DataSync 來源和目的地和 DataSync 任務清單AWS DataSyncAWS 帳戶；列出與AWS Cloud Map中一或多個指定命名空間相關聯的命名空間和服務摘要資訊AWS 帳戶；並列出 中可用的所有 Amazon Simple Email Service (Amazon SES) 聯絡人清單AWS 帳戶。

ConfigConformsServiceRolePolicy – 新增 cloudwatch:PutMetricData

此政策現在會授予可將指標資料點發布至 Amazon CloudWatch 的許可。

AWSConfigServiceRolePolicy – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES)AWS Amplify、AWS AppConfigAWS AppSync、AWS Billing Conductor、AWS Firewall Manager、AWS DataSync、、AWS Glue、、AWS IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing 的其他許可。

AWS_ConfigRole – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon Quick Suite、Amazon Rekognition AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES)AWS Amplify、AWS AppConfigAWS AppSync、AWS Billing Conductor、AWS Firewall Manager、AWS DataSync、、AWS Glue、、AWS IAM Identity Center(IAM Identity Center)、EC2 Image Builder 和 Elastic Load Balancing 的其他許可。

AWSConfigServiceRolePolicy – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄的許可， 在 中列出 Athena 資料目錄AWS 帳戶， 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤； 取得 Amazon Detective 行為圖表清單，並列出 Detective 行為圖表的標籤； 取得指定AWS Glue開發端點名稱清單的資源中繼資料清單， 取得指定AWS Glue開發端點的相關資訊， 取得AWS Glue中的所有開發端點AWS 帳戶， 擷取指定的AWS Glue安全組態、 取得所有AWS Glue安全組態、 取得與AWS Glue資源相關聯的標籤清單， 取得具有指定名稱AWS Glue的工作群組相關資訊， 擷取 帳戶中所有AWS Glue爬蟲程式資源AWS的名稱， 取得 中所有AWS GlueDevEndpoint資源的名稱AWS 帳戶， 列出 中所有AWS Glue任務資源的名稱AWS 帳戶， 取得AWS Glue成員帳戶的詳細資訊， 列出在 帳戶中建立的AWS Glue工作流程名稱， 和 列出帳戶的可用AWS Glue工作群組； 擷取 Amazon GuardDuty 篩選條件的詳細資訊， 擷取 GuardDuty IPSet、 擷取 GuardDuty ThreatIntelSet、 擷取 GuardDuty 成員帳戶、 取得 GuardDuty 篩選條件清單， 取得 GuardDuty 服務的 IPSets， 擷取 GuardDuty Service 的標籤， 並取得 GuardDuty 服務的 ThreatIntelSets； 取得 Amazon Macie 帳戶的目前狀態和組態設定； 擷取AWS Resource Access Manager(AWS RAM) 資源共用的資源和委託人關聯，並擷取資源共用的詳細資訊AWS RAM； 取得 Amazon Simple Email Service (Amazon SES) 現有組態設定的相關資訊， 取得與 Amazon SES 組態設定相關聯的事件目的地清單， 和 列出與 Amazon SES 帳戶相關聯的所有組態集； 若要取得 Identity Center 目錄屬性的清單， 取得AWS IAM Identity Center許可集的詳細資訊， 取得連接至指定 IAM Identity Center 許可集的 IAM 受管政策， 取得 IAM Identity Center 執行個體的許可集， 和 取得 IAM Identity Center 資源的標籤。

AWS_ConfigRole – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄的許可， 在 中列出 Athena 資料目錄AWS 帳戶， 和 列出與 Athena 工作群組或資料目錄資源相關聯的標籤； 取得 Amazon Detective 行為圖表清單，並列出 Detective 行為圖表的標籤； 取得指定AWS Glue開發端點名稱清單的資源中繼資料清單， 取得指定AWS Glue開發端點的相關資訊， 取得AWS Glue中的所有開發端點AWS 帳戶， 擷取指定的AWS Glue安全組態、 取得所有AWS Glue安全組態、 取得與AWS Glue資源相關聯的標籤清單， 取得具有指定名稱AWS Glue的工作群組相關資訊， 擷取 帳戶中所有AWS Glue爬蟲程式資源AWS的名稱， 取得 中所有AWS GlueDevEndpoint資源的名稱AWS 帳戶， 列出 中所有AWS Glue任務資源的名稱AWS 帳戶， 取得AWS Glue成員帳戶的詳細資訊， 列出在 帳戶中建立的AWS Glue工作流程名稱， 和 列出帳戶的可用AWS Glue工作群組； 擷取 Amazon GuardDuty 篩選條件的詳細資訊， 擷取 GuardDuty IPSet、 擷取 GuardDuty ThreatIntelSet、 擷取 GuardDuty 成員帳戶、 取得 GuardDuty 篩選條件清單， 取得 GuardDuty 服務的 IPSets， 擷取 GuardDuty Service 的標籤， 並取得 GuardDuty 服務的 ThreatIntelSets； 取得 Amazon Macie 帳戶的目前狀態和組態設定； 擷取AWS Resource Access Manager(AWS RAM) 資源共用的資源和委託人關聯，並擷取資源共用的詳細資訊AWS RAM； 取得 Amazon Simple Email Service (Amazon SES) 現有組態設定的相關資訊， 取得與 Amazon SES 組態設定相關聯的事件目的地清單， 和 列出與 Amazon SES 帳戶相關聯的所有組態集； 若要取得 Identity Center 目錄屬性的清單， 取得AWS IAM Identity Center許可集的詳細資訊， 取得連接至指定 IAM Identity Center 許可集的 IAM 受管政策， 取得 IAM Identity Center 執行個體的許可集， 和 取得 IAM Identity Center 資源的標籤。

AWSConfigServiceRolePolicy – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此政策現在授予許可，以取得所有或指定AWS CloudTrail事件資料存放區 (EDS) 的相關資訊、取得所有或指定AWS CloudFormation資源的相關資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前區域中您帳戶複AWS Database Migration ServiceAWS DMS寫任務的相關資訊，以及取得AWS Organizations指定類型 中的所有政策清單。

AWS_ConfigRole – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此政策現在授予許可，以取得所有或指定AWS CloudTrail事件資料存放區 (EDS) 的相關資訊、取得所有或指定AWS CloudFormation資源的相關資訊、取得 DynamoDB Accelerator (DAX) 參數群組或子網路群組的清單、取得目前區域中您帳戶複AWS Database Migration ServiceAWS DMS寫任務的相關資訊，以及取得AWS Organizations指定類型 中的所有政策清單。

AWSConfigServiceRolePolicy – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援AWS Backup、AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、AWS OpsWorks Amazon Relational Database Service、AWS WAF V2 和 Amazon WorkSpaces 的其他許可。

AWS_ConfigRole – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援AWS Backup、AWS Batch、DynamoDB Accelerator AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、AWS OpsWorks Amazon Relational Database Service、AWS WAF V2 和 Amazon WorkSpaces 的其他許可。

AWSConfigServiceRolePolicy – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予的許可，可取得 Elastic Beanstalk 環境的詳細資訊和指定 Elastic Beanstalk 組態集設定的描述、取得 OpenSearch 或 Elasticsearch 版本的映射、描述資料庫可用的 Amazon RDS 選項群組，以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可，以擷取連接至 的指定替代聯絡人AWS 帳戶、擷取AWS Organizations政策的相關資訊、擷取 Amazon ECR 儲存庫政策、擷取封存AWS Config規則的相關資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs)，以及列出連接至指定目標根、組織單位或帳戶的政策。

AWS_ConfigRole – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予的許可，可取得 Elastic Beanstalk 環境的詳細資訊和指定 Elastic Beanstalk 組態集設定的描述、取得 OpenSearch 或 Elasticsearch 版本的映射、描述資料庫可用的 Amazon RDS 選項群組，以及取得 CodeDeploy 部署組態的相關資訊。此政策現在也授予許可，以擷取連接至 的指定替代聯絡人AWS 帳戶、擷取AWS Organizations政策的相關資訊、擷取 Amazon ECR 儲存庫政策、擷取封存AWS Config規則的相關資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OUs)，以及列出連接至指定目標根、組織單位或帳戶的政策。

AWSConfigServiceRolePolicy – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予的許可，可建立 Amazon CloudWatch 日誌群組和串流，並可將日誌寫入所建立的日誌串流。

AWS_ConfigRole – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予的許可，可建立 Amazon CloudWatch 日誌群組和串流，並可將日誌寫入所建立的日誌串流。

AWSConfigServiceRolePolicy – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予的許可，可取得一或多個 Amazon OpenSearch Service (OpenSearch Service) 網域的詳細資訊，以及取得特定 Amazon Relational Database Service (Amazon RDS) 資料庫參數群組的詳細參數清單。此政策也授予可取得 Amazon ElastiCache 快照詳細資訊的許可。

AWS_ConfigRole – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予的許可，可取得一或多個 Amazon OpenSearch Service (OpenSearch Service) 網域的詳細資訊，以及取得特定 Amazon Relational Database Service (Amazon RDS) 資料庫參數群組的詳細參數清單。此政策也授予可取得 Amazon ElastiCache 快照詳細資訊的許可。

AWSConfigServiceRolePolicy – 新增 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine和資源AWS類型的其他許可

此政策現在授予的許可，可列出日誌群組標籤、列出狀態機器標籤，以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Global Accelerator、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、 和 的其他許可AWS Storage Gateway。

AWS_ConfigRole – 新增AWS資源類型的 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine和其他許可

此政策現在授予的許可，可列出日誌群組標籤、列出狀態機器標籤，以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。此政策現在也支援 Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)AWS Global Accelerator、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service AWS Database Migration Service、 和 的其他許可AWS Storage Gateway。

AWSConfigServiceRolePolicy – 新增AWS資源類型的 ssm:DescribeDocumentPermission和其他許可

此政策現在會授予可檢視AWS Systems Manager文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon RDS) 的其他AWS資源類型。這些許可變更允許AWS Config叫用支援這些資源類型所需的唯讀 APIs。此政策現在也支援篩選 lambda-inside-vpc 受管規則的 Lambda AWS Config@Edge 函數。

AWS_ConfigRole – 新增AWS資源類型的 ssm:DescribeDocumentPermission和其他許可

此政策現在會授予可檢視AWS Systems Manager文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53 和 Amazon Relational Database Service (Amazon RDS) 的其他AWS資源類型。這些許可變更允許AWS Config叫用支援這些資源類型所需的唯讀 APIs。此政策現在也支援篩選 lambda-inside-vpc 受管規則的 Lambda AWS Config@Edge 函數。

AWSConfigServiceRolePolicy - 新增可向 API Gateway 發出唯讀 GET 呼叫的 apigateway:GET 許可，以及可調用 Amazon S3 唯讀 API 的 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 許可

此政策現在授予許可，AWS Config允許 對 API Gateway 進行唯讀 GET 呼叫，以支援 API Gateway 的AWS Config規則。此政策也會新增許可，AWS Config允許 叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs，這是支援新AWS::S3::AccessPoint資源類型的必要項目。

AWS_ConfigRole – 新增可向 API Gateway 發出唯讀 GET 呼叫的 apigateway:GET 許可，以及可調用 Amazon S3 唯讀 API 的 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 許可

此政策現在授予許可，AWS Config允許 對 API Gateway 進行唯讀 GET 呼叫，以支援適用於 API Gateway AWS Config的 。此政策也會新增許可，AWS Config允許 叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 APIs，這是支援新AWS::S3::AccessPoint資源類型的必要項目。

AWSConfigServiceRolePolicy – 新增AWS資源類型的ssm:ListDocuments許可和其他許可

此政策現在會授予可檢視AWS Systems Manager指定文件相關資訊的許可。此政策現在也支援 Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)AWS Database Migration Service、Amazon Kinesis、Amazon SageMaker AI 和 Amazon Route 53 的其他AWS資源類型。這些許可變更允許AWS Config叫用支援這些資源類型所需的唯讀 APIs。

AWS_ConfigRole – 新增AWS資源類型的ssm:ListDocuments許可和其他許可

此政策現在會授予可檢視AWS Systems Manager指定文件相關資訊的許可。此政策現在也支援 Amazon Elastic File System AWS Backup、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)AWS Database Migration Service、Amazon Kinesis、Amazon SageMaker AI 和 Amazon Route 53 的其他AWS資源類型。這些許可變更允許AWS Config叫用支援這些資源類型所需的唯讀 APIs。

AWSConfigRole 已棄用

AWSConfigRole 已棄用。替換政策是 AWS_ConfigRole。

AWS Config已開始追蹤變更

AWS Config開始追蹤其AWS受管政策的變更。