AWS_ConfigRole - AWS Managed Policy

AWS_ConfigRole

Description: Default policy for AWS Config service role. Provides permissions required for AWS Config to track changes to your AWS resources.

AWS_ConfigRole is an AWS managed policy.

Using this policy

You can attach AWS_ConfigRole to your users, groups, and roles.

Policy details

  • Type: Service role policy

  • Creation time: September 15, 2020, 20:30 UTC

  • Edited time: November 06, 2024, 22:29 UTC

  • ARN: arn:aws:iam::aws:policy/service-role/AWS_ConfigRole

Policy version

Policy version: v33 (default)

The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.

JSON policy document

{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AWSConfigRoleStatementID", "Effect" : "Allow", "Action" : [ "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:ListCertificateAuthorities", "acm-pca:ListTags", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "airflow:GetEnvironment", "airflow:ListEnvironments", "airflow:ListTagsForResource", "amplify:GetApp", "amplify:GetBranch", "amplify:ListApps", "amplify:ListBranches", "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "amplifyuibuilder:ListThemes", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:ListAccessPolicies", "aoss:ListCollections", "aoss:ListLifecyclePolicies", "aoss:ListSecurityConfigs", "aoss:ListSecurityPolicies", "aoss:ListVpcEndpoints", "apigateway:GET", "app-integrations:GetApplication", "app-integrations:GetEventIntegration", "app-integrations:ListApplications", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "app-integrations:ListTagsForResource", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetExtension", "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListConfigurationProfiles", "appconfig:ListDeployments", "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensionAssociations", "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", "appflow:DescribeFlow", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "appmesh:DescribeGatewayRoute", "appmesh:DescribeMesh", "appmesh:DescribeRoute", "appmesh:DescribeVirtualGateway", "appmesh:DescribeVirtualNode", "appmesh:DescribeVirtualRouter", "appmesh:DescribeVirtualService", "appmesh:ListGatewayRoutes", "appmesh:ListMeshes", "appmesh:ListRoutes", "appmesh:ListTagsForResource", "appmesh:ListVirtualGateways", "appmesh:ListVirtualNodes", "appmesh:ListVirtualRouters", "appmesh:ListVirtualServices", "apprunner:DescribeService", "apprunner:DescribeVpcConnector", "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "appstream:DescribeAppBlockBuilders", "appstream:DescribeApplications", "appstream:DescribeDirectoryConfigs", "appstream:DescribeFleets", "appstream:DescribeStacks", "appstream:ListTagsForResource", "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "aps:DescribeAlertManagerDefinition", "aps:DescribeLoggingConfiguration", "APS:DescribeRuleGroupsNamespace", "APS:DescribeWorkspace", "aps:ListRuleGroupsNamespaces", "aps:ListTagsForResource", "APS:ListWorkspaces", "athena:GetDataCatalog", "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:ListDataCatalogs", "athena:ListPreparedStatements", "athena:ListTagsForResource", "athena:ListWorkGroups", "auditmanager:GetAccountStatus", "auditmanager:GetAssessment", "auditmanager:ListAssessments", "autoscaling-plans:DescribeScalingPlanResources", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", "backup:DescribeFramework", "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:GetRestoreTestingPlan", "backup:GetRestoreTestingSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", "backup:ListRestoreTestingPlans", "backup:ListRestoreTestingSelections", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "batch:ListTagsForResource", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListTagsForResource", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionsForBudget", "budgets:ViewBudget", "cassandra:Select", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudformation:ListTypes", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:GetResponseHeadersPolicy", "cloudfront:ListDistributions", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudTrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", "cloudTrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:GetDashboard", "cloudwatch:GetMetricStream", "cloudwatch:ListDashboards", "cloudwatch:ListMetricStreams", "cloudwatch:ListTagsForResource", "codeartifact:DescribeRepository", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codeartifact:ListRepositories", "codeartifact:ListTagsForResource", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:ListRepositories", "codecommit:ListTagsForResource", "codedeploy:GetDeploymentConfig", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:GetPrincipalTagAttributeMap", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:GetGroup", "cognito-idp:GetUserPoolMfaConfig", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "connect:DescribeEvaluationForm", "connect:DescribeInstance", "connect:DescribeInstanceStorageConfig", "connect:DescribePhoneNumber", "connect:DescribePrompt", "connect:DescribeQueue", "connect:DescribeQuickConnect", "connect:DescribeRoutingProfile", "connect:DescribeRule", "connect:DescribeSecurityProfile", "connect:DescribeUser", "connect:GetTaskTemplate", "connect:ListApprovedOrigins", "connect:ListEvaluationForms", "connect:ListInstanceAttributes", "connect:ListInstances", "connect:ListInstanceStorageConfigs", "connect:ListIntegrationAssociations", "connect:ListPhoneNumbers", "connect:ListPhoneNumbersV2", "connect:ListPrompts", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListQuickConnects", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListRules", "connect:ListSecurityKeys", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListUsers", "connect:SearchAvailablePhoneNumbers", "databrew:DescribeDataset", "databrew:DescribeJob", "databrew:DescribeProject", "databrew:DescribeRecipe", "databrew:DescribeRuleset", "databrew:DescribeSchedule", "databrew:ListDatasets", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:ListRulesets", "databrew:ListSchedules", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", "datazone:GetDomain", "datazone:ListDomains", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", "devicefarm:GetInstanceProfile", "devicefarm:GetNetworkProfile", "devicefarm:GetProject", "devicefarm:GetTestGridProject", "devicefarm:ListInstanceProfiles", "devicefarm:ListNetworkProfiles", "devicefarm:ListProjects", "devicefarm:ListTagsForResource", "devicefarm:ListTestGridProjects", "devops-guru:GetResourceCollection", "devops-guru:ListNotificationChannels", "dms:DescribeCertificates", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTaskAssessmentRuns", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", "ds:DescribeDirectories", "ds:DescribeDomainControllers", "ds:DescribeEventTopics", "ds:ListLogSubscriptions", "ds:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ec2:GetEbsEncryptionByDefault", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "eks:DescribeAddon", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeIdentityProviderConfig", "eks:DescribeNodegroup", "eks:ListAddons", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListIdentityProviderConfigs", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheParameters", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeUserGroups", "elasticache:DescribeUsers", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "emr-containers:DescribeVirtualCluster", "emr-containers:ListVirtualClusters", "emr-serverless:GetApplication", "emr-serverless:ListApplications", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:GetCompatibleElasticsearchVersions", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", "events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeConnection", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeRule", "events:ListApiDestinations", "events:ListArchives", "events:ListConnections", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:ListLaunches", "evidently:ListProjects", "evidently:ListSegments", "evidently:ListTagsForResource", "finspace:GetEnvironment", "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fis:GetExperimentTemplate", "fis:ListExperimentTemplates", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:ListPolicies", "fms:ListTagsForResource", "forecast:DescribeDataset", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "forecast:ListDatasets", "forecast:ListTagsForResource", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:ListTagsForResource", "fsx:DescribeBackups", "fsx:DescribeDataRepositoryAssociations", "fsx:DescribeFileSystems", "fsx:DescribeSnapshots", "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "gamelift:DescribeAlias", "gamelift:DescribeBuild", "gamelift:DescribeFleetAttributes", "gamelift:DescribeFleetCapacity", "gamelift:DescribeFleetLocationAttributes", "gamelift:DescribeFleetLocationCapacity", "gamelift:DescribeFleetPortSettings", "gamelift:DescribeGameServerGroup", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeMatchmakingRuleSets", "gamelift:DescribeRuntimeConfiguration", "gamelift:DescribeScript", "gamelift:DescribeVpcPeeringAuthorizations", "gamelift:DescribeVpcPeeringConnections", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListFleets", "gamelift:ListGameServerGroups", "gamelift:ListScripts", "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", "geo:DescribeTracker", "geo:ListGeofenceCollections", "geo:ListMaps", "geo:ListPlaceIndexes", "geo:ListRouteCalculators", "geo:ListTrackerConsumers", "geo:ListTrackers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:GetMLTransform", "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", "glue:GetRegistry", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", "glue:GetTrigger", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", "glue:ListTriggers", "glue:ListWorkflows", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:DescribeWorkspaceConfiguration", "grafana:ListWorkspaces", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMissionProfile", "groundstation:ListConfigs", "groundstation:ListDataflowEndpointGroups", "groundstation:ListMissionProfiles", "groundstation:ListTagsForResource", "guardduty:DescribePublishingDestination", "guardduty:GetAdministratorAccount", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", "guardduty:GetMemberDetectors", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListFindings", "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", "guardduty:ListPublishingDestinations", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", "healthlake:DescribeFHIRDatastore", "healthlake:ListFHIRDatastores", "healthlake:ListTagsForResource", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetInstanceProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", "iam:ListInstanceProfileTags", "iam:ListMFADevices", "iam:ListMFADeviceTags", "iam:ListOpenIDConnectProviders", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:ListGroupMemberships", "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetLifecyclePolicy", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "imagebuilder:ListLifecyclePolicies", "inspector2:BatchGetAccountStatus", "inspector2:GetDelegatedAdminAccount", "inspector2:ListFilters", "inspector2:ListMembers", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuthorizer", "iot:DescribeBillingGroup", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeCustomMetric", "iot:DescribeDimension", "iot:DescribeDomainConfiguration", "iot:DescribeFleetMetric", "iot:DescribeJobTemplate", "iot:DescribeMitigationAction", "iot:DescribeProvisioningTemplate", "iot:DescribeRoleAlias", "iot:DescribeScheduledAudit", "iot:DescribeSecurityProfile", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListAuthorizers", "iot:ListBillingGroups", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCustomMetrics", "iot:ListDimensions", "iot:ListDomainConfigurations", "iot:ListFleetMetrics", "iot:ListJobTemplates", "iot:ListMitigationActions", "iot:ListPolicies", "iot:ListProvisioningTemplates", "iot:ListRoleAliases", "iot:ListScheduledAudits", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", "iot:ListThingGroups", "iot:ListThingTypes", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:ValidateSecurityProfileBehaviors", "iotanalytics:DescribeChannel", "iotanalytics:DescribeDataset", "iotanalytics:DescribeDatastore", "iotanalytics:DescribePipeline", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotanalytics:ListTagsForResource", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:DescribeAssetModel", "iotsitewise:DescribeDashboard", "iotsitewise:DescribeGateway", "iotsitewise:DescribePortal", "iotsitewise:DescribeProject", "iotsitewise:ListAccessPolicies", "iotsitewise:ListAssetModels", "iotsitewise:ListAssets", "iotsitewise:ListDashboards", "iotsitewise:ListGateways", "iotsitewise:ListPortals", "iotsitewise:ListProjectAssets", "iotsitewise:ListProjects", "iotsitewise:ListTagsForResource", "iottwinmaker:GetComponentType", "iottwinmaker:GetEntity", "iottwinmaker:GetScene", "iottwinmaker:GetSyncJob", "iottwinmaker:GetWorkspace", "iottwinmaker:ListComponentTypes", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListSyncJobs", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:GetChannel", "ivs:GetEncoderConfiguration", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStorageConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", "ivs:ListEncoderConfigurations", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:DescribeVpcConnection", "kafka:GetClusterPolicy", "kafka:ListClusters", "kafka:ListClustersV2", "kafka:ListConfigurations", "kafka:ListScramSecrets", "kafka:ListTagsForResource", "kafka:ListVpcConnections", "kafkaconnect:DescribeConnector", "kafkaconnect:ListConnectors", "kendra:DescribeIndex", "kendra:ListIndices", "kendra:ListTagsForResource", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kinesisvideo:DescribeSignalingChannel", "kinesisvideo:DescribeStream", "kinesisvideo:ListSignalingChannels", "kinesisvideo:ListStreams", "kinesisvideo:ListTagsForResource", "kinesisvideo:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", "lakeformation:DescribeResource", "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions", "lakeformation:ListResources", "lambda:GetAlias", "lambda:GetCodeSigningConfig", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetLayerVersion", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListCodeSigningConfigs", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListTags", "lambda:ListVersionsByFunction", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotVersion", "lex:DescribeResourcePolicy", "lex:ListBotAliases", "lex:ListBotLocales", "lex:ListBots", "lex:ListBotVersions", "lex:ListTagsForResource", "license-manager:GetGrant", "license-manager:GetLicense", "license-manager:ListDistributedGrants", "license-manager:ListLicenses", "license-manager:ListReceivedGrants", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetDistributions", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetRelationalDatabase", "lightsail:GetRelationalDatabaseParameters", "lightsail:GetRelationalDatabases", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:GetDataProtectionPolicy", "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListTagsForResource", "lookoutmetrics:DescribeAlert", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:ListMetricSets", "lookoutmetrics:ListTagsForResource", "lookoutvision:DescribeProject", "lookoutvision:ListProjects", "m2:GetEnvironment", "m2:ListEnvironments", "m2:ListTagsForResource", "macie2:DescribeOrganizationConfiguration", "macie2:GetAutomatedDiscoveryConfiguration", "macie2:GetClassificationExportConfiguration", "macie2:GetCustomDataIdentifier", "macie2:GetFindingsPublicationConfiguration", "macie2:GetMacieSession", "macie2:ListCustomDataIdentifiers", "macie2:ListTagsForResource", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", "mediaconnect:DescribeGateway", "mediaconnect:ListBridges", "mediaconnect:ListFlows", "mediaconnect:ListGateways", "mediaconnect:ListTagsForResource", "mediapackage-vod:DescribePackagingConfiguration", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", "mediatailor:DescribeChannel", "mediatailor:DescribeLiveSource", "mediatailor:DescribeSourceLocation", "mediatailor:DescribeVodSource", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListChannels", "mediatailor:ListLiveSources", "mediatailor:ListPlaybackConfigurations", "mediatailor:ListSourceLocations", "mediatailor:ListVodSources", "memorydb:DescribeAcls", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", "memorydb:DescribeParameters", "memorydb:DescribeSubnetGroups", "memorydb:DescribeUsers", "memorydb:ListTags", "mobiletargeting:GetApp", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetApps", "mobiletargeting:GetCampaign", "mobiletargeting:GetCampaigns", "mobiletargeting:GetEmailChannel", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:GetInAppTemplate", "mobiletargeting:GetSegment", "mobiletargeting:GetSegments", "mobiletargeting:ListTagsForResource", "mobiletargeting:ListTemplates", "mq:DescribeBroker", "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectPeer", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:ListConnectPeers", "networkmanager:ListTagsForResource", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", "oam:GetSink", "oam:GetSinkPolicy", "oam:ListSinks", "omics:GetWorkflow", "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", "opsworks:DescribeTimeBasedAutoScaling", "opsworks:DescribeVolumes", "opsworks:ListTags", "organizations:DescribeAccount", "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:DescribeResourcePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "panorama:DescribeApplicationInstance", "panorama:DescribeApplicationInstanceDetails", "panorama:DescribePackage", "panorama:DescribePackageVersion", "panorama:ListApplicationInstances", "panorama:ListNodes", "panorama:ListPackages", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "profile:GetDomain", "profile:GetIntegration", "profile:GetProfileObjectType", "profile:ListDomains", "profile:ListIntegrations", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "quicksight:DescribeAccountSubscription", "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:DescribeDashboard", "quicksight:DescribeDashboardPermissions", "quicksight:DescribeDataSet", "quicksight:DescribeDataSetPermissions", "quicksight:DescribeDataSetRefreshProperties", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:DescribeTemplate", "quicksight:DescribeTemplatePermissions", "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions", "quicksight:ListAnalyses", "quicksight:ListDashboards", "quicksight:ListDataSets", "quicksight:ListDataSources", "quicksight:ListTagsForResource", "quicksight:ListTemplates", "quicksight:ListThemes", "ram:GetPermission", "ram:GetResourceShareAssociations", "ram:GetResourceShares", "ram:ListPermissionAssociations", "ram:ListPermissions", "ram:ListPermissionVersions", "ram:ListResources", "ram:ListResourceSharePermissions", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEventSubscriptions", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEndpointAccess", "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "redshift:DescribeScheduledActions", "redshift:DescribeTags", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "rekognition:DescribeProjects", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListApps", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListResiliencyPolicies", "resiliencehub:ListTagsForResource", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration", "resource-groups:GetGroupQuery", "resource-groups:GetTags", "resource-groups:ListGroupResources", "resource-groups:ListGroups", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", "robomaker:ListRobotApplications", "robomaker:ListSimulationApplications", "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:DescribeControlPanel", "route53-recovery-control-config:DescribeRoutingControl", "route53-recovery-control-config:DescribeSafetyRule", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-control-config:ListTagsForResource", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:GetChange", "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListCidrBlocks", "route53:ListCidrCollections", "route53:ListCidrLocations", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallDomains", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRules", "route53resolver:ListResolverDnssecConfigs", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListTagsForResource", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListEndpoints", "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "s3express:GetBucketPolicy", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceExperiment", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribeProject", "sagemaker:DescribeWorkteam", "sagemaker:ListAppImageConfigs", "sagemaker:ListCodeRepositories", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListFeatureGroups", "sagemaker:ListImages", "sagemaker:ListImageVersions", "sagemaker:ListInferenceExperiments", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelines", "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListSchedules", "scheduler:ListTagsForResource", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "sdb:GetAttributes", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "serviceCatalog:DescribePortfolioShares", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", "servicediscovery:ListInstances", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningProfiles", "sns:GetDataProtectionPolicy", "sns:GetSMSSandboxAccountStatus", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm-sap:ListTagsForResource", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:GetServiceSetting", "ssm:ListDocuments", "ssm:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListPermissionSets", "sso:ListTagsForResource", "states:DescribeActivity", "states:DescribeStateMachine", "states:ListActivities", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "sts:GetCallerIdentity", "support:DescribeCases", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:GetGroup", "synthetics:ListAssociatedGroups", "synthetics:ListGroupResources", "synthetics:ListGroups", "synthetics:ListTagsForResource", "tag:GetResources", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "transfer:DescribeAgreement", "transfer:DescribeCertificate", "transfer:DescribeConnector", "transfer:DescribeProfile", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:DescribeWorkflow", "transfer:ListAgreements", "transfer:ListCertificates", "transfer:ListConnectors", "transfer:ListProfiles", "transfer:ListServers", "transfer:ListTagsForResource", "transfer:ListUsers", "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", "vpc-lattice:ListTargets", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf-regional:ListLoggingConfigurations", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", "wafv2:GetRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "workspaces:DescribeConnectionAliases", "workspaces:DescribeTags", "workspaces:DescribeWorkspaces" ], "Resource" : "*" }, { "Sid" : "ConfigLogStreamStatementID", "Effect" : "Allow", "Action" : [ "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/config/*" }, { "Sid" : "ConfigLogEventsStatementID", "Effect" : "Allow", "Action" : "logs:PutLogEvents", "Resource" : "arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" } ] }

Learn more