AmazonQFullAccess
Description: Provides full access to enable interactions with Amazon Q
AmazonQFullAccess
is an AWS managed policy.
Using this policy
You can attach AmazonQFullAccess
to your users, groups, and roles.
Policy
details
-
Type: AWS managed policy
-
Creation time: November 28, 2023, 16:00 UTC
-
Edited time: November 13, 2024, 21:51 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonQFullAccess
Policy version
Policy version: v5 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
JSON policy document
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowAmazonQFullAccess",
"Effect" : "Allow",
"Action" : [
"q:StartConversation",
"q:SendMessage",
"q:GetConversation",
"q:ListConversations",
"q:PassRequest",
"q:StartTroubleshootingAnalysis",
"q:GetTroubleshootingResults",
"q:StartTroubleshootingResolutionExplanation",
"q:UpdateTroubleshootingCommandResult",
"q:GetIdentityMetadata",
"q:CreateAssignment",
"q:DeleteAssignment",
"q:GenerateCodeFromCommands",
"q:CreatePlugin",
"q:DeletePlugin",
"q:GetPlugin",
"q:UsePlugin",
"q:ListPlugins",
"q:ListPluginProviders",
"q:ListTagsForResource",
"q:UntagResource",
"q:TagResource"
],
"Resource" : "*"
},
{
"Sid" : "AllowCloudControlReadAccess",
"Effect" : "Allow",
"Action" : [
"cloudformation:GetResource",
"cloudformation:ListResources"
],
"Resource" : "*"
},
{
"Sid" : "AllowSetTrustedIdentity",
"Effect" : "Allow",
"Action" : [
"sts:SetContext"
],
"Resource" : "arn:aws:sts::*:self"
},
{
"Sid" : "AllowPassRoleToAmazonQ",
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : "arn:aws:iam::*:role/*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"q.amazonaws.com"
]
}
}
}
]
}