Route53RecoveryReadinessServiceRolePolicy
Description: Service Linked Role Policy for Route 53 Recovery Readiness
Route53RecoveryReadinessServiceRolePolicy
is an AWS managed policy.
Using this policy
This policy is attached to a service-linked role that allows the service to perform actions on your behalf. You cannot attach this policy to your users, groups, or roles.
Policy
details
-
Type: Service-linked role policy
-
Creation time: July 15, 2021, 16:06 UTC
-
Edited time: February 14, 2023, 18:08 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy
Policy version
Policy version: v5 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
JSON policy document
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings"
],
"Resource" : "arn:aws:dynamodb:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive"
],
"Resource" : "arn:aws:dynamodb:*:*:table/*"
},
{
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : "arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "servicequotas.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"lambda:GetFunctionConcurrency",
"lambda:GetFunctionConfiguration",
"lambda:GetProvisionedConcurrencyConfig",
"lambda:ListProvisionedConcurrencyConfigs",
"lambda:ListAliases",
"lambda:ListVersionsByFunction"
],
"Resource" : "arn:aws:lambda:*:*:function:*"
},
{
"Effect" : "Allow",
"Action" : [
"rds:DescribeDBClusters"
],
"Resource" : "arn:aws:rds:*:*:cluster:*"
},
{
"Effect" : "Allow",
"Action" : [
"rds:DescribeDBInstances"
],
"Resource" : "arn:aws:rds:*:*:db:*"
},
{
"Effect" : "Allow",
"Action" : [
"route53:ListResourceRecordSets"
],
"Resource" : "arn:aws:route53:::hostedzone/*"
},
{
"Effect" : "Allow",
"Action" : [
"route53:GetHealthCheck",
"route53:GetHealthCheckStatus"
],
"Resource" : "arn:aws:route53:::healthcheck/*"
},
{
"Effect" : "Allow",
"Action" : [
"servicequotas:RequestServiceQuotaIncrease"
],
"Resource" : "arn:aws:servicequotas:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic"
],
"Resource" : "arn:aws:sns:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
"Resource" : "arn:aws:sqs:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"apigateway:GET",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeLoadBalancerTargetGroups",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribePolicies",
"cloudwatch:GetMetricData",
"cloudwatch:DescribeAlarms",
"dynamodb:DescribeLimits",
"dynamodb:ListGlobalTables",
"dynamodb:ListTables",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetEbsDefaultKmsKeyId",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"kafka:DescribeCluster",
"kafka:DescribeConfigurationRevision",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"rds:DescribeAccountAttributes",
"route53:GetHostedZone",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServices",
"sns:GetEndpointAttributes",
"sns:GetSubscriptionAttributes"
],
"Resource" : "*"
}
]
}