AWSAuditManagerServiceRolePolicy - AWS Política gestionada

Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.

AWSAuditManagerServiceRolePolicy

Descripción: permite el acceso a los recursos y Servicios de AWS utilizados o administrados por AWS Audit Manager

AWSAuditManagerServiceRolePolicy es una política administrada de AWS.

Uso de la política

Esta política está asociada a un rol vinculado a un servicio. Esto permite a dicho servicio realizar acciones por usted. No puede asociar esta política a los usuarios, grupos o roles.

Información de la política

  • Tipo: política de rol vinculado a un servicio

  • Hora de creación: 8 de diciembre de 2020 a las 15:12 UTC

  • Hora de edición: 24 de septiembre de 2024 a las 23:22 h UTC

  • ARN: arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy

Versión de la política

Versión de la política: v10 (predeterminada)

La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita acceso a un recurso de AWS, AWS comprueba la versión predeterminada de la política para decidir si permite o no la solicitud.

Documento de política JSON

{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "acm:GetAccountConfiguration", "acm:ListCertificates", "autoscaling:DescribeAutoScalingGroups", "backup:ListBackupPlans", "backup:ListRecoveryPointsByResource", "bedrock:GetCustomModel", "bedrock:GetFoundationModel", "bedrock:GetModelCustomizationJob", "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:ListCustomModels", "bedrock:ListFoundationModels", "bedrock:ListGuardrails", "bedrock:ListModelCustomizationJobs", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:ListDistributions", "cloudtrail:GetTrail", "cloudtrail:ListTrails", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cognito-idp:DescribeUserPool", "config:DescribeConfigRules", "config:DescribeDeliveryChannels", "config:ListDiscoveredResources", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeBackup", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTable", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeInstanceAttribute", "ec2:DescribeSecurityGroupRules", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:GetLaunchTemplateData", "ec2:DescribeAddresses", "ec2:DescribeCustomerGateways", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ecs:DescribeClusters", "eks:DescribeAddonVersions", "elasticache:DescribeCacheClusters", "elasticache:DescribeServiceUpdates", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeSslPolicies", "elasticloadbalancing:DescribeTargetGroups", "elasticmapreduce:ListClusters", "elasticmapreduce:ListSecurityConfigurations", "events:DescribeRule", "events:ListConnections", "events:ListEventBuses", "events:ListEventSources", "events:ListRules", "firehose:ListDeliveryStreams", "fsx:DescribeFileSystems", "guardduty:ListDetectors", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccessKeyLastUsed", "iam:GetCredentialReport", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:ListAttachedGroupPolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupsForUser", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListOpenIdConnectProviders", "iam:ListPolicies", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListSamlProviders", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", "iam:ListPolicyVersions", "iam:ListAccessKeys", "iam:ListAttachedRolePolicies", "iam:ListMfaDeviceTags", "iam:ListMfaDevices", "kafka:ListClusters", "kafka:ListKafkaVersions", "kinesis:ListStreams", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeys", "lambda:ListFunctions", "license-manager:ListAssociationsForLicenseConfiguration", "license-manager:ListLicenseConfigurations", "license-manager:ListUsageForLicenseConfiguration", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:DescribeResourcePolicies", "logs:FilterLogEvents", "logs:GetDataProtectionPolicy", "es:DescribeDomains", "es:DescribeDomain", "es:DescribeDomainConfig", "es:ListDomainNames", "organizations:DescribeOrganization", "organizations:DescribePolicy", "rds:DescribeCertificates", "rds:DescribeDBClusterEndpoints", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBClusters", "rds:DescribeDBInstanceAutomatedBackups", "redshift:DescribeClusters", "redshift:DescribeClusterSnapshots", "redshift:DescribeLoggingStatus", "route53:GetQueryLoggingConfig", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelCard", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeModel", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeUserProfile", "sagemaker:ListAlgorithms", "sagemaker:ListDomains", "sagemaker:ListEndpoints", "sagemaker:ListEndpointConfigs", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanTaskUis", "sagemaker:ListLabelingJobs", "sagemaker:ListModels", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelCards", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListMonitoringAlerts", "sagemaker:ListMonitoringSchedules", "sagemaker:ListTrainingJobs", "sagemaker:ListUserProfiles", "s3:GetBucketPublicAccessBlock", "s3:GetBucketVersioning", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:ListAllMyBuckets", "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets", "securityhub:DescribeStandards", "sns:ListTagsForResource", "sns:ListTopics", "sqs:ListQueues", "waf-regional:GetRule", "waf-regional:GetWebAcl", "waf:GetRule", "waf:GetRuleGroup", "waf:ListActivatedRulesInRuleGroup", "waf:ListWebAcls", "wafv2:ListWebAcls", "waf-regional:GetLoggingConfiguration", "waf-regional:ListRuleGroups", "waf-regional:ListSubscribedRuleGroups", "waf-regional:ListWebACLs", "waf-regional:ListRules", "waf:ListRuleGroups", "waf:ListRules" ], "Resource" : "*", "Sid" : "APIsAccess" }, { "Sid" : "S3Access", "Effect" : "Allow", "Action" : [ "s3:GetBucketAcl", "s3:GetBucketLogging", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketTagging" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : [ "${aws:PrincipalAccount}" ] } } }, { "Sid" : "APIGatewayAccess", "Effect" : "Allow", "Action" : [ "apigateway:GET" ], "Resource" : [ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/restapis/*/stages" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : [ "${aws:PrincipalAccount}" ] } } }, { "Sid" : "CreateEventsAccess", "Effect" : "Allow", "Action" : [ "events:PutRule" ], "Resource" : "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", "Condition" : { "StringEquals" : { "events:detail-type" : "Security Hub Findings - Imported" }, "Null" : { "events:source" : "false" }, "ForAllValues:StringEquals" : { "events:source" : [ "aws.securityhub" ] } } }, { "Sid" : "EventsAccess", "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver" } ] }

Más información