Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
AWS politiques gérées pour AWS Config
Une politique AWS gérée est une politique autonome créée et administrée par AWS. AWS les politiques gérées sont conçues pour fournir des autorisations pour de nombreux cas d'utilisation courants afin que vous puissiez commencer à attribuer des autorisations aux utilisateurs, aux groupes et aux rôles.
N'oubliez pas que les politiques AWS gérées peuvent ne pas accorder d'autorisations de moindre privilège pour vos cas d'utilisation spécifiques, car elles sont accessibles à tous les AWS clients. Nous vous recommandons de réduire encore les autorisations en définissant des politiques gérées par le client qui sont propres à vos cas d’utilisation.
Vous ne pouvez pas modifier les autorisations définies dans les politiques AWS gérées. Si les autorisations définies dans une politique AWS gérée sont AWS mises à jour, la mise à jour affecte toutes les identités principales (utilisateurs, groupes et rôles) auxquelles la politique est attachée. AWS est le plus susceptible de mettre à jour une politique AWS gérée lorsqu'une nouvelle AWS service est lancée ou que de nouvelles API opérations sont disponibles pour les services existants.
Pour plus d'informations, consultez la section Politiques AWS gérées dans le Guide de IAM l'utilisateur.
AWS politique gérée : AWSConfigServiceRolePolicy
AWS Config utilise le rôle lié au service nommé AWSServiceRoleForConfigpour appeler d'autres AWS services en votre nom. Lorsque vous utilisez le AWS Management Console pour configurer AWS Config, cela SLR est automatiquement créé AWS Config si vous sélectionnez l'option permettant d'utiliser le rôle de service AWS Config SLR au lieu de votre propre AWS Identity and Access Management (IAM).
AWSServiceRoleForConfigSLRContient la politique géréeAWSConfigServiceRolePolicy
. Cette politique gérée contient des autorisations en lecture seule et en écriture uniquement pour les ressources et des autorisations en lecture seule pour les AWS Config ressources des autres services pris en charge. AWS Config Pour plus d’informations, consultez Types de ressource pris en charge et Utilisation de rôles liés à un service pour AWS Config.
Consultez la politique : AWSConfigServiceRolePolicy.
AWS politique gérée : AWS_ConfigRole
Pour enregistrer vos configurations de AWS ressources, vous AWS Config avez besoin d'IAMautorisations pour obtenir les détails de configuration de vos ressources. Si vous souhaitez créer un IAM rôle pour AWS Config, vous pouvez utiliser la politique gérée AWS_ConfigRole
et l'associer à votre IAM rôle.
Cette IAM politique est mise à jour chaque fois que AWS Config la prise en charge d'un type de AWS ressource est ajoutée. Cela signifie qu'il AWS Config continuera à disposer des autorisations requises pour enregistrer les données de configuration des types de ressources pris en charge tant que cette politique gérée sera attachée au ConfigRole rôle AWS_. Pour plus d’informations, consultez Types de ressource pris en charge et Autorisations pour le IAM rôle attribué à AWS Config.
Consultez la politique : AWS_ ConfigRole.
AWS politique gérée : AWSConfigUserAccess
Cette IAM politique fournit un accès à l'utilisation AWS Config, y compris la recherche par balises sur les ressources et la lecture de toutes les balises. Cela ne donne pas l'autorisation de configurer AWS Config, ce qui nécessite des privilèges administratifs.
Consultez la politique : AWSConfigUserAccess.
AWS politique gérée : ConfigConformsServiceRolePolicy
Le déploiement et la gestion des packs de conformité AWS Config nécessitent des IAM autorisations et certaines autorisations de la part d'autres AWS services. Ils vous permettent de déployer et de gérer des packs de conformité avec toutes les fonctionnalités et sont mis à jour chaque fois que de nouvelles AWS Config fonctionnalités sont ajoutées aux packs de conformité. Pour plus d'informations sur les packs de conformité, consultez Packs de conformité.
Consultez la politique : ConfigConformsServiceRolePolicy.
AWS politique gérée : AWSConfigRulesExecutionRole
Le déploiement de règles Lambda AWS personnalisées AWS Config nécessite des IAM autorisations et certaines autorisations provenant d'autres AWS services. Ils permettent aux AWS Lambda fonctions d'accéder aux AWS Config API instantanés de configuration fournis régulièrement à Amazon S3 et aux instantanés de configuration. AWS Config Cet accès est requis par les fonctions qui évaluent les modifications de configuration pour les règles Lambda AWS personnalisées et est mis à jour chaque fois que de nouvelles fonctionnalités sont AWS Config ajoutées. Pour plus d'informations sur les règles Lambda AWS personnalisées, voir Création de règles AWS Config Lambda personnalisées et composants d'une règle. AWS Config Pour plus d'informations sur les instantanés de configuration, consultez Concepts | Instantané de configuration. Pour plus d'informations sur la livraison des instantanés de configuration, consultez Gestion du canal de livraison.
Consultez la politique : AWSConfigRulesExecutionRole.
AWS politique gérée : AWSConfigMultiAccountSetupPolicy
Le déploiement, la mise à jour et la suppression centralisés des AWS Config règles et des packs de conformité sur les comptes des membres d'une organisation AWS Config nécessitent IAM des autorisations et certaines autorisations provenant d'autres AWS services. AWS Organizations Cette politique gérée est mise à jour chaque fois qu' AWS Config une nouvelle fonctionnalité est ajoutée pour la configuration de plusieurs comptes. Pour plus d'informations, voir Gestion des AWS Config règles pour tous les comptes de votre organisation et Gestion des packs de conformité pour tous les comptes de votre organisation.
Consultez la politique : AWSConfigMultiAccountSetupPolicy.
AWS politique gérée : AWSConfigRoleForOrganizations
AWS Config Pour autoriser les appels en lecture seule AWS Organizations APIs, des IAM autorisations AWS Config et certaines autorisations d'autres AWS services sont nécessaires. Cette politique gérée est mise à jour chaque fois qu' AWS Config une nouvelle fonctionnalité est ajoutée pour la configuration de plusieurs comptes. Pour plus d'informations, voir Gestion des AWS Config règles pour tous les comptes de votre organisation et Gestion des packs de conformité pour tous les comptes de votre organisation.
Consultez la politique : AWSConfigRoleForOrganizations.
AWS politique gérée : AWSConfigRemediationServiceRolePolicy
AWS Config Pour autoriser la correction des NON_COMPLIANT
ressources en votre nom, vous devez AWS Config disposer d'IAMautorisations et de certaines autorisations de la part d'autres AWS services. Cette politique gérée est mise à jour chaque fois qu' AWS Config une nouvelle fonctionnalité de correction est ajoutée. Pour plus d'informations sur la correction, voir Corriger les ressources non conformes à l'aide de règles. AWS Config Pour plus d'informations sur les conditions à l'origine des résultats AWS Config d'évaluation possibles, voir Concepts | AWS Config Règles.
Consultez la politique : AWSConfigRemediationServiceRolePolicy.
AWS Config mises à jour des politiques AWS gérées
Consultez les détails des mises à jour des politiques AWS gérées AWS Config depuis que ce service a commencé à suivre ces modifications. Pour recevoir des alertes automatiques concernant les modifications apportées à cette page, abonnez-vous au RSS fil sur la page Historique du AWS Config document.
Modification | Description | Date |
---|---|---|
AWS_ConfigRole – Ajout de elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Elastic File System (AmazonEFS), Amazon Redshift et. Gestionnaire de systèmes AWS pour SAP |
17 juin 2024 |
AWSConfigServiceRolePolicy – Ajout de elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Elastic File System (AmazonEFS), Amazon Redshift et. Gestionnaire de systèmes AWS pour SAP |
17 juin 2024 |
AWS_ConfigRole – Ajout de "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus, CloudWatch Amazon, Amazon Cognito, ElastiCache Amazon, () AWS Lambda,, AWS Identity and Access Management ,IAM, FSx AWS Glue Amazon Redshift Serverless AWS RAM, Amazon et Amazon Simple Notification Service ( SageMakerAmazon). SNS |
22 février 2024 |
AWSConfigServiceRolePolicy – Ajout de "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus, CloudWatch Amazon, Amazon Cognito, ElastiCache Amazon, () AWS Lambda,, AWS Identity and Access Management ,IAM, FSx AWS Glue Amazon Redshift Serverless AWS RAM, Amazon et Amazon Simple Notification Service ( SageMakerAmazon). SNS |
22 février 2024 |
AWSConfigUserAccess— AWS Config commence à suivre les modifications apportées à cette politique AWS gérée |
Cette politique fournit un accès à l'utilisation AWS Config, y compris la recherche par balises sur les ressources et la lecture de toutes les balises. Cela ne donne pas l'autorisation de configurer AWS Config, ce qui nécessite des privilèges administratifs. |
22 février 2024 |
AWS_ConfigRole – Ajout de "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS AppConfig Amazon Managed Service pour Prometheus AWS Database Migration Service ,AWS DMS(), (AWS Identity and Access Management)IAM, Amazon Managed Streaming pour Apache Kafka (Amazon), MSK Amazon Logs et CloudWatch Amazon Simple AWS Organizations Storage Service (Amazon S3). |
5 décembre 2023 |
AWSConfigServiceRolePolicy – Ajout de "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS AppConfig Amazon Managed Service pour Prometheus AWS Database Migration Service ,AWS DMS(), (AWS Identity and Access Management)IAM, Amazon Managed Streaming pour Apache Kafka (Amazon), MSK Amazon Logs et CloudWatch Amazon Simple AWS Organizations Storage Service (Amazon S3). |
5 décembre 2023 |
AWS_ConfigRole – Ajout de "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Cognito, Amazon ConnectEMR, Amazon, AWS Ground Station,, AWS Mainframe Modernization Amazon MemoryDB, AWS Organizations Amazon QuickSight, Amazon Relational Database Service (AmazonRDS), Amazon Redshift, Amazon Route 53 et. AWS Service Catalog AWS Transfer Family |
17 novembre 2023 |
AWS_ConfigRole – Ajout de "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
Cette politique ajoute désormais des identificateurs de sécurité (SID) pour |
17 novembre 2023 |
AWSConfigServiceRolePolicy – Ajout de "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Cognito, Amazon ConnectEMR, Amazon, AWS Ground Station,, AWS Mainframe Modernization Amazon MemoryDB, AWS Organizations Amazon QuickSight, Amazon Relational Database Service (AmazonRDS), Amazon Redshift, Amazon Route 53 et. AWS Service Catalog AWS Transfer Family |
17 novembre 2023 |
AWSConfigServiceRolePolicy – Ajout de "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
Cette politique ajoute désormais des identificateurs de sécurité (SID) pour |
17 novembre 2023 |
AWS_ConfigRole – Ajout de "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Private CA AWS App Mesh, Amazon Connect, Amazon Elastic Container Service (AmazonECS), Amazon CloudWatch Evidently, Amazon Managed Grafana, Amazon, GuardDuty Amazon Inspector AWS IoT,,, AWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka (MSKAmazon AWS Lambda) AWS Network Manager,, AWS Organizations, et Amazon. SageMaker |
4 octobre 2023 |
AWSConfigServiceRolePolicy – Ajout de "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Private CA AWS App Mesh, Amazon Connect, Amazon Elastic Container Service (AmazonECS), Amazon CloudWatch Evidently, Amazon Managed Grafana, Amazon, GuardDuty Amazon Inspector AWS IoT,,, AWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka (MSKAmazon AWS Lambda) AWS Network Manager,, AWS Organizations, et Amazon. SageMaker |
4 octobre 2023 |
AWSConfigServiceRolePolicy— Supprimer "ssm:GetParameter" |
Cette politique supprime désormais les autorisations pour AWS Systems Manager (Systems Manager). |
6 septembre 2023 |
AWS_ConfigRole – Ajout de "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS App Mesh Amazon Connect CloudFront AWS CodeArtifact AWS CodeBuild, Amazon AWS Identity and Access Management (IAM) AWS Glue GuardDuty, Amazon Inspector,,, AWS IoT AWS IoT TwinMaker AWS IoT Wireless, Amazon Managed Streaming pour Apache Kafka, Amazon Macie AWS Elemental MediaConnect AWS Network Manager, Amazon Route 53 AWS Organizations Explorateur de ressources AWS, Amazon Simple Storage Service (Amazon S3) et Amazon Simple Notification Service (Amazon). AWS CloudFormation SNS |
28 juillet 2023 |
AWSConfigServiceRolePolicy – Ajout de "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS App Mesh Amazon AppStream 2.0, Amazon AWS CloudFormation,, CloudFront AWS CodeArtifact, Amazon Connect AWS CodeBuild, AWS Identity and Access Management (IAM) AWS Glue, Amazon Inspector GuardDuty,,,, Amazon Managed Streaming pour Apache Kafka AWS IoT TwinMaker AWS IoT Wireless, Amazon Macie,,,,,, Amazon Route 53 AWS Elemental MediaConnect AWS Network Manager AWS Organizations Explorateur de ressources AWS, Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon S3), Amazon Simple Notification Service (Amazon) et SNS Amazon EC2 Systems Manager (). AWS IoT SSM |
28 juillet 2023 |
AWS_ConfigRole – Ajout de "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Amplify Amazon Connect AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena AWS Batch,,,,,, Amazon AWS Directory Service DynamoDB AWS CloudFormation AWS CloudTrail AWS CodeArtifact CodeGuru, Amazon Elastic Compute Cloud (Amazon), Amazon CloudWatch Evidently, Amazon ForecastEC2,, () AWS Organizations, Amazon IAM Managed Streaming pour Apache Kafka ( AWS Identity and Access Management AmazonMSK) AWS IoT Greengrass AWS Ground Station, Amazon Lightsail, Amazon Logs, Amazon Pinpoint, Amazon CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor Cloud privé virtuel (AmazonVPC), Amazon Personalize QuickSight, Amazon AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker,. AWS Transfer Family |
13 juin 2023 |
AWSConfigServiceRolePolicy – Ajout de "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Amplify Amazon Connect AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena AWS Batch,,,,,, Amazon AWS Directory Service DynamoDB AWS CloudFormation AWS CloudTrail AWS CodeArtifact CodeGuru, Amazon Elastic Compute Cloud (Amazon), Amazon CloudWatch Evidently, Amazon ForecastEC2,, () AWS Organizations, Amazon IAM Managed Streaming pour Apache Kafka ( AWS Identity and Access Management AmazonMSK) AWS IoT Greengrass AWS Ground Station, Amazon Lightsail, Amazon Logs, Amazon Pinpoint, Amazon CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor Cloud privé virtuel (AmazonVPC), Amazon Personalize QuickSight, Amazon AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker,. AWS Transfer Family |
13 juin 2023 |
AWSConfigServiceRolePolicy – Ajout de amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Workflows pour AWS Amplify AWS App Mesh AWS App Runner, CloudFront, Amazon AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, SageMaker Amazon, AWS Transfer Family Amazon Pinpoint, Resilience Hub AWS , Amazon CloudWatch, AWS Directory Service et. AWS Migration Hub AWS WAF |
13 avril 2023 |
AWS_ConfigRole – Ajout de amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Workflows pour AWS Amplify AWS App Mesh AWS App Runner, CloudFront, Amazon AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, SageMaker Amazon, AWS Transfer Family Amazon Pinpoint, Resilience Hub AWS , Amazon CloudWatch, AWS Directory Service et. AWS Migration Hub AWS WAF |
13 avril 2023 |
AWSConfigServiceRolePolicy – Ajout de appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
Cette politique prend désormais en charge des autorisations supplémentaires pour les flux de travail gérés par Amazon pour Amazon, Amazon AppStream 2.0 CloudFront, Amazon CloudWatch, AWS CodeArtifact, AWS CodeCommit, AWS Device Farm, Amazon CloudWatch Evidently, Amazon Forecast AWS Ground Station, AWS Identity and Access Management (IAM) AWS IoT, Amazon MemoryDB, Amazon Pinpoint,, AWS Network Manager, Amazon Relational AWS Panorama Database Service (Amazon)RDS, Amazon Redshift et Amazon. AppFlow AWS App Runner SageMaker |
30 mars 2023 |
AWS_ConfigRole – Ajout de appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Workflows pour Amazon AppFlow AWS App Runner, Amazon AppStream 2.0 AWS CloudFormation, Amazon CloudFront,, CloudWatch, AWS CodeArtifact AWS CodeCommit AWS Device Farm, Amazon Elastic Compute Cloud (AmazonEC2), Amazon CloudWatch Evidently, Amazon Forecast AWS Ground Station, AWS Identity and Access Management (IAM), Amazon MemoryDB AWS IoT, Amazon Pinpoint,, AWS Network Manager, Amazon Relational AWS Panorama Database Service (Amazon)RDS, Amazon Redshift et Amazon. SageMaker |
30 mars 2023 |
AWSConfigRulesExecutionRole— AWS Config commence à suivre les modifications apportées à cette politique AWS gérée |
Cette politique permet aux AWS Lambda fonctions d'accéder aux AWS Config API instantanés de configuration fournis régulièrement à Amazon S3 et aux instantanés de configuration. AWS Config Cet accès est requis par les fonctions qui évaluent les modifications de configuration pour les AWS règles Lambda personnalisées. |
7 mars 2023 |
AWSConfigRoleForOrganizations— AWS Config commence à suivre les modifications apportées à cette politique AWS gérée |
Cette politique permet d' AWS Config appeler en lecture seule AWS Organizations APIs. |
7 mars 2023 |
AWSConfigRemediationServiceRolePolicy— AWS Config commence à suivre les modifications apportées à cette politique AWS gérée |
Cette politique permet AWS Config de corriger les |
7 mars 2023 |
AWSConfigServiceRolePolicy – Ajout de auditmanager:GetAccountStatus |
Cette politique autorise désormais le renvoi de l'état d'enregistrement d'un compte dans AWS Audit Manager. |
3 mars 2023 |
AWS_ConfigRole – Ajout de auditmanager:GetAccountStatus |
Cette politique autorise désormais le renvoi de l'état d'enregistrement d'un compte dans AWS Audit Manager. |
3 mars 2023 |
AWSConfigMultiAccountSetupPolicy— AWS Config commence à suivre les modifications apportées à cette politique AWS gérée |
Cette politique permet d' AWS Config appeler AWS des services et de déployer AWS Config des ressources au sein d'une organisation avec AWS Organizations. |
27 février 2023 |
AWSConfigServiceRolePolicy – Ajout de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Cette politique prend désormais en charge des autorisations supplémentaires pour les flux de travail gérés par Amazon pour Apache Airflow AWS IoT, Amazon AppStream 2.0, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Application Recovery Controller ARC () AWS Device Farm, Amazon Elastic Compute Cloud (EC2Amazon), Amazon Pinpoint AWS Identity and Access Management (IAM), Amazon et Amazon Logs GuardDuty. CloudWatch |
1er février 2023 |
AWS_ConfigRole – Ajout de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Cette politique prend désormais en charge des autorisations supplémentaires pour les flux de travail gérés par Amazon pour Apache Airflow AWS IoT, Amazon AppStream 2.0, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Application Recovery Controller ARC () AWS Device Farm, Amazon Elastic Compute Cloud (EC2Amazon), Amazon Pinpoint AWS Identity and Access Management (IAM), Amazon et Amazon Logs GuardDuty. CloudWatch |
1er février 2023 |
ConfigConformsServiceRolePolicy – Mise à jour de config:DescribeConfigRules |
À titre de bonne pratique de sécurité, cette politique supprime désormais les autorisations étendues au niveau des ressources pour |
12 janvier 2023 |
AWSConfigServiceRolePolicy – Ajout de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus AWS Audit Manager,,, AWS Device Farm AWS Database Migration Service ,AWS DMS() AWS Directory Service, Amazon Elastic Compute Cloud (AmazonEC2) AWS Glue,,, AWS IoT Amazon Lightsail,,, Amazon AWS Elemental MediaPackage, Application Recovery Controller (ARC) AWS Network Manager AWS Resource Access Manager, QuickSight Amazon Simple Storage Service (Amazon S3) et Amazon Timestream. |
15 décembre 2022 |
AWS_ConfigRole – Ajout de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus AWS Audit Manager,,, AWS Device Farm AWS Database Migration Service ,AWS DMS() AWS Directory Service, Amazon Elastic Compute Cloud (AmazonEC2) AWS Glue,,, AWS IoT Amazon Lightsail,,, Amazon AWS Elemental MediaPackage, Application Recovery Controller (ARC) AWS Network Manager AWS Resource Access Manager, QuickSight Amazon Simple Storage Service (Amazon S3) et Amazon Timestream. |
15 décembre 2022 |
AWSConfigServiceRolePolicy – Ajout de cloudformation:ListStackResources and cloudformation:ListStacks |
Cette politique accorde désormais l'autorisation de renvoyer des descriptions de toutes les ressources d'une AWS CloudFormation pile spécifiée et de renvoyer les informations récapitulatives pour les piles dont le statut correspond à celui spécifiéStackStatusFilter. |
7 novembre 2022 |
AWS_ConfigRole – Ajout de cloudformation:ListStackResources and cloudformation:ListStacks |
Cette politique accorde désormais l'autorisation de renvoyer des descriptions de toutes les ressources d'une AWS CloudFormation pile spécifiée et de renvoyer les informations récapitulatives pour les piles dont le statut correspond à celui spécifiéStackStatusFilter. |
7 novembre 2022 |
AWSConfigServiceRolePolicy – Ajout de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Certificate Manager les flux de travail gérés par Amazon pour Apache Airflow AWS Amplify AWS AppConfig, Amazon Keyspaces, Amazon, Amazon Connect, CloudWatch Amazon Elastic Compute Cloud (Amazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (EC2Amazon), Amazon, Amazon Location EKS Service, Amazon Lex, Amazon EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon, AmazonFSx, Amazon AWS IoT Location Service, GameLift Amazon, Amazon, Amazon Lightsail, Amazon AWS OpsWorks AWS Panorama Pinpoint,,,,, Amazon, base de données relationnelle Amazon AWS Resource Access Manager QuickSight Service (AmazonRDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups,,, Amazon Route 53, Amazon Simple Storage Service AWS Cloud Map(Amazon S3), et. AWS Security Token Service |
19 octobre 2022 |
AWS_ConfigRole – Ajout de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Certificate Manager les flux de travail gérés par Amazon pour Apache Airflow AWS Amplify AWS AppConfig, Amazon Keyspaces, Amazon, Amazon Connect, CloudWatch Amazon Elastic Compute Cloud (Amazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (EC2Amazon), Amazon, Amazon Location EKS Service, Amazon Lex, Amazon EventBridge, AWS Fault Injection Service Amazon Location Service, Amazon, AmazonFSx, Amazon AWS IoT Location Service, GameLift Amazon, Amazon, Amazon Lightsail, Amazon AWS OpsWorks AWS Panorama Pinpoint,,,,, Amazon, base de données relationnelle Amazon AWS Resource Access Manager QuickSight Service (AmazonRDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups,,, Amazon Route 53, Amazon Simple Storage Service AWS Cloud Map(Amazon S3), et. AWS Security Token Service |
19 octobre 2022 |
AWSConfigServiceRolePolicy – Ajout de Glue::GetTable |
Cette politique accorde désormais l'autorisation de récupérer la définition de AWS Glue table dans un catalogue de données pour une table spécifiée. |
14 septembre 2022 |
AWS_ConfigRole – Ajout de Glue::GetTable |
Cette politique accorde désormais l'autorisation de récupérer la définition de AWS Glue table dans un catalogue de données pour une table spécifiée. |
14 septembre 2022 |
AWSConfigServiceRolePolicy – Ajout de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon AppFlow, Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, les profils clients Amazon Connect, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, AmazonEMR, Amazon Schemas EventBridge, EventBridge Amazon Fraud Detector Amazon FinSpace, Amazon, GameLift Amazon Interactive Video Service (Amazon), IVS Amazon Managed Service pour Apache Flink, Image BuilderEC2, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble QuickSight Pinpoint, StudioAmazon Amazon, ARC Application Recovery Controller (), Amazon Simple Storage Service (Amazon S3) Storage S3), Amazon Route 53 Resolver Amazon SimpleDB, Amazon Simple Email SES Service (Amazon), Amazon Timestream,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, et AWS Transfer Family. |
7 septembre 2022 |
AWS_ConfigRole – Ajout de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon AppFlow, Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, les profils clients Amazon Connect, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, AmazonEMR, Amazon Schemas EventBridge, EventBridge Amazon Fraud Detector Amazon FinSpace, Amazon, GameLift Amazon Interactive Video Service (Amazon), IVS Amazon Managed Service pour Apache Flink, Image BuilderEC2, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble QuickSight Pinpoint, StudioAmazon Amazon, ARC Application Recovery Controller (), Amazon Simple Storage Service (Amazon S3) Storage S3), Amazon Route 53 Resolver Amazon SimpleDB, Amazon Simple Email SES Service (Amazon), Amazon Timestream,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, et AWS Transfer Family |
7 septembre 2022 |
AWSConfigServiceRolePolicy – Ajout de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | Cette politique prend désormais en charge des autorisations supplémentaires pour les flux de travail gérés par Amazon pour Apache Airflow AWS IoT, Amazon AppStream 2.0, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Application Recovery Controller ARC () AWS Device Farm, Amazon Elastic Compute Cloud (EC2Amazon), Amazon Pinpoint AWS Identity and Access Management (IAM), Amazon et Amazon Logs GuardDuty. CloudWatch | 1er février 2023 |
AWS_ConfigRole – Ajout de airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Cette politique prend désormais en charge des autorisations supplémentaires pour les flux de travail gérés par Amazon pour Apache Airflow AWS IoT, Amazon AppStream 2.0, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Application Recovery Controller ARC () AWS Device Farm, Amazon Elastic Compute Cloud (EC2Amazon), Amazon Pinpoint AWS Identity and Access Management (IAM), Amazon et Amazon Logs GuardDuty. CloudWatch |
1er février 2023 |
ConfigConformsServiceRolePolicy – Mise à jour de config:DescribeConfigRules |
À titre de bonne pratique de sécurité, cette politique supprime désormais les autorisations étendues au niveau des ressources pour |
12 janvier 2023 |
AWSConfigServiceRolePolicy – Ajout de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus AWS Audit Manager,,, AWS Device Farm AWS Database Migration Service ,AWS DMS() AWS Directory Service, Amazon Elastic Compute Cloud (AmazonEC2) AWS Glue,,, AWS IoT Amazon Lightsail,,, Amazon AWS Elemental MediaPackage, Application Recovery Controller (ARC) AWS Network Manager AWS Resource Access Manager, QuickSight Amazon Simple Storage Service (Amazon S3) et Amazon Timestream. |
15 décembre 2022 |
AWS_ConfigRole – Ajout de APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Managed Service pour Prometheus AWS Audit Manager,,, AWS Device Farm AWS Database Migration Service ,AWS DMS() AWS Directory Service, Amazon Elastic Compute Cloud (AmazonEC2) AWS Glue,,, AWS IoT Amazon Lightsail,,, Amazon AWS Elemental MediaPackage, Application Recovery Controller (ARC) AWS Network Manager AWS Resource Access Manager, QuickSight Amazon Simple Storage Service (Amazon S3) et Amazon Timestream. |
15 décembre 2022 |
AWSConfigServiceRolePolicy – Ajout de cloudformation:ListStackResources and cloudformation:ListStacks |
Cette politique accorde désormais l'autorisation de renvoyer des descriptions de toutes les ressources d'une AWS CloudFormation pile spécifiée et de renvoyer les informations récapitulatives pour les piles dont le statut correspond à celui spécifiéStackStatusFilter. |
7 novembre 2022 |
AWS_ConfigRole – Ajout de cloudformation:ListStackResources and cloudformation:ListStacks |
Cette politique accorde désormais l'autorisation de renvoyer des descriptions de toutes les ressources d'une AWS CloudFormation pile spécifiée et de renvoyer les informations récapitulatives pour les piles dont le statut correspond à celui spécifiéStackStatusFilter. |
7 novembre 2022 |
AWSConfigServiceRolePolicy – Ajout de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Certificate Manager les flux de travail gérés par Amazon pour Apache Airflow AWS Amplify AWS AppConfig, Amazon Keyspaces, Amazon, Amazon Connect, CloudWatch Amazon Elastic Compute Cloud (Amazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon), Amazon, Amazon Location EKS Service, Amazon EventBridge Lex, AWS Fault Injection Service Amazon, Amazon Location Service, AmazonFSx, Amazon, Amazon AWS IoT Location Service, GameLift Amazon, Amazon, Amazon Lightsail, Amazon Pinpoint,,,,, Amazon, Amazon Relational EC2 AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Database Service (AmazonRDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups,,, Amazon Route 53, Amazon Simple Storage Service AWS Cloud Map(Amazon S3), et. AWS Security Token Service |
19 octobre 2022 |
AWS_ConfigRole – Ajout de acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Certificate Manager les flux de travail gérés par Amazon pour Apache Airflow AWS Amplify AWS AppConfig, Amazon Keyspaces, Amazon, Amazon Connect, CloudWatch Amazon Elastic Compute Cloud (Amazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon), Amazon, Amazon Location EKS Service, Amazon EventBridge Lex, AWS Fault Injection Service Amazon, Amazon Location Service, AmazonFSx, Amazon, Amazon AWS IoT Location Service, GameLift Amazon, Amazon, Amazon Lightsail, Amazon Pinpoint,,,,, Amazon, Amazon Relational EC2 AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Database Service (AmazonRDS), Amazon AWS RoboMaker Rekognition AWS Resource Groups,,, Amazon Route 53, Amazon Simple Storage Service AWS Cloud Map(Amazon S3), et. AWS Security Token Service |
19 octobre 2022 |
AWSConfigServiceRolePolicy – Ajout de Glue::GetTable |
Cette politique accorde désormais l'autorisation de récupérer la définition de AWS Glue table dans un catalogue de données pour une table spécifiée. |
14 septembre 2022 |
AWS_ConfigRole – Ajout de Glue::GetTable |
Cette politique accorde désormais l'autorisation de récupérer la définition de AWS Glue table dans un catalogue de données pour une table spécifiée. |
14 septembre 2022 |
AWSConfigServiceRolePolicy – Ajout de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon AppFlow, Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, les profils clients Amazon Connect, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, AmazonEMR, Amazon Schemas EventBridge, EventBridge Amazon Fraud Detector Amazon FinSpace, Amazon, GameLift Amazon Interactive Video Service (Amazon), IVS Amazon Managed Service pour Apache Flink, Image BuilderEC2, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble QuickSight Pinpoint, StudioAmazon Amazon, ARC Application Recovery Controller (), Amazon Simple Storage Service (Amazon S3) Storage S3), Amazon Route 53 Resolver Amazon SimpleDB, Amazon Simple Email SES Service (Amazon), Amazon Timestream,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, et AWS Transfer Family. |
7 septembre 2022 |
AWS_ConfigRole – Ajout de appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon AppFlow, Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, les profils clients Amazon Connect, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, AmazonEMR, Amazon Schemas EventBridge, EventBridge Amazon Fraud Detector Amazon FinSpace, Amazon, GameLift Amazon Interactive Video Service (Amazon), IVS Amazon Managed Service pour Apache Flink, Image BuilderEC2, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble QuickSight Pinpoint, StudioAmazon Amazon, ARC Application Recovery Controller (), Amazon Simple Storage Service (Amazon S3) Storage S3), Amazon Route 53 Resolver Amazon SimpleDB, Amazon Simple Email SES Service (Amazon), Amazon Timestream,,,,,,,,,,, AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, et AWS Transfer Family |
7 septembre 2022 |
AWSConfigServiceRolePolicy – Ajout de datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
Cette politique autorise désormais à renvoyer une liste d' AWS DataSync agents, d'emplacements DataSync source et de destination et de DataSync tâches dans un Compte AWS ; à répertorier des informations récapitulatives sur les AWS Cloud Map espaces de noms et les services associés à un ou plusieurs espaces de noms spécifiés dans un Compte AWS ; et à répertorier toutes les listes de contacts Amazon Simple Email Service SES (Amazon) disponibles dans. Compte AWS |
22 août 2022 |
AWS_ConfigRole – Ajout de datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
Cette politique autorise désormais à renvoyer une liste d' AWS DataSync agents, d'emplacements DataSync source et de destination et de DataSync tâches dans un Compte AWS ; à répertorier des informations récapitulatives sur les AWS Cloud Map espaces de noms et les services associés à un ou plusieurs espaces de noms spécifiés dans un Compte AWS ; et à répertorier toutes les listes de contacts Amazon Simple Email Service SES (Amazon) disponibles dans. Compte AWS |
22 août 2022 |
ConfigConformsServiceRolePolicy – Ajout de cloudwatch:PutMetricData |
Cette politique autorise désormais la publication de points de données métriques sur Amazon CloudWatch. |
25 juillet 2022 |
AWSConfigServiceRolePolicy – Ajout de amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Elastic Container Service (AmazonECS), Amazon ElastiCache, Amazon EventBridge, AmazonFSx, Amazon Managed Service pour Apache Flink, Amazon Location Service, Amazon Managed Streaming pour Apache Kafka, Amazon, QuickSight Amazon Rekognition, Amazon Simple Storage Service (Amazon S3) AWS RoboMaker, Amazon Simple Email Service (Amazon S3), Amazon Simple Email Service (SESAmazon),,,,,,,, (Centre d'identité) AWS Amplify AWS AppConfig, Image AWS AppSync AWS Billing Conductor AWS DataSync AWS Firewall Manager AWS Glue AWS IAM Identity Center IAM EC2 Builder et Elastic Load Balancing. |
15 juillet 2022 |
AWS_ConfigRole – Ajout de amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
Cette politique prend désormais en charge des autorisations supplémentaires pour Amazon Elastic Container Service (AmazonECS), Amazon ElastiCache, Amazon EventBridge, AmazonFSx, Amazon Managed Service pour Apache Flink, Amazon Location Service, Amazon Managed Streaming pour Apache Kafka, Amazon, QuickSight Amazon Rekognition, Amazon Simple Storage Service (Amazon S3) AWS RoboMaker, Amazon Simple Email Service (Amazon S3), Amazon Simple Email Service (SESAmazon),,,,,,,, (Centre d'identité) AWS Amplify AWS AppConfig, Image AWS AppSync AWS Billing Conductor AWS DataSync AWS Firewall Manager AWS Glue AWS IAM Identity Center IAM EC2 Builder et Elastic Load Balancing. |
15 juillet 2022 |
AWSConfigServiceRolePolicy – Ajout de athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
Cette politique autorise désormais à obtenir un catalogue de données Amazon Athena spécifié, à répertorier les catalogues de données Athena dans un et à répertorier les balises associées à un Compte AWS groupe de travail ou à une ressource de catalogue de données Athena ; à obtenir une liste de graphes de comportement Amazon Detective et à répertorier les balises d'un graphe de comportement de détective ; à obtenir une liste de métadonnées de ressources pour une liste donnée de noms de points de terminaison de développement, à obtenir des informations sur un point de AWS Glue développement spécifique, à obtenir tous les AWS Glue développements points de terminaison dans un, récupèrent une sécurité spécifiée AWS Glue
Compte AWS AWS Glue configuration, obtenir toutes les configurations de AWS Glue sécurité, obtenir une liste des balises associées à une AWS Glue ressource, obtenir des informations sur un AWS Glue groupe de travail portant le nom spécifié, récupérer les noms de toutes les ressources d'un AWS
compte, obtenir les noms de toutes les ressources d'un, AWS Glue répertorier les noms de toutes les AWS Glue |
31 mai 2022 |
AWS_ConfigRole – Ajout de athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
Cette politique autorise désormais à obtenir un catalogue de données Amazon Athena spécifié, à répertorier les catalogues de données Athena dans un et à répertorier les balises associées à un Compte AWS groupe de travail ou à une ressource de catalogue de données Athena ; à obtenir une liste de graphes de comportement Amazon Detective et à répertorier les balises d'un graphe de comportement de détective ; à obtenir une liste de métadonnées de ressources pour une liste donnée de noms de points de terminaison de développement, à obtenir des informations sur un point de AWS Glue développement spécifique, à obtenir tous les AWS Glue développements points de terminaison dans un, récupèrent une sécurité spécifiée AWS Glue
Compte AWS AWS Glue configuration, obtenir toutes les configurations de AWS Glue sécurité, obtenir une liste des balises associées à une AWS Glue ressource, obtenir des informations sur un AWS Glue groupe de travail portant le nom spécifié, récupérer les noms de toutes les ressources d'un AWS
compte, obtenir les noms de toutes les ressources d'un, AWS Glue répertorier les noms de toutes les AWS Glue |
31 mai 2022 |
AWSConfigServiceRolePolicy – Ajout de cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
Cette politique permet désormais d'obtenir des informations sur tous les événements ou sur un magasin de données d' AWS CloudTrail événements spécifique (EDS), d'obtenir des informations sur toutes les ressources ou sur une AWS CloudFormation ressource spécifiée, d'obtenir la liste d'un groupe de paramètres ou d'un groupe de sous-réseaux DynamoDB Accelerator DAX (), d'obtenir des AWS Database Migration Service informations sur AWS DMS() les tâches de réplication pour votre compte dans la région actuellement consultée et d'obtenir une liste de toutes les politiques AWS Organizations d'un type spécifié. |
7 avril 2022 |
AWS_ConfigRole – Ajout de cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
Cette politique permet désormais d'obtenir des informations sur tous les événements ou sur un magasin de données d' AWS CloudTrail événements spécifique (EDS), d'obtenir des informations sur toutes les ressources ou sur une AWS CloudFormation ressource spécifiée, d'obtenir la liste d'un groupe de paramètres ou d'un groupe de sous-réseaux DynamoDB Accelerator DAX (), d'obtenir des AWS Database Migration Service informations sur AWS DMS() les tâches de réplication pour votre compte dans la région actuellement consultée et d'obtenir une liste de toutes les politiques AWS Organizations d'un type spécifié. |
7 avril 2022 |
AWSConfigServiceRolePolicy – Ajout de backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Backup AWS Batch, DynamoDB Accelerator, AWS Database Migration Service Amazon DynamoDB, Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon, Amazon, Amazon Relational Database Service, FSx V2 GuardDuty et AWS Key Management Service Amazon AWS OpsWorks. AWS WAF WorkSpaces |
14 mars 2022 |
AWS_ConfigRole – Ajout de backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
Cette politique prend désormais en charge des autorisations supplémentaires pour AWS Backup AWS Batch, DynamoDB Accelerator, AWS Database Migration Service Amazon DynamoDB, Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon, Amazon, Amazon Relational Database Service, FSx V2 GuardDuty et AWS Key Management Service Amazon AWS OpsWorks. AWS WAF WorkSpaces |
14 mars 2022 |
AWSConfigServiceRolePolicy – Ajout de elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
Cette politique autorise désormais à obtenir des informations sur les environnements Elastic Beanstalk et une description des paramètres du jeu de configuration Elastic Beanstalk spécifié, à obtenir une carte des versions d'Elasticsearch, à décrire les groupes d'options RDS Amazon disponibles pour une base OpenSearch de données et à obtenir des informations sur une configuration de déploiement. CodeDeploy Cette politique autorise également désormais à récupérer le contact alternatif spécifié attaché à une Compte AWS, à récupérer des informations sur une AWS Organizations politique, à récupérer une politique de ECR référentiel Amazon, à récupérer des informations sur une AWS Config règle archivée, à récupérer une liste des familles de définitions de ECS tâches Amazon, à répertorier les unités organisationnelles racine ou parent (OUs) de l'unité d'organisation ou du compte enfant spécifié, et à répertorier les politiques associées à la racine, à l'unité organisationnelle ou au compte cible spécifié. |
10 février 2022 |
AWS_ConfigRole – Ajout de elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
Cette politique autorise désormais à obtenir des informations sur les environnements Elastic Beanstalk et une description des paramètres du jeu de configuration Elastic Beanstalk spécifié, à obtenir une carte des versions d'Elasticsearch, à décrire les groupes d'options RDS Amazon disponibles pour une base OpenSearch de données et à obtenir des informations sur une configuration de déploiement. CodeDeploy Cette politique autorise également désormais à récupérer le contact alternatif spécifié attaché à une Compte AWS, à récupérer des informations sur une AWS Organizations politique, à récupérer une politique de ECR référentiel Amazon, à récupérer des informations sur une AWS Config règle archivée, à récupérer une liste des familles de définitions de ECS tâches Amazon, à répertorier les unités organisationnelles racine ou parent (OUs) de l'unité d'organisation ou du compte enfant spécifié, et à répertorier les politiques associées à la racine, à l'unité organisationnelle ou au compte cible spécifié. |
10 février 2022 |
AWSConfigServiceRolePolicy – Ajout de logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
Cette politique accorde désormais l'autorisation de créer des groupes de CloudWatch journaux et des flux Amazon et d'écrire des journaux dans les flux de journaux créés. |
15 décembre 2021 |
AWS_ConfigRole – Ajout de logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
Cette politique accorde désormais l'autorisation de créer des groupes de CloudWatch journaux et des flux Amazon et d'écrire des journaux dans les flux de journaux créés. |
15 décembre 2021 |
AWSConfigServiceRolePolicy – Ajout de es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
Cette politique autorise désormais à obtenir des informations sur un ou plusieurs domaines Amazon OpenSearch Service (OpenSearch Service) et à obtenir une liste de paramètres détaillée pour un groupe de paramètres de base de données Amazon Relational Database Service (AmazonRDS) particulier. Cette politique accorde également l'autorisation d'obtenir des informations sur les ElastiCache instantanés Amazon. |
8 septembre 2021 |
AWS_ConfigRole – Ajout de es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
Cette politique autorise désormais à obtenir des informations sur un ou plusieurs domaines Amazon OpenSearch Service (OpenSearch Service) et à obtenir une liste de paramètres détaillée pour un groupe de paramètres de base de données Amazon Relational Database Service (AmazonRDS) particulier. Cette politique accorde également l'autorisation d'obtenir des informations sur les ElastiCache instantanés Amazon. |
8 septembre 2021 |
AWSConfigServiceRolePolicy— Ajout logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine et autorisations supplémentaires pour les types de AWS ressources |
Cette politique accorde désormais des autorisations pour répertorier les balises d'un groupe de journaux, répertorier les balises d'une machine d'état et répertorier toutes les machines d'état. Cette politique accorde désormais des autorisations pour obtenir des détails sur une machine d'état. Cette politique prend également désormais en charge des autorisations supplémentaires pour Amazon EC2 Systems Manager (SSM), Amazon Elastic Container RegistryFSx, Amazon, Amazon Data Firehose, Amazon Managed Streaming pour Apache Kafka (MSKAmazon), Amazon Relational Database RDS Service (Amazon), Amazon Route 53, Amazon SageMaker, Amazon AWS Database Migration Service Simple AWS Global Accelerator Notification Service,, et. AWS Storage Gateway |
28 juillet 2021 |
AWS_ConfigRole— Ajoutez l et ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine des autorisations supplémentaires pour les types de AWS ressources |
Cette politique accorde désormais des autorisations pour répertorier les balises d'un groupe de journaux, répertorier les balises d'une machine d'état et répertorier toutes les machines d'état. Cette politique accorde désormais des autorisations pour obtenir des détails sur une machine d'état. Cette politique prend également désormais en charge des autorisations supplémentaires pour Amazon EC2 Systems Manager (SSM), Amazon Elastic Container RegistryFSx, Amazon, Amazon Data Firehose, Amazon Managed Streaming pour Apache Kafka (MSKAmazon), Amazon Relational Database RDS Service (Amazon), Amazon Route 53, Amazon SageMaker, Amazon AWS Database Migration Service Simple AWS Global Accelerator Notification Service,, et. AWS Storage Gateway |
28 juillet 2021 |
AWSConfigServiceRolePolicy— Ajout ssm:DescribeDocumentPermission d'autorisations supplémentaires pour les types de AWS ressources |
Cette politique autorise désormais l'affichage des autorisations relatives aux AWS Systems Manager documents et aux informations concernant IAM Access Analyzer. Cette politique prend désormais en charge AWS des types de ressources supplémentaires pour Amazon Kinesis, ElastiCache AmazonEMR, Amazon, AWS Network Firewall Amazon Route 53 et Amazon Relational Database Service (Amazon). RDS Ces modifications d'autorisation permettent AWS Config d'invoquer le mode lecture seule APIs requis pour prendre en charge ces types de ressources. Cette politique prend également désormais en charge le filtrage des fonctions Lambda @Edge pour la règle lambda-inside-vpc AWS Config gérée. |
8 juin 2021 |
AWS_ConfigRole— Ajout ssm:DescribeDocumentPermission d'autorisations supplémentaires pour les types de AWS ressources |
Cette politique autorise désormais l'affichage des autorisations relatives aux AWS Systems Manager documents et aux informations concernant IAM Access Analyzer. Cette politique prend désormais en charge AWS des types de ressources supplémentaires pour Amazon Kinesis, ElastiCache AmazonEMR, Amazon, AWS Network Firewall Amazon Route 53 et Amazon Relational Database Service (Amazon). RDS Ces modifications d'autorisation permettent AWS Config d'invoquer le mode lecture seule APIs requis pour prendre en charge ces types de ressources. Cette politique prend également désormais en charge le filtrage des fonctions Lambda @Edge pour la règle lambda-inside-vpc AWS Config gérée. |
8 juin 2021 |
AWSConfigServiceRolePolicy— Ajoutez apigateway:GET l'autorisation de passer des GET appels en lecture seule à API Gateway et l's3:GetAccessPointPolicyautorisation et s3:GetAccessPointPolicyStatus l'autorisation d'invoquer Amazon S3 en lecture seule APIs |
Cette politique accorde désormais des autorisations permettant de AWS Config passer des GET appels en lecture seule à API Gateway afin de prendre en charge une AWS Config règle pour API Gateway. La politique ajoute également des autorisations AWS Config permettant d'invoquer Amazon Simple Storage Service (Amazon S3) en APIs lecture seule, qui sont nécessaires pour prendre en charge le nouveau type de ressource. |
10 mai 2021 |
AWS_ ConfigRole — Ajoutez apigateway:GET l'autorisation d'effectuer des GET appels en lecture seule à API Gateway et l's3:GetAccessPointPolicyautorisation et s3:GetAccessPointPolicyStatus l'autorisation d'invoquer Amazon S3 en lecture seule APIs |
Cette politique accorde désormais des autorisations permettant de AWS Config passer des GET appels en lecture seule à API Gateway pour prendre en charge un AWS Config for API Gateway. La politique ajoute également des autorisations AWS Config permettant d'invoquer Amazon Simple Storage Service (Amazon S3) en APIs lecture seule, qui sont nécessaires pour prendre en charge le nouveau type de ressource. |
10 mai 2021 |
AWSConfigServiceRolePolicy— Ajoutez des ssm:ListDocuments autorisations et des autorisations supplémentaires pour les types de AWS ressources |
Cette politique accorde désormais des autorisations pour afficher des informations sur des documents AWS Systems Manager spécifiés. Cette politique prend également désormais en charge AWS des types de ressources supplémentaires pour AWS Backup Amazon Elastic File System ElastiCache, Amazon, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (EC2Amazon), Amazon Kinesis SageMaker AWS Database Migration Service, Amazon et Amazon Route 53. Ces modifications d'autorisation permettent AWS Config d'invoquer le mode lecture seule APIs requis pour prendre en charge ces types de ressources. |
1 avril 2021 |
AWS_ConfigRole— Ajoutez des ssm:ListDocuments autorisations et des autorisations supplémentaires pour les types de AWS ressources |
Cette politique accorde désormais des autorisations pour afficher des informations sur des documents AWS Systems Manager spécifiés. Cette politique prend également désormais en charge AWS des types de ressources supplémentaires pour AWS Backup Amazon Elastic File System ElastiCache, Amazon, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (EC2Amazon), Amazon Kinesis SageMaker AWS Database Migration Service, Amazon et Amazon Route 53. Ces modifications d'autorisation permettent AWS Config d'invoquer le mode lecture seule APIs requis pour prendre en charge ces types de ressources. |
1 avril 2021 |
|
|
1 avril 2021 |
AWS Config a commencé à suivre les modifications |
AWS Config a commencé à suivre les modifications apportées AWS à ses politiques gérées. |
1 avril 2021 |