翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS の マネージドポリシー AWS Config
An AWS 管理ポリシーは、 によって作成および管理されるスタンドアロンポリシーです。 AWS. AWS マネージドポリシーは、多くの一般的なユースケースにアクセス許可を付与するように設計されているため、ユーザー、グループ、ロールにアクセス許可の割り当てを開始できます。
次の点に注意してください。 AWS マネージドポリシーは、すべての で利用できるため、特定のユースケースに対して最小特権のアクセス許可を付与しない場合があります。 AWS を使用する顧客。ユースケース別にカスタマーマネージドポリシーを定義して、マネージドポリシーを絞り込むことをお勧めします。
で定義されているアクセス許可は変更できません AWS マネージドポリシー。If AWS は、 で定義されているアクセス許可を更新します。 AWS 管理ポリシー、更新は、ポリシーがアタッチされているすべてのプリンシパル ID (ユーザー、グループ、ロール) に影響します。 AWS は、 を更新する可能性が最も高いです。 AWS 新しい のときの 管理ポリシー AWS サービス が起動されるか、既存のサービスで新しいAPIオペレーションが使用可能になります。
詳細については、「」を参照してくださいAWSIAM ユーザーガイドの マネージドポリシー。
AWS 管理ポリシー:AWSConfigServiceRolePolicy
AWS Config は、 という名前のサービスにリンクされたロールを使用します。 AWSServiceRoleForConfig 他の を呼び出すには AWS ユーザーに代わって のサービス。を使用する場合 AWS Management Console をセットアップする AWS Config、これは SLR によって自動的に作成されます。 AWS Config を使用するオプションを選択した場合 AWS Config SLR 独自の ではなく AWS Identity and Access Management (IAM) サービスロール。
AWSServiceRoleForConfig SLR には、 マネージドポリシー が含まれていますAWSConfigServiceRolePolicy
。この管理ポリシーには、 の読み取り専用および書き込み専用のアクセス許可が含まれています。 AWS Config リソースと、他の サービスのリソースに対する読み取り専用アクセス許可 AWS Config は をサポートしています。詳細については、「サポートされているリソースタイプ」および「のサービスにリンクされたロールの使用 AWS Config」を参照してください。
ポリシーを表示します: AWSConfigServiceRolePolicy。
AWS 管理ポリシー:AWS_ConfigRole
を記録するには AWS リソース設定、 AWS Config では、 リソースに関する設定の詳細を取得するためのIAMアクセス許可が必要です。の IAMロールを作成する場合 AWS Config、 管理ポリシーを使用してAWS_ConfigRole
ロールにアタッチできますIAM。
このIAMポリシーは毎回更新されます。 AWS Config が のサポートを追加 AWS リソースタイプ。つまり、 AWS Config AWS_ConfigRole ロールにこの管理ポリシーがアタッチされている限り、 はサポートされているリソースタイプの設定データを記録するために必要なアクセス許可を引き続き持っています。詳細については、「サポートされているリソースタイプ」および「に割り当てられたIAMロールのアクセス許可 AWS Config」を参照してください。
ポリシーを表示します: AWS_ConfigRole。
AWS 管理ポリシー:AWSConfigUserAccess
このIAMポリシーは、 を使用するためのアクセスを提供します。 AWS Config。リソースのタグによる検索やすべてのタグの読み取りが含まれます。これにより、 を設定するアクセス許可が付与されません。 AWS Config。これには管理者権限が必要です。
ポリシーを表示します: AWSConfigUserAccess。
AWS 管理ポリシー:ConfigConformsServiceRolePolicy
コンフォーマンスパックをデプロイおよび管理するには、 AWS Config には、他の からのIAMアクセス許可と特定のアクセス許可が必要です AWS サービス。これにより、フル機能を備えたコンフォーマンスパックをデプロイおよび管理でき、毎回更新されます。 AWS Config では、コンフォーマンスパックの新機能が追加されました。コンフォーマンスパックの詳細については、「コンフォーマンスパック」を参照してください。
ポリシーを表示します: ConfigConformsServiceRolePolicy。
AWS 管理ポリシー:AWSConfigRulesExecutionRole
デプロイするには AWS カスタム Lambda ルール、 AWS Config には、他の からのIAMアクセス許可と特定のアクセス許可が必要です AWS サービス。これらの許可 AWS Lambda にアクセスするための 関数 AWS Config API および の設定スナップショット AWS Config は定期的に Amazon S3 に配信します。このアクセスは、 の設定変更を評価する関数で必要です。 AWS カスタム Lambda ルールと は毎回更新されます AWS Config に新機能が追加されました。の詳細については、「」を参照してください。 AWS カスタム Lambda ルール、「作成」を参照してください。 AWS Config のカスタム Lambda ルールとコンポーネント AWS Config ルール 。設定スナップショットの詳細については、「概念 | 設定スナップショット」を参照してください。設定スナップショットの配信の詳細については、「配信チャネルの管理」を参照してください。
ポリシーを表示します: AWSConfigRulesExecutionRole。
AWS 管理ポリシー:AWSConfigMultiAccountSetupPolicy
一元的にデプロイ、更新、削除するには AWS Config の組織内のメンバーアカウント全体の ルールとコンフォーマンスパック AWS Organizations, AWS Config には、他の からのIAMアクセス許可と特定のアクセス許可が必要です AWS サービス。この管理ポリシーは毎回更新されます。 AWS Config では、マルチアカウント設定の新機能が追加されました。詳細については、「 の管理」を参照してください。 AWS Config 組織内のすべてのアカウントにおけるルールと、組織内のすべてのアカウントにおけるコンフォーマンスパックの管理。
ポリシーを表示します: AWSConfigMultiAccountSetupPolicy。
AWS 管理ポリシー:AWSConfigRoleForOrganizations
を許可するには AWS Config 読み取り専用を呼び出すには AWS Organizations APIs, AWS Config には、他の からのIAMアクセス許可と特定のアクセス許可が必要です AWS サービス。この管理ポリシーは毎回更新されます。 AWS Config では、マルチアカウント設定の新機能が追加されました。詳細については、「 の管理」を参照してください。 AWS Config 組織内のすべてのアカウントにおけるルールと、組織内のすべてのアカウントにおけるコンフォーマンスパックの管理。
ポリシーを表示します: AWSConfigRoleForOrganizations。
AWS 管理ポリシー:AWSConfigRemediationServiceRolePolicy
を許可するには AWS Config ユーザーに代わって NON_COMPLIANT
リソースを修正するには、 AWS Config には、他の からのIAMアクセス許可と特定のアクセス許可が必要です AWS サービス。この管理ポリシーは毎回更新されます。 AWS Config では、修復のための新機能が追加されました。修復の詳細については、「 を使用した非準拠リソースの修復」を参照してください。 AWS Config ルール 。可能な を開始する条件の詳細については、 AWS Config 評価結果については、「概念 |」を参照してください。 AWS Config ルール 。
ポリシーを表示します: AWSConfigRemediationServiceRolePolicy。
AWS Config の更新 AWS 管理ポリシー
の更新に関する詳細を表示する AWS の マネージドポリシー AWS Config このサービスがこれらの変更の追跡を開始してから。このページの変更に関する自動アラートを受け取るには、 のRSSフィードをサブスクライブします。 AWS Config ドキュメント履歴ページ。
変更 | 説明 | 日付 |
---|---|---|
AWS_ConfigRole – 追加 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource" |
このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりました。 AWS Systems Manager for SAP. |
2024 年 6 月 17 日 |
AWSConfigServiceRolePolicy – 追加 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource" |
このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりました。 AWS Systems Manager for SAP. |
2024 年 6 月 17 日 |
AWS_ConfigRole – 追加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
このポリシーは、Amazon Managed Service for Prometheus、Amazon 、Amazon Cognito CloudWatch、Amazon 、Amazon ElastiCache、Amazon FSxの追加のアクセス許可をサポートするようになりました。 Amazon Cognito AWS Glue, AWS Identity and Access Management (IAM), AWS Lambda, AWS RAM、Amazon Redshift Serverless、Amazon SageMaker、および Amazon Simple Notification Service (Amazon SNS)。 |
2024 年 2 月 22 日 |
AWSConfigServiceRolePolicy – 追加 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
このポリシーは、Amazon Managed Service for Prometheus、Amazon 、Amazon Cognito CloudWatch、Amazon 、Amazon ElastiCache、Amazon FSxの追加のアクセス許可をサポートするようになりました。 Amazon Cognito AWS Glue, AWS Identity and Access Management (IAM), AWS Lambda, AWS RAM、Amazon Redshift Serverless、Amazon SageMaker、および Amazon Simple Notification Service (Amazon SNS)。 |
2024 年 2 月 22 日 |
AWSConfigUserAccess – AWS Config がこの の変更の追跡を開始します AWS マネージドポリシー |
このポリシーは、 を使用するためのアクセスを提供します。 AWS Config。リソースのタグによる検索やすべてのタグの読み取りが含まれます。これにより、 を設定するアクセス許可が付与されません。 AWS Config。これには管理者権限が必要です。 |
2024 年 2 月 22 日 |
AWS_ConfigRole – 追加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS AppConfig、Amazon Managed Service for Prometheus、 AWS Database Migration Service (AWS DMS), (AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs、 AWS Organizations、および Amazon Simple Storage Service (Amazon S3)。 |
2023 年 12 月 5 日 |
AWSConfigServiceRolePolicy – 追加 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS AppConfig、Amazon Managed Service for Prometheus、 AWS Database Migration Service (AWS DMS), (AWS Identity and Access Management)IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs、 AWS Organizations、および Amazon Simple Storage Service (Amazon S3)。 |
2023 年 12 月 5 日 |
AWS_ConfigRole – 追加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
このポリシーは、Amazon Cognito 、Amazon Connect Amazon Connect、 の追加のアクセス許可をサポートするようになりました。 EMR AWS Ground Station, AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53、 AWS Service Catalogおよび AWS Transfer Family. |
2023 年 11 月 17 日 |
AWS_ConfigRole – 追加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
このポリシーでは、、 |
2023 年 11 月 17 日 |
AWSConfigServiceRolePolicy – 追加 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
このポリシーは、Amazon Cognito 、Amazon Connect Amazon Connect、 の追加のアクセス許可をサポートするようになりました。 EMR AWS Ground Station, AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53、 AWS Service Catalogおよび AWS Transfer Family. |
2023 年 11 月 17 日 |
AWSConfigServiceRolePolicy – 追加 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
このポリシーでは、、 |
2023 年 11 月 17 日 |
AWS_ConfigRole – 追加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Private CA, AWS App Mesh、Amazon Connect 、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector 、 AWS IoT, AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、 AWS Lambda, AWS Network Manager, AWS Organizations、、および Amazon SageMaker。 |
2023 年 10 月 4 日 |
AWSConfigServiceRolePolicy – 追加 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Private CA, AWS App Mesh、Amazon Connect 、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector 、 AWS IoT, AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、 AWS Lambda, AWS Network Manager, AWS Organizations、、および Amazon SageMaker。 |
2023 年 10 月 4 日 |
AWSConfigServiceRolePolicy – 削除 "ssm:GetParameter" |
このポリシーは、 のアクセス許可を削除するようになりました。 AWS Systems Manager (Systems Manager)。 |
2023 年 9 月 6 日 |
AWS_ConfigRole – 追加 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS App Mesh, AWS CloudFormation、Amazon CloudFront AWS CodeArtifact, AWS CodeBuild、Amazon Connect AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT, AWS IoT TwinMaker, AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、 AWS Elemental MediaConnect, AWS Network Manager, AWS Organizations, AWS Resource Explorer、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、および Amazon Simple Notification Service (Amazon SNS)。 |
2023 年 7 月 28 日 |
AWSConfigServiceRolePolicy – 追加 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS App Mesh、Amazon AppStream 2.0、 AWS CloudFormation、Amazon CloudFront、 AWS CodeArtifact, AWS CodeBuild、Amazon Connect AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT, AWS IoT TwinMaker, AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie、 AWS Elemental MediaConnect, AWS Network Manager, AWS Organizations, AWS Resource Explorer、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS)、および Amazon EC2 Systems Manager ()SSM。 |
2023 年 7 月 28 日 |
AWS_ConfigRole – 追加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Amplify、Amazon Connect AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena AWS Batch, AWS CloudFormation, AWS CloudTrail, AWS CodeArtifact、Amazon CodeGuru、 AWS Directory Service、Amazon DynamoDBAmazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、 AWS Organizations、Amazon Forecast、 AWS IoT Greengrass, AWS Ground Station, AWS Identity and Access Management (IAM)、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon LightsailAmazon CloudWatch Logs、 AWS Elemental MediaConnect, AWS Elemental MediaTailor、Amazon Pinpoint 、Amazon Virtual Private Cloud (Amazon VPC)、Amazon Personalize、Amazon QuickSight、 AWS Migration Hub Refactor Spaces、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker、 AWS Transfer Family. |
2023 年 6 月 13 日 |
AWSConfigServiceRolePolicy – 追加 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Amplify、Amazon Connect AWS App Mesh、Amazon Managed Service for Prometheus、Amazon Athena AWS Batch, AWS CloudFormation, AWS CloudTrail, AWS CodeArtifact、Amazon CodeGuru、 AWS Directory Service、Amazon DynamoDBAmazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、 AWS Organizations、Amazon Forecast、 AWS IoT Greengrass, AWS Ground Station, AWS Identity and Access Management (IAM)、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon LightsailAmazon CloudWatch Logs、 AWS Elemental MediaConnect, AWS Elemental MediaTailor、Amazon Pinpoint 、Amazon Virtual Private Cloud (Amazon VPC)、Amazon Personalize、Amazon QuickSight、 AWS Migration Hub Refactor Spaces、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker、 AWS Transfer Family. |
2023 年 6 月 13 日 |
AWSConfigServiceRolePolicy – 追加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
このポリシーは、 の Amazon Managed Workflows の追加アクセス許可をサポートするようになりました。 AWS Amplify, AWS App Mesh, AWS App Runner、Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker、 AWS Transfer Family、Amazon Pinpoint AWS Migration Hub, AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service、および AWS WAF. |
2023 年 4 月 13 日 |
AWS_ConfigRole – 追加 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
このポリシーは、 の Amazon Managed Workflows の追加アクセス許可をサポートするようになりました。 AWS Amplify, AWS App Mesh, AWS App Runner、Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker、 AWS Transfer Family、Amazon Pinpoint AWS Migration Hub, AWS Resilience Hub、Amazon CloudWatch、 AWS Directory Service、および AWS WAF. |
2023 年 4 月 13 日 |
AWSConfigServiceRolePolicy – 追加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
このポリシーは AppFlow、Amazon マネージドワークフロー for Amazon 、 AWS App Runner、Amazon AppStream 2.0、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact, AWS CodeCommit, AWS Device Farm、Amazon CloudWatch Evidently、Amazon Forecast、 AWS Ground Station, AWS Identity and Access Management (IAM), AWS IoT、Amazon MemoryDBAmazon Pinpoint AWS Network Manager, AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、および Amazon SageMaker。 |
2023 年 3 月 30 日 |
AWS_ConfigRole – 追加 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
このポリシーは AppFlow、Amazon マネージドワークフロー for Amazon 、 AWS App Runner、Amazon AppStream 2.0、 AWS CloudFormation、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact, AWS CodeCommit, AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast、 AWS Ground Station, AWS Identity and Access Management (IAM), AWS IoT、Amazon MemoryDBAmazon Pinpoint AWS Network Manager, AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、および Amazon SageMaker。 |
2023 年 3 月 30 日 |
AWSConfigRulesExecutionRole – AWS Config がこの の変更の追跡を開始します AWS マネージドポリシー |
このポリシーでは、 AWS Lambda にアクセスするための 関数 AWS Config API および の設定スナップショット AWS Config は定期的に Amazon S3 に配信します。このアクセスは、 の設定変更を評価する関数で必要です。 AWS カスタム Lambda ルール。 |
2023 年 3 月 7 日 |
AWSConfigRoleForOrganizations – AWS Config がこの の変更の追跡を開始します AWS マネージドポリシー |
このポリシーでは、 AWS Config 読み取り専用を呼び出すには AWS Organizations APIs. |
2023 年 3 月 7 日 |
AWSConfigRemediationServiceRolePolicy – AWS Config がこの の変更の追跡を開始します AWS マネージドポリシー |
このポリシーでは、 AWS Config ユーザーに代わって |
2023 年 3 月 7 日 |
AWSConfigServiceRolePolicy – 追加 auditmanager:GetAccountStatus |
このポリシーは、 のアカウントの登録ステータスを返すアクセス許可を付与するようになりました。 AWS Audit Manager. |
2023 年 3 月 3 日 |
AWS_ConfigRole – 追加 auditmanager:GetAccountStatus |
このポリシーは、 のアカウントの登録ステータスを返すアクセス許可を付与するようになりました。 AWS Audit Manager. |
2023 年 3 月 3 日 |
AWSConfigMultiAccountSetupPolicy – AWS Config がこの の変更の追跡を開始します AWS マネージドポリシー |
このポリシーでは、 AWS Config を呼び出す AWS サービスとデプロイ AWS Config を使用した組織全体の リソース AWS Organizations. |
2023 年 2 月 27 日 |
AWSConfigServiceRolePolicy – 追加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
このポリシーは、Amazon Managed Workflows for Apache Airflow の追加アクセス許可をサポートするようになりました。 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC)、 AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs。 |
2023 年 2 月 1 日 |
AWS_ConfigRole – 追加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
このポリシーは、Amazon Managed Workflows for Apache Airflow の追加アクセス許可をサポートするようになりました。 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC)、 AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs。 |
2023 年 2 月 1 日 |
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
セキュリティのベストプラクティスとして、このポリシーは、 |
2023 年 1 月 12 日 |
AWSConfigServiceRolePolicy – 追加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
このポリシーは、Amazon Managed Service for Prometheus の追加アクセス許可をサポートするようになりました。 AWS Audit Manager, AWS Device Farm, AWS Database Migration Service (AWS DMS), AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)、 AWS Glue, AWS IoT、Amazon Lightsail AWS Elemental MediaPackage, AWS Network Manager、Amazon QuickSight、 AWS Resource Access Manager、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream。 |
2022 年 12 月 15 日 |
AWS_ConfigRole – 追加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
このポリシーは、Amazon Managed Service for Prometheus の追加アクセス許可をサポートするようになりました。 AWS Audit Manager, AWS Device Farm, AWS Database Migration Service (AWS DMS), AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)、 AWS Glue, AWS IoT、Amazon Lightsail AWS Elemental MediaPackage, AWS Network Manager、Amazon QuickSight、 AWS Resource Access Manager、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream。 |
2022 年 12 月 15 日 |
AWSConfigServiceRolePolicy – 追加 cloudformation:ListStackResources and cloudformation:ListStacks |
このポリシーは、指定された のすべてのリソースの説明を返すアクセス許可を付与するようになりました。 AWS CloudFormation スタック ステータスが指定された と一致するスタックの概要情報を返します。StackStatusFilter. |
2022 年 11 月 7 日 |
AWS_ConfigRole – 追加 cloudformation:ListStackResources and cloudformation:ListStacks |
このポリシーは、指定された のすべてのリソースの説明を返すアクセス許可を付与するようになりました。 AWS CloudFormation スタック ステータスが指定された と一致するスタックの概要情報を返します。StackStatusFilter. |
2022 年 11 月 7 日 |
AWSConfigServiceRolePolicy – 追加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify, AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect 、 AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、 AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service、 AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint 、 AWS OpsWorks, AWS Panorama, AWS Resource Access Manager、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker, AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、 AWS Cloud Mapおよび AWS Security Token Service. |
2022 年 10 月 19 日 |
AWS_ConfigRole – 追加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify, AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect 、 AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、 AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service、 AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint 、 AWS OpsWorks, AWS Panorama, AWS Resource Access Manager、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker, AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、 AWS Cloud Mapおよび AWS Security Token Service. |
2022 年 10 月 19 日 |
AWSConfigServiceRolePolicy – 追加 Glue::GetTable |
このポリシーは、 を取得するアクセス許可を付与するようになりました。 AWS Glue 指定されたテーブルのデータカタログ内のテーブル定義。 |
2022 年 9 月 14 日 |
AWS_ConfigRole – 追加 Glue::GetTable |
このポリシーは、 を取得するアクセス許可を付与するようになりました。 AWS Glue 指定されたテーブルのデータカタログ内のテーブル定義。 |
2022 年 9 月 14 日 |
AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
このポリシーは、Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOpsGuru、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、 EventBridgeAmazon EventBridge Schemas、 Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Managed Service for Apache Flink、EC2Image Builder、Amazon LexAmazon LightsailAmazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、 Amazon Route 53 Resolver、Amazon Simple Storage Service (Amazon S3)、Amazon SimpleDBAmazon Simple Email Service (Amazon SES)、Amazon Timestream、 AWS AppConfig, AWS AppSync, AWS Auto Scaling, AWS Backup, AWS Budgets, AWS Cost Explorer, AWS Cloud9, AWS Directory Service, AWS DataSync, AWS Elemental MediaPackage, AWS Glue, AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signerおよび AWS Transfer Family. |
2022 年 9 月 7 日 |
AWS_ConfigRole – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
このポリシーは、Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOpsGuru、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、 EventBridgeAmazon EventBridge Schemas、 Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Managed Service for Apache Flink、EC2Image Builder、Amazon LexAmazon LightsailAmazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ、Amazon Nimble StudioAmazon Pinpoint、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、 Amazon Route 53 Resolver、Amazon Simple Storage Service (Amazon S3)、Amazon SimpleDBAmazon Simple Email Service (Amazon SES)、Amazon Timestream、 AWS AppConfig, AWS AppSync, AWS Auto Scaling, AWS Backup, AWS Budgets, AWS Cost Explorer, AWS Cloud9, AWS Directory Service, AWS DataSync, AWS Elemental MediaPackage, AWS Glue, AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signerおよび AWS Transfer Family |
2022 年 9 月 7 日 |
AWSConfigServiceRolePolicy – 追加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | このポリシーは、Amazon Managed Workflows for Apache Airflow の追加アクセス許可をサポートするようになりました。 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC)、 AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs。 | 2023 年 2 月 1 日 |
AWS_ConfigRole – 追加 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
このポリシーは、Amazon Managed Workflows for Apache Airflow の追加アクセス許可をサポートするようになりました。 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video StreamsAmazon Application Recovery Controller (ARC)、 AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Pinpoint 、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs。 |
2023 年 2 月 1 日 |
ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules |
セキュリティのベストプラクティスとして、このポリシーは、 |
2023 年 1 月 12 日 |
AWSConfigServiceRolePolicy – 追加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
このポリシーは、Amazon Managed Service for Prometheus の追加アクセス許可をサポートするようになりました。 AWS Audit Manager, AWS Device Farm, AWS Database Migration Service (AWS DMS), AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)、 AWS Glue, AWS IoT、Amazon Lightsail AWS Elemental MediaPackage, AWS Network Manager、Amazon QuickSight、 AWS Resource Access Manager、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream。 |
2022 年 12 月 15 日 |
AWS_ConfigRole – 追加 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
このポリシーは、Amazon Managed Service for Prometheus の追加アクセス許可をサポートするようになりました。 AWS Audit Manager, AWS Device Farm, AWS Database Migration Service (AWS DMS), AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2)、 AWS Glue, AWS IoT、Amazon Lightsail AWS Elemental MediaPackage, AWS Network Manager、Amazon QuickSight、 AWS Resource Access Manager、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream。 |
2022 年 12 月 15 日 |
AWSConfigServiceRolePolicy – 追加 cloudformation:ListStackResources and cloudformation:ListStacks |
このポリシーは、指定された のすべてのリソースの説明を返すアクセス許可を付与するようになりました。 AWS CloudFormation スタック ステータスが指定された と一致するスタックの概要情報を返します。StackStatusFilter. |
2022 年 11 月 7 日 |
AWS_ConfigRole – 追加 cloudformation:ListStackResources and cloudformation:ListStacks |
このポリシーは、指定された のすべてのリソースの説明を返すアクセス許可を付与するようになりました。 AWS CloudFormation ステータスが指定された と一致するスタックの概要情報を返す StackStatusFilter. |
2022 年 11 月 7 日 |
AWSConfigServiceRolePolicy – 追加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify, AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect 、 AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、 AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service、 AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint 、 AWS OpsWorks, AWS Panorama, AWS Resource Access Manager、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker, AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、 AWS Cloud Mapおよび AWS Security Token Service. |
2022 年 10 月 19 日 |
AWS_ConfigRole – 追加 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Certificate Manager、Amazon Managed Workflows for Apache Airflow、 AWS Amplify, AWS AppConfig、Amazon Keyspaces、Amazon CloudWatch、Amazon Connect 、 AWS Glue DataBrew、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service (Amazon EKS)、Amazon EventBridge、 AWS Fault Injection Service、Amazon Fraud Detector、Amazon FSx、Amazon GameLift、Amazon Location Service、 AWS IoT、Amazon Lex 、Amazon Lightsail 、Amazon Pinpoint 、 AWS OpsWorks, AWS Panorama, AWS Resource Access Manager、Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition 、 AWS RoboMaker, AWS Resource Groups、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、 AWS Cloud Mapおよび AWS Security Token Service. |
2022 年 10 月 19 日 |
AWSConfigServiceRolePolicy – 追加 Glue::GetTable |
このポリシーは、 を取得するアクセス許可を付与するようになりました。 AWS Glue 指定されたテーブルのデータカタログ内のテーブル定義。 |
2022 年 9 月 14 日 |
AWS_ConfigRole – 追加 Glue::GetTable |
このポリシーは、 を取得するアクセス許可を付与するようになりました。 AWS Glue 指定されたテーブルのデータカタログ内のテーブル定義。 |
2022 年 9 月 14 日 |
AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
このポリシーは、Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOpsGuru、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、 EventBridgeAmazon EventBridge Schemas、 Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Managed Service for Apache Flink、EC2Image Builder、Amazon Lex 、Amazon Lightsail 、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ 、Amazon Nimble StudioAmazon Pinpoint、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、 Amazon Route 53 Resolver、Amazon Simple Storage Service (Amazon S3)、Amazon SimpleDBAmazon Simple Email Service (Amazon SES)、Amazon Timestream、 AWS AppConfig, AWS AppSync, AWS Auto Scaling, AWS Backup, AWS Budgets, AWS Cost Explorer, AWS Cloud9, AWS Directory Service, AWS DataSync, AWS Elemental MediaPackage, AWS Glue, AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signerおよび AWS Transfer Family. |
2022 年 9 月 7 日 |
AWS_ConfigRole – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
このポリシーは、Amazon AppFlow、Amazon CloudWatch、Amazon CloudWatch RUM、Amazon CloudWatch Synthetics、Amazon Connect Customer Profiles、Amazon Connect Voice ID、Amazon DevOpsGuru、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon EC2 Auto Scaling、Amazon EMR、 EventBridgeAmazon EventBridge Schemas、 Amazon FinSpace、Amazon Fraud Detector、Amazon GameLift、Amazon Interactive Video Service (Amazon IVS)、Amazon Managed Service for Apache Flink、EC2Image Builder、Amazon Lex 、Amazon Lightsail 、Amazon Location Service、Amazon Lookout for Equipment、Amazon Lookout for Metrics、Amazon Lookout for Vision、Amazon Managed Blockchain、Amazon MQ 、Amazon Nimble StudioAmazon Pinpoint、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、 Amazon Route 53 Resolver、Amazon Simple Storage Service (Amazon S3)、Amazon SimpleDBAmazon Simple Email Service (Amazon SES)、Amazon Timestream、 AWS AppConfig, AWS AppSync, AWS Auto Scaling, AWS Backup, AWS Budgets, AWS Cost Explorer, AWS Cloud9, AWS Directory Service, AWS DataSync, AWS Elemental MediaPackage, AWS Glue, AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signerおよび AWS Transfer Family |
2022 年 9 月 7 日 |
AWSConfigServiceRolePolicy – 追加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
このポリシーは、 のリストを返すアクセス許可を付与するようになりました。 AWS DataSync エージェント、送信 DataSync 元と送信先のロケーション、および の DataSync タスク AWS アカウント; に関する概要情報を一覧表示する AWS Cloud Map 内の 1 つ以上の指定された名前空間に関連付けられている 名前空間とサービス AWS アカウント; および で利用可能なすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示します。 AWS アカウント. |
2022 年 8 月 22 日 |
AWS_ConfigRole – 追加 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
このポリシーは、 のリストを返すアクセス許可を付与するようになりました。 AWS DataSync エージェント、送信 DataSync 元と送信先のロケーション、および の DataSync タスク AWS アカウント; に関する概要情報を一覧表示する AWS Cloud Map 内の 1 つ以上の指定された名前空間に関連付けられている 名前空間とサービス AWS アカウント; および で利用可能なすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示します。 AWS アカウント. |
2022 年 8 月 22 日 |
ConfigConformsServiceRolePolicy – 追加 cloudwatch:PutMetricData |
このポリシーは、メトリクスデータポイントを Amazon に発行するアクセス許可を付与するようになりました CloudWatch。 |
2022 年 7 月 25 日 |
AWSConfigServiceRolePolicy – 追加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
このポリシーは、Amazon Elastic Container Service (Amazon ECS) ElastiCache、Amazon 、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon 、 QuickSightAmazon Rekognition 、 AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES)、 AWS Amplify, AWS AppConfig, AWS AppSync, AWS Billing Conductor, AWS DataSync, AWS Firewall Manager, AWS Glue, AWS IAM Identity Center (IAM Identity Center)、EC2Image Builder、および Elastic Load Balancing |
2022 年 7 月 15 日 |
AWS_ConfigRole – 追加 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
このポリシーは、Amazon Elastic Container Service (Amazon ECS) ElastiCache、Amazon 、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon 、 QuickSightAmazon Rekognition 、 AWS RoboMaker、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Email Service (Amazon SES)、 AWS Amplify, AWS AppConfig, AWS AppSync, AWS Billing Conductor, AWS DataSync, AWS Firewall Manager, AWS Glue, AWS IAM Identity Center (IAM Identity Center)、EC2Image Builder、および Elastic Load Balancing |
2022 年 7 月 15 日 |
AWSConfigServiceRolePolicy – 追加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
このポリシーは、指定された Amazon Athena データカタログを取得し、 内の Athena データカタログを一覧表示するアクセス許可を付与するようになりました。 AWS アカウント、および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。Amazon Detective 動作グラフのリストを取得し、Detective 動作グラフのタグを一覧表示します。特定の のリストのリソースメタデータのリストを取得します。 AWS Glue 開発エンドポイント名、指定された に関する情報の取得 AWS Glue 開発エンドポイント、すべての を取得する AWS Glue
の開発エンドポイント AWS アカウント、指定された を取得する AWS Glue セキュリティ設定、すべて取得 AWS Glue セキュリティ設定、 に関連付けられたタグのリストを取得する AWS Glue リソース、 に関する情報の取得 AWS Glue 指定された名前のワークグループ、すべての の名前を取得します。 AWS Glue のクローラーリソース AWS
アカウント、すべての の名前を取得する AWS Glue |
2022 年 5 月 31 日 |
AWS_ConfigRole – 追加 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
このポリシーは、指定された Amazon Athena データカタログを取得し、 内の Athena データカタログを一覧表示するアクセス許可を付与するようになりました。 AWS アカウント、および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。Amazon Detective 動作グラフのリストを取得し、Detective 動作グラフのタグを一覧表示します。特定の のリストのリソースメタデータのリストを取得します。 AWS Glue 開発エンドポイント名、指定された に関する情報の取得 AWS Glue 開発エンドポイント、すべての を取得する AWS Glue
の開発エンドポイント AWS アカウント、指定された を取得する AWS Glue セキュリティ設定、すべて取得 AWS Glue セキュリティ設定、 に関連付けられたタグのリストを取得する AWS Glue リソース、 に関する情報の取得 AWS Glue 指定された名前のワークグループ、すべての の名前を取得します。 AWS Glue のクローラーリソース AWS
アカウント、すべての の名前を取得する AWS Glue |
2022 年 5 月 31 日 |
AWSConfigServiceRolePolicy – 追加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
このポリシーは、すべてまたは指定された に関する情報を取得するアクセス許可を付与するようになりました。 AWS CloudTrail イベントデータストア (EDS)、すべてまたは指定された に関する情報を取得する AWS CloudFormation リソース、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、 に関する情報の取得 AWS Database Migration Service (AWS DMS) アクセスされている現在のリージョンのアカウントのレプリケーションタスク、および 内のすべてのポリシーのリストを取得する AWS Organizations 指定されたタイプの 。 |
2022 年 4 月 7 日 |
AWS_ConfigRole – 追加 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
このポリシーは、すべてまたは指定された に関する情報を取得するアクセス許可を付与するようになりました。 AWS CloudTrail イベントデータストア (EDS)、すべてまたは指定された に関する情報を取得する AWS CloudFormation リソース、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、 に関する情報の取得 AWS Database Migration Service (AWS DMS) アクセスされている現在のリージョンのアカウントのレプリケーションタスク、および 内のすべてのポリシーのリストを取得する AWS Organizations 指定されたタイプの 。 |
2022 年 4 月 7 日 |
AWSConfigServiceRolePolicy – 追加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Backup, AWS Batch、DynamoDB Accelerator、 AWS Database Migration Service、Amazon DynamoDB 、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、 AWS Key Management Service, AWS OpsWorks、Amazon Relational Database Service AWS WAF V2、および Amazon WorkSpaces。 |
2022 年 3 月 14 日 |
AWS_ConfigRole – 追加 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
このポリシーは、 に対する追加のアクセス許可をサポートするようになりました。 AWS Backup, AWS Batch、DynamoDB Accelerator、 AWS Database Migration Service、Amazon DynamoDB 、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty、 AWS Key Management Service, AWS OpsWorks、Amazon Relational Database Service AWS WAF V2、および Amazon WorkSpaces。 |
2022 年 3 月 14 日 |
AWSConfigServiceRolePolicy – 追加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定の説明の取得、 OpenSearch または Elasticsearch バージョンのマップの取得、データベースで使用可能な Amazon RDSオプショングループの記述、 CodeDeploy デプロイ設定に関する情報の取得を行うアクセス許可を付与するようになりました。このポリシーは、 にアタッチされた指定された代替連絡先を取得するアクセス許可も付与するようになりました。 AWS アカウント、 に関する情報を取得する AWS Organizations ポリシー、Amazon ECRリポジトリポリシーの取得、アーカイブされた に関する情報の取得 AWS Config ルール、Amazon ECSタスク定義ファミリーのリストの取得、指定した子 OU またはアカウントのルートまたは親組織単位 (OUs) のリスト、指定したターゲットルート、組織単位、またはアカウントにアタッチされているポリシーのリスト。 |
2022 年 2 月 10 日 |
AWS_ConfigRole – 追加 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定の説明の取得、 OpenSearch または Elasticsearch バージョンのマップの取得、データベースで使用可能な Amazon RDSオプショングループの記述、 CodeDeploy デプロイ設定に関する情報の取得を行うアクセス許可を付与するようになりました。このポリシーは、 にアタッチされた指定された代替連絡先を取得するアクセス許可も付与するようになりました。 AWS アカウント、 に関する情報を取得する AWS Organizations ポリシー、Amazon ECRリポジトリポリシーの取得、アーカイブされた に関する情報の取得 AWS Config ルール、Amazon ECSタスク定義ファミリーのリストの取得、指定した子 OU またはアカウントのルートまたは親組織単位 (OUs) のリスト、指定したターゲットルート、組織単位、またはアカウントにアタッチされているポリシーのリスト。 |
2022 年 2 月 10 日 |
AWSConfigServiceRolePolicy – 追加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
このポリシーは、Amazon CloudWatch ロググループとストリームを作成し、作成されたログストリームにログを書き込むアクセス許可を付与するようになりました。 |
2021 年 12 月 15日 |
AWS_ConfigRole – 追加 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
このポリシーは、Amazon CloudWatch ロググループとストリームを作成し、作成されたログストリームにログを書き込むアクセス許可を付与するようになりました。 |
2021 年 12 月 15 日 |
AWSConfigServiceRolePolicy – 追加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
このポリシーは、Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得し、特定の Amazon Relational Database Service (Amazon ) DB パラメータグループの詳細なパラメータリストを取得するアクセス許可を付与するようになりました。 RDSこのポリシーは、Amazon ElastiCache スナップショットの詳細を取得するアクセス許可も付与します。 |
2021 年 9 月 8 日 |
AWS_ConfigRole – 追加 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
このポリシーは、Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得し、特定の Amazon Relational Database Service (Amazon ) DB パラメータグループの詳細なパラメータリストを取得するアクセス許可を付与するようになりました。 RDSこのポリシーは、Amazon ElastiCache スナップショットの詳細を取得するアクセス許可も付与します。 |
2021 年 9 月 8 日 |
AWSConfigServiceRolePolicy – 追加 logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine、および に対する追加のアクセス許可 AWS リソースタイプ |
このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon、Amazon Data FirehoseFSx、Amazon Managed Streaming for Apache Kafka (AmazonMSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker、Amazon Simple Notification Service、 AWS Database Migration Service, AWS Global Acceleratorおよび AWS Storage Gateway. |
2021 年 7 月 28 日 |
AWS_ConfigRole – l を追加ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine、および に対する追加のアクセス許可 AWS リソースタイプ |
このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon、Amazon Data FirehoseFSx、Amazon Managed Streaming for Apache Kafka (AmazonMSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker、Amazon Simple Notification Service、 AWS Database Migration Service, AWS Global Acceleratorおよび AWS Storage Gateway. |
2021 年 7 月 28 日 |
AWSConfigServiceRolePolicy – 追加 ssm:DescribeDocumentPermission および の追加のアクセス許可 AWS リソースタイプ |
このポリシーは、 のアクセス許可を表示するアクセス許可を付与するようになりました。 AWS Systems Manager IAM Access Analyzer に関する ドキュメントと情報。このポリシーは、追加の をサポートするようになりました。 AWS Amazon Kinesis 、Amazon 、Amazon ElastiCacheの リソースタイプ EMR AWS Network Firewall、Amazon Route 53、および Amazon Relational Database Service (Amazon RDS)。これらのアクセス許可の変更により、 AWS Config は、これらのリソースタイプをサポートするAPIsために必要な読み取り専用 を呼び出します。このポリシーは、 の Lambda@Edge 関数のフィルタリングもサポートするようになりました。 lambda-inside-vpc AWS Config マネージドルール。 |
2021 年 6 月 8 日 |
AWS_ConfigRole – 追加 ssm:DescribeDocumentPermission および の追加のアクセス許可 AWS リソースタイプ |
このポリシーは、 のアクセス許可を表示するアクセス許可を付与するようになりました。 AWS Systems Manager IAM Access Analyzer に関する ドキュメントと情報。このポリシーは、追加の をサポートするようになりました。 AWS Amazon Kinesis 、Amazon 、Amazon ElastiCacheの リソースタイプ EMR AWS Network Firewall、Amazon Route 53、および Amazon Relational Database Service (Amazon RDS)。これらのアクセス許可の変更により、 AWS Config は、これらのリソースタイプをサポートするAPIsために必要な読み取り専用 を呼び出します。このポリシーは、 の Lambda@Edge 関数のフィルタリングもサポートするようになりました。 lambda-inside-vpc AWS Config マネージドルール。 |
2021 年 6 月 8 日 |
AWSConfigServiceRolePolicy – 追加 apigateway:GET API Gateway と への読み取り専用GET呼び出しを行う アクセス許可 s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus Amazon S3 読み取り専用を呼び出すアクセス許可 APIs |
このポリシーは、 を許可するアクセス許可を付与するようになりました。 AWS Config ゲートウェイへの読み取り専用GET呼び出しを行い、 をサポートするAPIには AWS Config API Gateway のルール。このポリシーでは、 を許可するアクセス許可も追加されます。 AWS Config は、新しい |
2021 年 5 月 10 日 |
AWS_ConfigRole – 追加 apigateway:GET API Gateway と への読み取り専用GET呼び出しを行う アクセス許可 s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus Amazon S3 読み取り専用を呼び出すアクセス許可 APIs |
このポリシーは、 を許可するアクセス許可を付与するようになりました。 AWS Config ゲートウェイへの読み取り専用GET呼び出しを行い、 をサポートするAPIには AWS Config API Gateway 用。このポリシーでは、 を許可するアクセス許可も追加されます。 AWS Config は、新しい |
2021 年 5 月 10 日 |
AWSConfigServiceRolePolicy – 追加 ssm:ListDocuments の アクセス許可と追加のアクセス許可 AWS リソースタイプ |
このポリシーは、 に関する情報を表示するアクセス許可を付与するようになりました。 AWS Systems Manager 指定されたドキュメント。このポリシーは、追加の もサポートするようになりました。 AWS の リソースタイプ AWS Backup、Amazon Elastic File System 、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis 、Amazon SageMaker、 AWS Database Migration Service、および Amazon Route 53。これらのアクセス許可の変更により、 AWS Config は、これらのリソースタイプをサポートするAPIsために必要な読み取り専用 を呼び出します。 |
2021 年 4 月 1 日 |
AWS_ConfigRole – 追加 ssm:ListDocuments の アクセス許可と追加のアクセス許可 AWS リソースタイプ |
このポリシーは、 に関する情報を表示するアクセス許可を付与するようになりました。 AWS Systems Manager 指定されたドキュメント。このポリシーは、追加の もサポートするようになりました。 AWS の リソースタイプ AWS Backup、Amazon Elastic File System 、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis 、Amazon SageMaker、 AWS Database Migration Service、および Amazon Route 53。これらのアクセス許可の変更により、 AWS Config は、これらのリソースタイプをサポートするAPIsために必要な読み取り専用 を呼び出します。 |
2021 年 4 月 1 日 |
|
|
2021 年 4 月 1 日 |
AWS Config が変更の追跡を開始しました |
AWS Config が の変更の追跡を開始しました AWS マネージドポリシー。 |
2021 年 4 月 1 日 |