AWS の マネージドポリシー AWS Config - AWS Config
AWSConfigServiceRolePolicyAWS_ConfigRoleAWSConfigUserAccessConfigConformsServiceRolePolicyAWSConfigRulesExecutionRoleAWSConfigMultiAccountSetupPolicyAWSConfigRoleForOrganizationsAWSConfigRemediationServiceRolePolicyポリシーの更新

翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。

AWS の マネージドポリシー AWS Config

AWS 管理ポリシーは、 によって作成および管理されるスタンドアロンポリシーです AWS。 AWS 管理ポリシーは、ユーザー、グループ、ロールにアクセス許可の割り当てを開始できるように、多くの一般的なユースケースにアクセス許可を提供するように設計されています。

AWS 管理ポリシーは、すべての AWS お客様が使用できるため、特定のユースケースに対して最小特権のアクセス許可を付与しない場合があることに注意してください。ユースケースに固有のカスタマー管理ポリシーを定義して、アクセス許可を絞り込むことをお勧めします。

AWS 管理ポリシーで定義されているアクセス許可は変更できません。が AWS マネージドポリシーで定義されたアクセス許可 AWS を更新すると、ポリシーがアタッチされているすべてのプリンシパル ID (ユーザー、グループ、ロール) に影響します。 AWS AWS のサービス は、新しい が起動されるか、新しい API オペレーションが既存のサービスで使用できるようになったときに、 AWS マネージドポリシーを更新する可能性が高くなります。

詳細については「IAM ユーザーガイド」の「AWS マネージドポリシー」を参照してください。

AWS 管理ポリシー: AWSConfigServiceRolePolicy

AWS Config は、 という名前のサービスにリンクされたロールAWSServiceRoleForConfigを使用して、ユーザーに代わって他の AWS サービスを呼び出します。を使用して AWS Management Console を設定すると AWS Config、独自の AWS Identity and Access Management (IAM) サービスロールの代わりに SLR を使用するオプション AWS Config を選択すると、この AWS Config SLR が によって自動的に作成されます。

AWSServiceRoleForConfig SLR は管理ポリシー AWSConfigServiceRolePolicy を含んでいます。この管理ポリシーには、 AWS Config リソースの読み取り専用および書き込み専用アクセス許可と、 が AWS Config サポートする他の サービスのリソースの読み取り専用アクセス許可が含まれています。詳細については、「でサポートされているリソースタイプ AWS Config」および「のサービスにリンクされたロールの使用 AWS Config」を参照してください。

ポリシー:「AWSConfigServiceRolePolicy」ご覧ください。

推奨: サービスにリンクされたロールを使用する

特定のユースケースがない限り、サービスにリンクされたロールを使用することをお勧めします。サービスにリンクされたロールは、 が期待どおりに実行 AWS Config するために必要なすべてのアクセス許可を追加します。サービスにリンクされた設定レコーダーなどの一部の機能では、サービスにリンクされたロールを使用する必要があります。

AWS マネージドポリシー: AWS_ConfigRole

AWS リソース設定を記録するには、リソースに関する設定の詳細を取得するための IAM アクセス許可 AWS Config が必要です。 AWS Configの IAM ロールを作成する場合は、管理ポリシー AWS_ConfigRole を使用してそれを IAM ロールに適用します。

この IAM ポリシーは、 が AWS リソースタイプのサポート AWS Config を追加するたびに更新されます。つまり AWS Config 、AWS_ConfigRole ロールにこの管理ポリシーがアタッチされている限り、 には、サポートされているリソースタイプの設定データを記録するために必要なアクセス許可が引き続き付与されます。詳細については、「でサポートされているリソースタイプ AWS Config」および「に割り当てられた IAM ロールのアクセス許可 AWS Config」を参照してください。

ポリシー:「AWS_ConfigRole」ご覧ください。

AWS マネージドポリシー: AWSConfigUserAccess

この IAM ポリシーは AWS Config、リソースのタグによる検索やすべてのタグの読み取りなど、 が使用できるアクセスを提供します。これは AWS Config、管理者権限を必要とする を設定するアクセス許可を提供しません。

ポリシーを表示する: AWSConfigUserAccess

AWS 管理ポリシー: ConfigConformsServiceRolePolicy

コンフォーマンスパックをデプロイおよび管理するには、IAM アクセス許可と他の AWS サービスからの特定のアクセス許可 AWS Config が必要です。これにより、フル機能を備えたコンフォーマンスパックをデプロイおよび管理でき、コンフォーマンスパックの新機能 AWS Config が追加されるたびに更新されます。コンフォーマンスパックの詳細については、「コンフォーマンスパック」を参照してください。

ポリシー:「ConfigConformsServiceRolePolicy」ご覧ください。

AWS 管理ポリシー: AWSConfigRulesExecutionRole

AWS カスタム Lambda ルールをデプロイするには、 に IAM アクセス許可と、他の AWS サービスからの特定のアクセス許可 AWS Config が必要です。これにより、 AWS Lambda 関数は AWS Config API および が定期的に Amazon S3 に AWS Config 配信する設定スナップショットにアクセスできます。このアクセスは、 AWS カスタム Lambda ルールの設定変更を評価する関数で必要であり、 が新機能 AWS Config を追加するたびに更新されます。 AWS カスタム Lambda ルールの詳細については、AWS Config 「カスタム Lambda ルールの作成」を参照してください。設定スナップショットの詳細については、「概念 | 設定スナップショット」を参照してください。設定スナップショットの配信の詳細については、「配信チャネルの管理」を参照してください。

ポリシー:「AWSConfigRulesExecutionRole」をご覧ください。

AWS 管理ポリシー: AWSConfigMultiAccountSetupPolicy

の組織内のメンバーアカウント間で AWS Config ルールとコンフォーマンスパックを一元的にデプロイ、更新、削除するには AWS Organizations、 に IAM アクセス許可と他の AWS サービスからの特定のアクセス許可 AWS Config が必要です。この管理ポリシーは、マルチアカウント設定の新機能 AWS Config を追加するたびに更新されます。詳細については、「組織のすべてのアカウントでの AWS Config ルールの管理」および「組織のすべてのアカウントでのコンフォーマンスパックの管理」を参照してください。

ポリシー:「AWSConfigMultiAccountSetupPolicy」をご覧ください。

AWS 管理ポリシー: AWSConfigRoleForOrganizations

が読み取り専用 AWS Organizations APIs AWS Config を呼び出すには、 には IAM アクセス許可と、他の AWS のサービスからの特定のアクセス許可 AWS Config が必要です。この管理ポリシーは、マルチアカウント設定の新機能 AWS Config を追加するたびに更新されます。詳細については、「組織のすべてのアカウントでの AWS Config ルールの管理」および「組織のすべてのアカウントでのコンフォーマンスパックの管理」を参照してください。

ポリシー:「AWSConfigRoleForOrganizations」をご覧ください。

AWS 管理ポリシー: AWSConfigRemediationServiceRolePolicy

AWS Config がユーザーに代わってNON_COMPLIANTリソースを修復するには、 には IAM アクセス許可と、他の AWS サービスからの特定のアクセス許可 AWS Config が必要です。この管理ポリシーは、 が修復のための新機能 AWS Config を追加するたびに更新されます。修復の詳細については、「 AWS Config ルールを使用した非準拠リソースの修復」を参照してください。可能な AWS Config 評価結果を開始する条件の詳細については、「概念 | AWS Config ルール」を参照してください。

ポリシー:「AWSConfigRemediationServiceRolePolicy」をご覧ください。

AWS ConfigAWS 管理ポリシーの更新

このサービスがこれらの変更の追跡を開始 AWS Config してからの の AWS 管理ポリシーの更新に関する詳細を表示します。このページの変更に関する自動アラートについては、 AWS Config ドキュメント履歴ページの RSS フィードにサブスクライブしてください。

変更 説明 日付

AWS_ConfigRole – 追加: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

このポリシーは AWS B2B Data Interchange、、Amazon Bedrock、 AWS Clean Rooms、 AWS CodeConnections、 AWS Database Migration Service (AWS DMS) AWS Direct Connect、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker AI AWS Security Hub、および AWS Systems Manager Incident Manager、 AWS Systems Manager Incident Manager Contacts、および に対する追加のアクセス許可をサポートするようになりました AWS Systems Manager。

 2025 年 4 月 8 日

AWSConfigServiceRolePolicy – 追加: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

このポリシーは AWS B2B Data Interchange、、Amazon Bedrock、 AWS Clean Rooms、 AWS CodeConnections、 AWS Database Migration Service (AWS DMS) AWS Direct Connect、Amazon CloudWatch Logs、Amazon Macie、Amazon Managed Blockchain、Amazon Q Business、Route 53 Profiles、Amazon Simple Storage Service (Amazon S3)、Amazon SageMaker AI AWS Security Hub、および AWS Systems Manager Incident Manager、 AWS Systems Manager Incident Manager Contacts、および に対する追加のアクセス許可をサポートするようになりました AWS Systems Manager。このポリシーは、リソースパターンarn:aws:apigateway:::/domainnames/「」を含めることで、すべての Amazon API Gateway ドメイン名にアクセスするアクセス許可もサポートするようになりました。

 2025 年 4 月 8 日

AWS_ConfigRole – 追加: "ec2:GetAllowedImagesSettings"

このポリシーは、Amazon Elastic Compute Cloud (Amazon EC2) の追加のアクセス許可をサポートするようになりました。

 2025 年 3 月 4 日

AWSConfigServiceRolePolicy – 追加: "ec2:GetAllowedImagesSettings"

このポリシーは、Amazon Elastic Compute Cloud (Amazon EC2) の追加のアクセス許可をサポートするようになりました。

 2025 年 3 月 4 日

AWS_ConfigRole – 追加: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

このポリシーは AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Simple Storage Service (Amazon S3) AWS HealthOmics、Amazon Simple Email Service (Amazon SES) に対する追加のアクセス許可をサポートするようになりました。

 2025 年 1 月 16 日

AWSConfigServiceRolePolicy – 追加: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

このポリシーは AWS Clean Rooms、Amazon Comprehend、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Simple Storage Service (Amazon S3) AWS HealthOmics、Amazon Simple Email Service (Amazon SES) に対する追加のアクセス許可をサポートするようになりました。

 2025 年 1 月 16 日

AWSConfigServiceRolePolicy – 追加: "organizations:ListAWSServiceAccessForOrganization"

このポリシーは、 に対する追加のアクセス許可をサポートするようになりました AWS Organizations。

 2024 年 12 月 18 日

AWS_ConfigRole – 追加: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

このポリシーは AWS AppConfig、、Amazon Connect AWS CloudTrail、Amazon DataZone、Amazon DevOpsGuru、 AWS Glue Identity Store AWS IoT、 AWS IoT FleetWise、、、Amazon Interactive Video Service (Amazon IVS) AWS IoT Wireless、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)、Amazon EventBridge スケジューラ AWS Systems Manager、および Amazon VPC Lattice に対する追加のアクセス許可をサポートするようになりました。

 2024 年 11 月 7 日

AWSConfigServiceRolePolicy – 追加: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

このポリシーは AWS AppConfig、、Amazon Connect AWS CloudTrail、Amazon DataZone、Amazon DevOpsGuru、 AWS Glue Identity Store AWS IoT、 AWS IoT FleetWise、、、Amazon Interactive Video Service (Amazon IVS) AWS IoT Wireless、Amazon CloudWatch Logs、Amazon CloudWatch Observability Access Manager AWS Payment Cryptography、Amazon Relational Database Service (Amazon RDS)、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3)、Amazon EventBridge スケジューラ AWS Systems Manager、および Amazon VPC Lattice に対する追加のアクセス許可をサポートするようになりました。

 2024 年 11 月 7 日

AWS_ConfigRole – 追加: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

このポリシーは、Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、 AWS CloudTrail、EC2 Image Builder AWS Glue、 AWS IoT Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect、 AWS Elemental MediaTailor AWS HealthOmics、および Amazon EventBridge スケジューラに対する追加のアクセス許可をサポートするようになりました。

 2024 年 9 月 16 日

AWSConfigServiceRolePolicy – 追加: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

このポリシーは、Amazon OpenSearch Service Severless、Amazon AppStream AWS Backup、 AWS CloudTrail、EC2 Image Builder AWS Glue、 AWS IoT Amazon Interactive Video Service (Amazon IVS) AWS Elemental MediaConnect、 AWS Elemental MediaTailor AWS HealthOmics、および Amazon EventBridge スケジューラに対する追加のアクセス許可をサポートするようになりました。

 2024 年 9 月 16 日

AWS_ConfigRole – 追加: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりました AWS Systems Manager for SAP。

 2024 年 6 月 17 日

AWSConfigServiceRolePolicy – 追加: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

このポリシーは、Amazon Elastic File System (Amazon EFS)、Amazon Redshift、および の追加のアクセス許可をサポートするようになりました AWS Systems Manager for SAP。

 2024 年 6 月 17 日
AWS_ConfigRole – 追加: "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

このポリシーは、Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、 AWS Glue AWS Identity and Access Management (IAM) AWS Lambda AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI、Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

 2024 年 2 月 22 日
AWSConfigServiceRolePolicy – 追加: "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

このポリシーは、Amazon Managed Service for Prometheus、Amazon CloudWatch、Amazon Cognito、Amazon ElastiCache、Amazon FSx、 AWS Glue AWS Identity and Access Management (IAM) AWS Lambda AWS RAM、Amazon Redshift Serverless、Amazon SageMaker AI、Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

 2024 年 2 月 22 日

AWSConfigUserAccess – この AWS 管理ポリシーの変更の追跡 AWS Config を開始します

このポリシーは AWS Config、リソースのタグによる検索やすべてのタグの読み取りなど、 が使用できるアクセスを提供します。これは AWS Config、管理者権限を必要とする を設定するアクセス許可を提供しません。

 2024 年 2 月 22 日
AWS_ConfigRole – 追加: "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

このポリシーは AWS AppConfig、Amazon Managed Service for Prometheus、 (AWS DMS)、 AWS Database Migration Service (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs AWS Organizations、Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

 2023 年 12 月 5 日
AWSConfigServiceRolePolicy – 追加: "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

このポリシーは AWS AppConfig、Amazon Managed Service for Prometheus、 (AWS DMS)、 AWS Database Migration Service (AWS Identity and Access Management) IAM、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon CloudWatch Logs AWS Organizations、Amazon Simple Storage Service (Amazon S3) に対する追加のアクセス許可をサポートするようになりました。

 2023 年 12 月 5 日
AWS_ConfigRole – 追加: "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

このポリシーは、Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB、 AWS Organizations Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53 AWS Service Catalog、および に対する追加のアクセス許可をサポートするようになりました AWS Transfer Family。

 2023 年 11 月 17 日
AWS_ConfigRole – 追加: "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

このポリシーにより、AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementID、および AWSConfigSLRApiGatewayStatementID のセキュリティ識別子 (SID) が追加されるようになりました。

 2023 年 11 月 17 日
AWSConfigServiceRolePolicy – 追加: "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

このポリシーは、Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB、 AWS Organizations Amazon QuickSight、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon Route 53 AWS Service Catalog、および に対する追加のアクセス許可をサポートするようになりました AWS Transfer Family。

 2023 年 11 月 17 日
AWSConfigServiceRolePolicy – 追加: "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

このポリシーにより、AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementID、および AWSConfigSLRApiGatewayStatementID のセキュリティ識別子 (SID) が追加されるようになりました。

 2023 年 11 月 17 日
AWS_ConfigRole – 追加: "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

このポリシーは AWS Private CA AWS App Mesh、、、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、 AWS IoT AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda、 AWS Network Manager AWS Organizations、および Amazon SageMaker AI に対する追加のアクセス許可をサポートするようになりました。

 2023 年 10 月 4 日
AWSConfigServiceRolePolicy – 追加: "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

このポリシーは AWS Private CA AWS App Mesh、、、Amazon Connect、Amazon Elastic Container Service (Amazon ECS)、Amazon CloudWatch Evidently、Amazon Managed Grafana、Amazon GuardDuty、Amazon Inspector、 AWS IoT AWS IoT TwinMaker、Amazon Managed Streaming for Apache Kafka (Amazon MSK) AWS Lambda、 AWS Network Manager AWS Organizations、および Amazon SageMaker AI に対する追加のアクセス許可をサポートするようになりました。

 2023 年 10 月 4 日
AWSConfigServiceRolePolicy – "ssm:GetParameter" の削除

このポリシーは AWS Systems Manager (Systems Manager) のアクセス許可を削除するようになりました。

 2023 年 9 月 6 日
AWS_ConfigRole – 追加: "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy"

このポリシーは AWS App Mesh、 AWS CloudFormation、Amazon CloudFront AWS CodeArtifact、、 AWS CodeBuild Amazon Connect、 AWS Glue、Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT、 AWS IoT TwinMaker、 AWS IoT Wireless Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Network Manager、 AWS Organizations AWS Resource Explorer、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、および Amazon Simple Notification Service (Amazon SNS) に対する追加のアクセス許可をサポートするようになりました。

 2023 年 7 月 28 日
AWSConfigServiceRolePolicy – 追加: "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource"

このポリシーは AWS App Mesh、Amazon AppStream 2.0、 AWS CloudFormation Amazon CloudFront、 AWS CodeArtifact、 AWS CodeBuild Amazon Connect、 AWS Glue Amazon GuardDuty、 AWS Identity and Access Management (IAM)、Amazon Inspector AWS IoT、 AWS IoT TwinMaker AWS IoT Wireless、Amazon Managed Streaming for Apache Kafka、Amazon Macie AWS Elemental MediaConnect、 AWS Network Manager、 AWS Organizations AWS Resource Explorer、Amazon Route 53、Amazon Simple Storage Service (Amazon S3)、Amazon Simple Notification Service (Amazon SNS)、および Amazon EC2 Systems Manager (SSM) に対する追加のアクセス許可をサポートするようになりました。

 2023 年 7 月 28 日
AWS_ConfigRole – 追加: "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

このポリシーは AWS Amplify、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Connect、 AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、 AWS Batch AWS CloudFormation、 AWS CloudTrail、 AWS CodeArtifact、、 Amazon CodeGuru、 AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon CloudWatch Evidently、 AWS Organizations、 Amazon Forecast、 AWS IoT Greengrass、 AWS Ground Station、 AWS Identity and Access Management (IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Lightsail、、 Amazon CloudWatch Logs、 AWS Elemental MediaConnect、 AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon QuickSight、 AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI、 AWS Transfer Family。

 2023 年 6 月 13 日
AWSConfigServiceRolePolicy – 追加: "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

このポリシーは AWS Amplify、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Connect、 AWS App Mesh、 Amazon Managed Service for Prometheus、 Amazon Athena、 AWS Batch AWS CloudFormation、 AWS CloudTrail、 AWS CodeArtifact、、 Amazon CodeGuru、 AWS Directory Service、 Amazon DynamoDB、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon CloudWatch Evidently、 AWS Organizations、Amazon Forecast、 AWS IoT Greengrass、 AWS Ground Station、 AWS Identity and Access Management (IAM)、 Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Lightsail、、 Amazon CloudWatch Logs、 AWS Elemental MediaConnect、 AWS Elemental MediaTailor、 Amazon Pinpoint、 Amazon Virtual Private Cloud (Amazon VPC)、 Amazon Personalize、 Amazon QuickSight、 AWS Migration Hub Refactor Spaces、 Amazon Simple Storage Service (Amazon S3)、 Amazon SageMaker AI、 AWS Transfer Family。

 2023 年 6 月 13 日
AWSConfigServiceRolePolicy – 追加: amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

このポリシーは AWS Amplify、、 AWS App Mesh、 AWS App Runner Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、 AWS Transfer Family、Amazon Pinpoint、 AWS Resilience Hub AWS Migration Hub、Amazon CloudWatch、 AWS Directory Service、および の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました AWS WAF。

 2023 年 4 月 13 日
AWS_ConfigRole – 追加: amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

このポリシーは AWS Amplify、、 AWS App Mesh、 AWS App Runner Amazon CloudFront、 AWS CodeArtifact、Amazon Elastic Compute Cloud、Amazon Kendra、Amazon Macie、Amazon Route 53、Amazon SageMaker AI、 AWS Transfer Family、Amazon Pinpoint、 AWS Resilience Hub AWS Migration Hub、Amazon CloudWatch、 AWS Directory Service、および の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました AWS WAF。

 2023 年 4 月 13 日
AWSConfigServiceRolePolicy – 追加: appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

このポリシーは、Amazon AppFlow AWS App Runner、、Amazon AppStream 2.0、Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact AWS CodeCommit、 AWS Device Farm Amazon CloudWatch Evidently、Amazon Forecast、 AWS Ground Station、 AWS Identity and Access Management (IAM) AWS IoT、Amazon MemoryDB、Amazon Pinpoint、 AWS Network Manager AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、Amazon SageMaker AI の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました。

 2023 年 3 月 30 日
AWS_ConfigRole – 追加: appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

このポリシーは、Amazon AppFlow AWS App Runner、、Amazon AppStream 2.0、 AWS CloudFormation Amazon CloudFront、Amazon CloudWatch、 AWS CodeArtifact AWS CodeCommit AWS Device Farm、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon CloudWatch Evidently、Amazon Forecast AWS Ground Station、、 AWS Identity and Access Management (IAM)、 AWS IoT、、Amazon MemoryDB、Amazon Pinpoint、 AWS Network Manager AWS Panorama、Amazon Relational Database Service (Amazon RDS)、Amazon Redshift、および Amazon SageMaker AI の Amazon Managed Workflows に対する追加のアクセス許可をサポートするようになりました。

 2023 年 3 月 30 日

AWSConfigRulesExecutionRole – この AWS 管理ポリシーの変更の追跡 AWS Config を開始します

このポリシーは、 AWS Lambda 関数が AWS Config API および が定期的に Amazon S3 に AWS Config 配信する設定スナップショットにアクセスすることを許可します。このアクセスは、 AWS カスタム Lambda ルールの設定変更を評価する関数で必要です。

 2023 年 3 月 7 日

AWSConfigRoleForOrganizations – この AWS 管理ポリシーの変更の追跡 AWS Config を開始します

このポリシーにより、 は読み取り専用 API AWS Config を呼び出すことができます。 AWS Organizations APIs

 2023 年 3 月 7 日

AWSConfigRemediationServiceRolePolicy – この AWS 管理ポリシーの変更の追跡 AWS Config を開始します

このポリシーにより AWS Config 、 はユーザーに代わってNON_COMPLIANTリソースを修復できます。

 2023 年 3 月 7 日

AWSConfigServiceRolePolicy – 追加: auditmanager:GetAccountStatus

このポリシーでは、 AWS Audit Managerのアカウントの登録状態を返すアクセス許可を付与するようになりました。

 2023 年 3 月 3 日

AWS_ConfigRole – 追加: auditmanager:GetAccountStatus

このポリシーでは、 AWS Audit Managerのアカウントの登録状態を返すアクセス許可を付与するようになりました。

 2023 年 3 月 3 日

AWSConfigMultiAccountSetupPolicy – この AWS 管理ポリシーの変更の追跡 AWS Config を開始します

このポリシーにより AWS Config 、 は AWS サービスを呼び出し、 を使用して組織全体に AWS Config リソースをデプロイできます AWS Organizations。

 2023 年 2 月 27 日

AWSConfigServiceRolePolicy – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams AWS HealthLake、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Device Farm、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs の追加アクセス許可をサポートするようになりました。

 2023 年 2 月 1 日

AWS_ConfigRole – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow、 AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams AWS HealthLake、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Device Farm、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs の追加アクセス許可をサポートするようになりました。

 2023 年 2 月 1 日

ConfigConformsServiceRolePolicy – 更新: config:DescribeConfigRules

セキュリティのベストプラクティスとして、このポリシーは、config:DescribeConfigRules に対する広範なリソースレベルのアクセス許可を削除するようになりました。

 2023 年 1 月 12 日

AWSConfigServiceRolePolicy – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus AWS Audit Manager、、 AWS Database Migration Service (AWS DMS) AWS Device Farm、 AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

 2022 年 12 月 15 日

AWS_ConfigRole – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus AWS Audit Manager、、 AWS Database Migration Service (AWS DMS) AWS Device Farm、 AWS Directory Service Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue、、 AWS IoT Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、Amazon QuickSight、Amazon Application Recovery Controller (ARC) AWS Resource Access Manager、Amazon Simple Storage Service (Amazon S3)、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

 2022 年 12 月 15 日

AWSConfigServiceRolePolicy – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定された AWS CloudFormation スタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

 2022 年 11 月 7 日

AWS_ConfigRole – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定された AWS CloudFormation スタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

 2022 年 11 月 7 日

AWSConfigServiceRolePolicy – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーは AWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、 AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)、 Amazon EventBridge、 AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、 AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、 AWS OpsWorks AWS Panorama、 AWS Resource Access Manager、、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)、 Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、、 および AWS Security Token Service。

 2022 年 10 月 19 日

AWS_ConfigRole – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーは AWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow、 AWS Amplify、 AWS AppConfig、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、 AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)、 Amazon EventBridge、 AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、 AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、 AWS OpsWorks AWS Panorama、 AWS Resource Access Manager、、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)、 Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、、 および AWS Security Token Service。

 2022 年 10 月 19 日

AWSConfigServiceRolePolicy – 追加: Glue::GetTable

このポリシーは、指定された AWS Glue テーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

 2022 年 9 月 14 日

AWS_ConfigRole – 追加 Glue::GetTable

このポリシーは、指定された AWS Glue テーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

 2022 年 9 月 14 日

AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS)、 Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9 AWS Directory Service、 AWS DataSync、、 AWS Elemental MediaPackage AWS Glue、 AWS IoT、 AWS IoT Analytics、 AWS IoT Events、 AWS IoT SiteWise、 AWS IoT TwinMaker、 AWS Resilience Hub、 AWS Lake Formation AWS License Manager AWS Signer、 および AWS Transfer Family。

 2022 年 9 月 7 日

AWS_ConfigRole – 追加: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS)、 Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9 AWS Directory Service、 AWS DataSync、、 AWS Elemental MediaPackage AWS Glue、 AWS IoT、 AWS IoT Analytics、 AWS IoT Events、 AWS IoT SiteWise、 AWS IoT TwinMaker、 AWS Resilience Hub、 AWS Lake Formation AWS License Manager AWS Signer、 および AWS Transfer Family

 2022 年 9 月 7 日
AWSConfigServiceRolePolicy – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries このポリシーは、Amazon Managed Workflows for Apache Airflow、 AWS IoT Amazon AppStream 2.0、Amazon CodeGuru Reviewer、Amazon Kinesis Video Streams AWS HealthLake、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Device Farm、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs の追加アクセス許可をサポートするようになりました。 2023 年 2 月 1 日

AWS_ConfigRole – 追加: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

このポリシーは、Amazon Managed Workflows for Apache Airflow AWS IoT、Amazon AppStream 2.0、Amazon CodeGuru Reviewer、 AWS HealthLake、Amazon Kinesis Video Streams、Amazon Application Recovery Controller (ARC)、Amazon Elastic Compute Cloud (Amazon EC2) AWS Device Farm、Amazon Pinpoint、 AWS Identity and Access Management (IAM)、Amazon GuardDuty、および Amazon CloudWatch Logs の追加アクセス許可をサポートするようになりました。

 2023 年 2 月 1 日

ConfigConformsServiceRolePolicy – 更新: config:DescribeConfigRules

セキュリティのベストプラクティスとして、このポリシーは、config:DescribeConfigRules に対する広範なリソースレベルのアクセス許可を削除するようになりました。

 2023 年 1 月 12 日

AWSConfigServiceRolePolicy – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、 AWS Audit Manager AWS Device Farm、、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue AWS IoT、Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3) AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

 2022 年 12 月 15 日

AWS_ConfigRole – 追加: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

このポリシーは、Amazon Managed Service for Prometheus、 AWS Audit Manager AWS Device Farm、、 AWS Database Migration Service (AWS DMS) AWS Directory Service、Amazon Elastic Compute Cloud (Amazon EC2) AWS Glue AWS IoT、Amazon Lightsail、 AWS Elemental MediaPackage、 AWS Network Manager、、Amazon QuickSight、Amazon Application Recovery Controller (ARC)、Amazon Simple Storage Service (Amazon S3) AWS Resource Access Manager、および Amazon Timestream に対する追加のアクセス許可をサポートするようになりました。

 2022 年 12 月 15 日

AWSConfigServiceRolePolicy – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定された AWS CloudFormation スタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

 2022 年 11 月 7 日

AWS_ConfigRole – 追加: cloudformation:ListStackResources and cloudformation:ListStacks

このポリシーは、指定された AWS CloudFormation スタックのすべてのリソースの説明を返し、ステータスが指定された と一致するスタックの概要情報を返すアクセス許可を付与するようになりましたStackStatusFilter。

 2022 年 11 月 7 日

AWSConfigServiceRolePolicy – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーは AWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、 AWS AppConfig、、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、 AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)、 Amazon EventBridge、 AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、 AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、 AWS OpsWorks AWS Panorama、、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)、 Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、、 および AWS Security Token Service。

 2022 年 10 月 19 日

AWS_ConfigRole – 追加: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

このポリシーは AWS Certificate Manager、 に対する追加のアクセス許可をサポートするようになりました。 Amazon Managed Workflows for Apache Airflow AWS Amplify、 AWS AppConfig、、 Amazon Keyspaces、 Amazon CloudWatch、 Amazon Connect、 AWS Glue DataBrew、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon Elastic Kubernetes Service (Amazon EKS)、 Amazon EventBridge、 AWS Fault Injection Service、 Amazon Fraud Detector、 Amazon FSx、 Amazon GameLift サーバー、 Amazon Location Service、 AWS IoT、 Amazon Lex、Amazon Lightsail、 Amazon Pinpoint、 AWS OpsWorks AWS Panorama、、 AWS Resource Access Manager、 Amazon QuickSight、 Amazon Relational Database Service (Amazon RDS)、 Amazon Rekognition、 AWS RoboMaker、 AWS Resource Groups、 Amazon Route 53、 Amazon Simple Storage Service (Amazon S3) AWS Cloud Map、、 および AWS Security Token Service。

 2022 年 10 月 19 日

AWSConfigServiceRolePolicy – 追加: Glue::GetTable

このポリシーは、指定された AWS Glue テーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

 2022 年 9 月 14 日

AWS_ConfigRole – 追加 Glue::GetTable

このポリシーは、指定された AWS Glue テーブルのデータカタログ内のテーブル定義を取得するアクセス許可を付与するようになりました。

 2022 年 9 月 14 日

AWSConfigServiceRolePolicy – 追加 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS)、 Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9、 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue、 AWS IoT、 AWS IoT Analytics AWS IoT Events、 AWS IoT SiteWise AWS IoT TwinMaker、 AWS License Manager、 AWS Lake Formation、 AWS Resilience Hub、、 AWS Signer、 および AWS Transfer Family。

 2022 年 9 月 7 日

AWS_ConfigRole – 追加: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

このポリシーは、Amazon AppFlow、 Amazon CloudWatch、 Amazon CloudWatch RUM、 Amazon CloudWatch Synthetics、 Amazon Connect Customer Profiles、 Amazon Connect Voice ID、 Amazon DevOpsGuru、 Amazon Elastic Compute Cloud (Amazon EC2)、 Amazon EC2 Auto Scaling、 Amazon EMR、 Amazon EventBridge、 Amazon EventBridge スキーマ、 Amazon FinSpace、 Amazon Fraud Detector、 Amazon GameLift サーバー、 Amazon Interactive Video Service (Amazon IVS)、 Amazon Managed Service for Apache Flink、 EC2 Image Builder、 Amazon Lex、Amazon Lightsail、 Amazon Location Service、 Amazon Lookout for Equipment、 Amazon Lookout for Metrics、 Amazon Lookout for Vision、 Amazon Managed Blockchain、 Amazon MQ、 Amazon Nimble StudioAmazon Pinpoint、 Amazon QuickSight、 Amazon Application Recovery Controller (ARC) Amazon Route 53 Resolver、、 Amazon Simple Storage Service (Amazon S3)、 Amazon SimpleDB、 Amazon Simple Email Service (Amazon SES)、 Amazon Timestream、 AWS AppConfig AWS AppSync、 AWS Auto Scaling、 AWS Backup、 AWS Budgets、 AWS Cost Explorer AWS Cloud9、 AWS Directory Service AWS DataSync、 AWS Elemental MediaPackage、 AWS Glue、 AWS IoT、 AWS IoT Analytics AWS IoT Events、 AWS IoT SiteWise AWS IoT TwinMaker、 AWS License Manager、 AWS Lake Formation、 AWS Resilience Hub、、 AWS Signer、 および AWS Transfer Family

 2022 年 9 月 7 日

AWSConfigServiceRolePolicy – 追加: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

このポリシーは、 のエージェント、DataSync の送信元と送信先の場所、DataSync AWS アカウントタスクのリスト AWS DataSync を返すアクセス許可、 の 1 つ以上の指定された名前空間に関連付けられている名前空間とサービスに関する AWS Cloud Map 概要情報を一覧表示するアクセス許可、 AWS アカウントおよび で使用できるすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示するアクセス許可を付与するようになりました AWS アカウント。

 2022 年 8 月 22 日

AWS_ConfigRole – 追加: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

このポリシーは、 のエージェント、DataSync の送信元と送信先の場所、DataSync AWS アカウントタスクのリスト AWS DataSync を返すアクセス許可、 の 1 つ以上の指定された名前空間に関連付けられている名前空間とサービスに関する AWS Cloud Map 概要情報を一覧表示するアクセス許可、 AWS アカウントおよび で使用できるすべての Amazon Simple Email Service (Amazon SES) 連絡先リストを一覧表示するアクセス許可を付与するようになりました AWS アカウント。

 2022 年 8 月 22 日

ConfigConformsServiceRolePolicy – 追加: cloudwatch:PutMetricData

このポリシーは、メトリクスデータポイントを Amazon CloudWatch に発行する許可を付与するようになりました。

 2022 年 7 月 25 日

AWSConfigServiceRolePolicy – 追加: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

このポリシーは、Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3) AWS RoboMaker、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync AWS Billing Conductor、、、 AWS Firewall Manager、 AWS DataSync、 AWS IAM Identity Center 、(IAM アイデンティティセンター) AWS Glue、EC2 Image Builder、および Elastic Load Balancing に対する追加のアクセス許可をサポートするようになりました。

 2022 年 7 月 15 日

AWS_ConfigRole – 追加: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

このポリシーは、Amazon Elastic Container Service (Amazon ECS)、Amazon ElastiCache、Amazon EventBridge、Amazon FSx、Amazon Managed Service for Apache Flink、Amazon Location Service、Amazon Managed Streaming for Apache Kafka、Amazon QuickSight、Amazon Rekognition、Amazon Simple Storage Service (Amazon S3) AWS RoboMaker、Amazon Simple Email Service (Amazon SES) AWS Amplify、 AWS AppConfig AWS AppSync AWS Billing Conductor、、、 AWS Firewall Manager、 AWS DataSync、 AWS IAM Identity Center 、(IAM アイデンティティセンター) AWS Glue、EC2 Image Builder、および Elastic Load Balancing に対する追加のアクセス許可をサポートするようになりました。

 2022 年 7 月 15 日

AWSConfigServiceRolePolicy – 追加: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

このポリシーは、指定された Amazon Athena データカタログを取得するアクセス許可を付与するようになりました。 で Athena データカタログを一覧表示します AWS アカウント。 および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。 Amazon Detective 動作グラフのリストと Detective 動作グラフのタグのリストを取得するには 特定の AWS Glue 開発エンドポイント名のリストのリソースメタデータのリストを取得します。 指定された AWS Glue 開発エンドポイントに関する情報を取得する で AWS Glue すべての開発エンドポイントを取得する AWS アカウント指定された AWS Glue セキュリティ設定を取得する すべての AWS Glue セキュリティ設定を取得する AWS Glue リソースに関連付けられたタグのリストを取得する 指定された名前の AWS Glue ワークグループに関する情報を取得します。 アカウント内のすべての AWS Glue AWS クローラリソースの名前を取得する 内のすべての AWS Glue DevEndpointリソースの名前を取得する AWS アカウント内のすべての AWS Glue ジョブリソースの名前を一覧表示します AWS アカウント。 AWS Glue メンバーアカウントの詳細を取得する アカウントで作成された AWS Glue ワークフローの名前を一覧表示します。 および アカウントで使用可能な AWS Glue ワークグループを一覧表示します。 Amazon GuardDuty フィルターの詳細を取得するには、 GuardDuty IPSet を取得する GuardDuty ThreatIntelSet を取得する GuardDuty メンバーアカウントの取得 GuardDuty フィルターのリストを取得する GuardDuty サービスの IPSets を取得する GuardDuty サービスのタグを取得する GuardDuty サービスの ThreatIntelSets を取得します。 Amazon Macie アカウントの現在のステータスと設定を取得するには AWS Resource Access Manager (AWS RAM) リソース共有のリソースとプリンシパルの関連付けを取得し、リソース共有の詳細 AWS RAM を取得する。 Amazon Simple Email Service (Amazon SES) の既存の設定セットに関する情報を取得するには、 Amazon SES 設定セットに関連付けられているイベント送信先のリストを取得します。 および Amazon SES アカウントに関連付けられているすべての設定セットを一覧表示します。 Identity Center ディレクトリ属性のリストを取得するには、 AWS IAM Identity Center アクセス許可セットの詳細を取得する 指定された IAM Identity Center アクセス許可セットにアタッチされている IAM 管理ポリシーを取得します。 IAM Identity Center インスタンスのアクセス許可セットを取得する および は、IAM Identity Center リソースのタグを取得します。

 2022 年 5 月 31 日

AWS_ConfigRole – 追加: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

このポリシーは、指定された Amazon Athena データカタログを取得するアクセス許可を付与するようになりました。 で Athena データカタログを一覧表示します AWS アカウント。 および Athena ワークグループまたはデータカタログリソースに関連付けられたタグを一覧表示します。 Amazon Detective 動作グラフのリストと Detective 動作グラフのタグのリストを取得するには 特定の AWS Glue 開発エンドポイント名のリストのリソースメタデータのリストを取得します。 指定された AWS Glue 開発エンドポイントに関する情報を取得する で AWS Glue すべての開発エンドポイントを取得する AWS アカウント指定された AWS Glue セキュリティ設定を取得する すべての AWS Glue セキュリティ設定を取得する AWS Glue リソースに関連付けられたタグのリストを取得する 指定された名前の AWS Glue ワークグループに関する情報を取得します。 アカウント内のすべての AWS Glue AWS クローラリソースの名前を取得する 内のすべての AWS Glue DevEndpointリソースの名前を取得する AWS アカウント内のすべての AWS Glue ジョブリソースの名前を一覧表示します AWS アカウント。 AWS Glue メンバーアカウントの詳細を取得する アカウントで作成された AWS Glue ワークフローの名前を一覧表示します。 および アカウントで使用可能な AWS Glue ワークグループを一覧表示します。 Amazon GuardDuty フィルターの詳細を取得するには、 GuardDuty IPSet を取得する GuardDuty ThreatIntelSet を取得する GuardDuty メンバーアカウントの取得 GuardDuty フィルターのリストを取得する GuardDuty サービスの IPSets を取得する GuardDuty サービスのタグを取得する GuardDuty サービスの ThreatIntelSets を取得します。 Amazon Macie アカウントの現在のステータスと設定を取得するには AWS Resource Access Manager (AWS RAM) リソース共有のリソースとプリンシパルの関連付けを取得し、リソース共有の詳細 AWS RAM を取得する。 Amazon Simple Email Service (Amazon SES) の既存の設定セットに関する情報を取得するには、 Amazon SES 設定セットに関連付けられているイベント送信先のリストを取得します。 および Amazon SES アカウントに関連付けられているすべての設定セットを一覧表示します。 Identity Center ディレクトリ属性のリストを取得するには、 AWS IAM Identity Center アクセス許可セットの詳細を取得する 指定された IAM Identity Center アクセス許可セットにアタッチされている IAM 管理ポリシーを取得します。 IAM Identity Center インスタンスのアクセス許可セットを取得する および は、IAM Identity Center リソースのタグを取得します。

 2022 年 5 月 31 日

AWSConfigServiceRolePolicy – 追加: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

このポリシーは、すべてまたは指定された AWS CloudTrail イベントデータストア (EDS) に関する情報の取得、すべてまたは指定された AWS CloudFormation リソースに関する情報の取得、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、アクセスされている現在のリージョンのアカウントの AWS Database Migration Service (AWS DMS) レプリケーションタスクに関する情報の取得、および AWS Organizations 指定されたタイプの のすべてのポリシーのリストの取得を行うアクセス許可を付与するようになりました。

 2022 年 4 月 7 日

AWS_ConfigRole – 追加: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

このポリシーは、すべてまたは指定された AWS CloudTrail イベントデータストア (EDS) に関する情報の取得、すべてまたは指定された AWS CloudFormation リソースに関する情報の取得、DynamoDB Accelerator (DAX) パラメータグループまたはサブネットグループのリストの取得、アクセスされている現在のリージョンのアカウントの AWS Database Migration Service (AWS DMS) レプリケーションタスクに関する情報の取得、および AWS Organizations 指定されたタイプの のすべてのポリシーのリストの取得を行うアクセス許可を付与するようになりました。

 2022 年 4 月 7 日

AWSConfigServiceRolePolicy – 追加: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

このポリシーは AWS Backup、、 AWS Batch DynamoDB Accelerator、 AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、、Amazon Relational Database Service AWS OpsWorks、 AWS WAF V2、Amazon WorkSpaces に対する追加のアクセス許可をサポートするようになりました。

 2022 年 3 月 14 日

AWS_ConfigRole – 追加: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

このポリシーは AWS Backup、、 AWS Batch DynamoDB Accelerator、 AWS Database Migration Service、Amazon DynamoDB、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Elastic Kubernetes Service、Amazon FSx、Amazon GuardDuty AWS Key Management Service、、Amazon Relational Database Service AWS OpsWorks、 AWS WAF V2、Amazon WorkSpaces に対する追加のアクセス許可をサポートするようになりました。

 2022 年 3 月 14 日

AWSConfigServiceRolePolicy – 追加: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定内容に関する説明の取得、OpenSearch または Elasticsearch バージョンのマップの取得、データベースに利用できる Amazon RDS オプショングループの説明、および CodeDeploy デプロイ設定に関する情報の取得を実行する許可を付与するようになりました。このポリシーは、 にアタッチされた指定された代替連絡先の取得 AWS アカウント、 AWS Organizations ポリシーに関する情報の取得、Amazon ECR リポジトリポリシーの取得、アーカイブされた AWS Config ルールに関する情報の取得、Amazon ECS タスク定義ファミリーのリストの取得、指定された子 OU またはアカウントのルートまたは親組織単位 (OUs) のリスト、指定されたターゲットルート、組織単位、またはアカウントにアタッチされたポリシーのリストを取得するアクセス許可も付与するようになりました。

 2022 年 2 月 10 日

AWS_ConfigRole – 追加: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

このポリシーは、Elastic Beanstalk 環境の詳細と、指定された Elastic Beanstalk 設定セットの設定内容に関する説明の取得、OpenSearch または Elasticsearch バージョンのマップの取得、データベースに利用できる Amazon RDS オプショングループの説明、および CodeDeploy デプロイ設定に関する情報の取得を実行する許可を付与するようになりました。このポリシーは、 にアタッチされた指定された代替連絡先の取得 AWS アカウント、 AWS Organizations ポリシーに関する情報の取得、Amazon ECR リポジトリポリシーの取得、アーカイブされた AWS Config ルールに関する情報の取得、Amazon ECS タスク定義ファミリーのリストの取得、指定された子 OU またはアカウントのルートまたは親組織単位 (OUs) のリスト、指定されたターゲットルート、組織単位、またはアカウントにアタッチされたポリシーのリストを取得するアクセス許可も付与するようになりました。

 2022 年 2 月 10 日

AWSConfigServiceRolePolicy – 追加: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

このポリシーは、Amazon CloudWatch ロググループおよびストリームを作成し、作成したログストリームにログを書き込むアクセス許可を付与するようになりました。

 2021 年 12 月 15日

AWS_ConfigRole – 追加: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

このポリシーは、Amazon CloudWatch ロググループおよびストリームを作成し、作成したログストリームにログを書き込むアクセス許可を付与するようになりました。

 2021 年 12 月 15 日

AWSConfigServiceRolePolicy – 追加: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

このポリシーは、今は Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得する権限と、特定の Amazon Relational Database Service (Amazon RDS) DB パラメータグループの詳細なパラメータリストを取得するアクセスを許可します。このポリシーは、Amazon ElastiCache のスナップショットの詳細を取得するアクセスも許可します。

 2021 年 9 月 8 日

AWS_ConfigRole – 追加: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

このポリシーは、今は Amazon OpenSearch Service (OpenSearch Service) ドメイン/ドメインの詳細を取得する権限と、特定の Amazon Relational Database Service (Amazon RDS) DB パラメータグループの詳細なパラメータリストを取得するアクセスを許可します。このポリシーは、Amazon ElastiCache のスナップショットの詳細を取得するアクセスも許可します。

 2021 年 9 月 8 日

AWSConfigServiceRolePolicy – logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine、および AWS リソースタイプの追加のアクセス許可を追加する

このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、 AWS Database Migration Service、 AWS Global Accelerator、および に対する追加のアクセス許可もサポートされるようになりました AWS Storage Gateway。

 2021 年 7 月 28 日

AWS_ConfigRole – AWS リソースタイプの l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachineと追加のアクセス許可を追加する

このポリシーは、ロググループのタグの一覧表示、ステートマシンのタグの一覧表示、すべてのステートマシンの一覧表示を行うアクセスを許可します。このポリシーでは、ステートマシンに関する詳細を取得するアクセスを許可するようになりました。このポリシーでは、Amazon EC2 Systems Manager (SSM)、Amazon Elastic Container Registry、Amazon FSx、Amazon Data Firehose、Amazon Managed Streaming for Apache Kafka (Amazon MSK)、Amazon Relational Database Service (Amazon RDS)、Amazon Route 53、Amazon SageMaker AI、Amazon Simple Notification Service、 AWS Database Migration Service、 AWS Global Accelerator、および に対する追加のアクセス許可もサポートされるようになりました AWS Storage Gateway。

 2021 年 7 月 28 日

AWSConfigServiceRolePolicy – AWS リソースタイプのアクセス許可の追加ssm:DescribeDocumentPermissionと追加

このポリシーは、 AWS Systems Manager ドキュメントのアクセス許可とIAM Access Analyzer に関する情報の閲覧を許可するようになりました。このポリシーは、Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53、Amazon Relational Database Service (Amazon RDS) の追加 AWS リソースタイプをサポートするようになりました。これらのアクセス許可の変更により AWS Config 、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。このポリシーでは、lambda-inside-vpc マネージドルールの Lambda AWS Config @Edge 関数のフィルタリングもサポートされるようになりました。

 2021 年 6 月 8 日

AWS_ConfigRole – AWS リソースタイプのアクセス許可の追加ssm:DescribeDocumentPermissionと追加

このポリシーは、 AWS Systems Manager ドキュメントのアクセス許可とIAM Access Analyzer に関する情報の閲覧を許可するようになりました。このポリシーは、Amazon Kinesis、Amazon ElastiCache、Amazon EMR AWS Network Firewall、Amazon Route 53、Amazon Relational Database Service (Amazon RDS) の追加 AWS リソースタイプをサポートするようになりました。これらのアクセス許可の変更により AWS Config 、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。このポリシーでは、lambda-inside-vpc マネージドルールの Lambda@ AWS Config Edge 関数のフィルタリングもサポートされるようになりました。

 2021 年 6 月 8 日

AWSConfigServiceRolePolicy – 追加: API Gateway に対して読み取り専用の GET 呼び出しを行う apigateway:GET アクセス許可と、Amazon S3 読み取り専用 API を呼び出す s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus アクセス許可

このポリシーは、 API Gateway の AWS Config ルールをサポートするために API Gateway への読み取り専用 GET 呼び出しを AWS Config が実行できるアクセス許可を付与するようになりました。このポリシーでは、 が Amazon Simple Storage Service (Amazon S3) 読み取り専用 APIs AWS Config を呼び出すことを許可するアクセス許可も追加されます。これは、新しいAWS::S3::AccessPointリソースタイプをサポートするために必要です。

 2021 年 5 月 10 日

AWS_ConfigRole – 追加: API Gateway に対して読み取り専用 GET 呼び出しを行う apigateway:GET アクセス許可と、Amazon S3 読み取り専用 API を呼び出す s3:GetAccessPointPolicy アクセス許可と s3:GetAccessPointPolicyStatus アクセス許可

このポリシーは、 for API Gateway をサポートするために、 AWS Config が AWS Config API Gateway への読み取り専用 GET 呼び出しを行うことを許可するアクセス許可を付与するようになりました。このポリシーでは、 が Amazon Simple Storage Service (Amazon S3) 読み取り専用 APIs AWS Config を呼び出すことを許可するアクセス許可も追加されます。これは、新しいAWS::S3::AccessPointリソースタイプをサポートするために必要です。

 2021 年 5 月 10 日

AWSConfigServiceRolePolicy – AWS リソースタイプのssm:ListDocumentsアクセス許可と追加のアクセス許可を追加する

このポリシーは、指定した AWS Systems Manager ドキュメントに関する情報を表示するアクセス許可を付与します。このポリシーでは AWS Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI AWS Database Migration Service、Amazon Route 53 の追加 AWS リソースタイプもサポートされるようになりました。これらのアクセス許可の変更により AWS Config 、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。

 2021 年 4 月 1 日

AWS_ConfigRole – AWS リソースタイプのssm:ListDocumentsアクセス許可と追加のアクセス許可を追加する

このポリシーは、指定した AWS Systems Manager ドキュメントに関する情報を表示するアクセス許可を付与します。このポリシーでは AWS Backup、Amazon Elastic File System、Amazon ElastiCache、Amazon Simple Storage Service (Amazon S3)、Amazon Elastic Compute Cloud (Amazon EC2)、Amazon Kinesis、Amazon SageMaker AI AWS Database Migration Service、Amazon Route 53 の追加 AWS リソースタイプもサポートされるようになりました。これらのアクセス許可の変更により AWS Config 、 はこれらのリソースタイプをサポートするために必要な読み取り専用 APIs を呼び出すことができます。

 2021 年 4 月 1 日

AWSConfigRole は廃止に

AWSConfigRole は廃止されました。交換ポリシーは AWS_ConfigRole です。

 2021 年 4 月 1 日

AWS Config が変更の追跡を開始しました

AWS Config は、 AWS 管理ポリシーの変更の追跡を開始しました。

 2021 年 4 月 1 日