AWS 受管理的政策 AWS Config - AWS Config
AWSConfigServiceRolePolicyAWS_ConfigRoleAWSConfigUserAccessConfigConformsServiceRolePolicyAWSConfigRulesExecutionRoleAWSConfigMultiAccountSetupPolicyAWSConfigRoleForOrganizationsAWSConfigRemediationServiceRolePolicy政策更新

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS 受管理的政策 AWS Config

受 AWS 管理的策略是由建立和管理的獨立策略 AWS。 AWS 受管理的策略旨在為許多常見使用案例提供權限,以便您可以開始將權限指派給使用者、群組和角色。

請記住, AWS 受管理的政策可能不會為您的特定使用案例授與最低權限權限,因為這些權限可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。

您無法變更受 AWS 管理策略中定義的權限。如果 AWS 更新 AWS 受管理原則中定義的權限,則此更新會影響附加原則的所有主體識別 (使用者、群組和角色)。 AWS 當新的啟動或新 AWS 服務 的 API 操作可用於現有服務時,最有可能更新 AWS 受管理策略。

如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策

AWS 受管理的策略:AWSConfigServiceRolePolicy

AWS Config 使用指AWSServiceRoleForConfig定的服務連結角色代表您呼叫其他 AWS 服務。當您使用進行設 AWS Management Console 定時 AWS Config, AWS Config 如果您選取使用 SLR 的選項,而不是您自己的 AWS Identity and Access Management (IAM) 服務角色,則會自動建立此 AWS Config SLR。

AWSServiceRoleForConfig SLR 包含受管政策 AWSConfigServiceRolePolicy。此受管理的原則包含 AWS Config 資源的唯讀和唯寫權限,以及其他支援之服務中資源的 AWS Config 唯讀權限。如需詳細資訊,請參閱 支援的資源類型使用服務連結角色 AWS Config

檢視政策:AWSConfigServiceRolePolicy

AWS 受管理的策略:AWS_ConfigRole

若要記錄您的 AWS 資源組態, AWS Config 需要 IAM 許可以取得有關資源的組態詳細資料。如果想要為 AWS Config建立 IAM 角色,您可以使用受管政策 AWS_ConfigRole 並將其連接到 IAM 角色。

每次新 AWS Config 增 AWS 資源類型支援時,都會更新此 IAM 政策。這表示只要 AWS_ ConfigRole 角色已附加此受管理原則,就 AWS Config 會繼續擁有記錄支援資源類型之組態資料的必要權限。如需詳細資訊,請參閱 支援的資源類型指派給的 IAM 角色的許可 AWS Config

檢視以下原則:AWS_ ConfigRole

AWS 受管理的策略:AWSConfigUserAccess

此 IAM 政策提供使用權限 AWS Config,包括按資源上的標籤搜尋和讀取所有標籤。這不會提供設定權限 AWS Config,因此需要管理權限。

檢視政策:AWSConfigUserAccess

AWS 受管理的策略:ConfigConformsServiceRolePolicy

若要部署和管理一致性套件, AWS Config 需要 IAM 許可和其他 AWS 服務的特定許可。這些功能可讓您部署和管理具有完整功能的一致性套件,並且每次新 AWS Config 增一致性套件的新功能時都會更新。如需一致性套件的詳細資訊,請參閱《一致性套件》。

檢視原則:ConfigConformsServiceRole原則

AWS 受管理的策略:AWSConfigRulesExecutionRole

若要部署 AWS 自訂 Lambda 規則, AWS Config 需要 IAM 許可和來自其他 AWS 服務的特定許可。這些 AWS Lambda 功能可讓函數存取 AWS Config API 和定期交 AWS Config 付給 Amazon S3 的組態快照。評估 AWS 自訂 Lambda 規則組態變更的函數需要此存取權,每次新 AWS Config 增功能時都會更新。如需 AWS 自訂 Lambda 規則的詳細資訊,請參閱建立 AWS Config 自訂 Lambda 規則和規 AWS Config則的元件。如需組態快照的詳細資訊,請參閱《概念 | 組態快照》。如需交付組態快照的詳細資訊,請參閱《管理交付通道》。

檢視政策:AWSConfigRulesExecutionRole

AWS 受管理的策略:AWSConfigMultiAccountSetupPolicy

若要跨組織中的成員帳戶集中部署、更新和刪除 AWS Config 規則和一致性套件 AWS Organizations,則 AWS Config 需要 IAM 許可和其他 AWS 服務的特定許可。每次為多帳戶設定新 AWS Config 增功能時,都會更新此受管理政策。如需詳細資訊,請參閱管理組織中所有帳戶的 AWS Config 規則和管理組織中所有帳戶的一致性套件

檢視政策:AWSConfigMultiAccountSetupPolicy

AWS 受管理的策略:AWSConfigRoleForOrganizations

若 AWS Config 要允許呼叫唯讀 AWS Organizations API, AWS Config 需要 IAM 許可和其他 AWS 服務的特定許可。每次為多帳戶設定新 AWS Config 增功能時,都會更新此受管理政策。如需詳細資訊,請參閱管理組織中所有帳戶的 AWS Config 規則和管理組織中所有帳戶的一致性套件

檢視政策:AWSConfigRoleForOrganizations

AWS 受管理的策略:AWSConfigRemediationServiceRolePolicy

若 AWS Config 要允許代表您修復NON_COMPLIANT資源, AWS Config 需要 IAM 許可和其他 AWS 服務的特定許可。每次新 AWS Config 增補救功能時,此受管理策略都會更新。如需有關修正的詳細資訊,請參閱使用規則修復不符合 AWS Config 資源。如需有關啟動可能 AWS Config 評估結果之條件的詳細資訊,請參閱概念 | AWS Config 規則

檢視政策:AWSConfigRemediationServiceRolePolicy

AWS ConfigAWS 受管理策略的更新

檢視 AWS Config 自此服務開始追蹤這些變更以來的 AWS 受管理策略更新詳細資料。如需有關此頁面變更的自動警示,請訂閱「 AWS Config 文件歷史記錄」頁面上的 RSS 摘要。

變更 描述 日期

AWS_ConfigRole – 新增 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource"

此政策現在支援亞 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 適用於 SAP 的 AWS Systems Manager.

 2024年6月17日

AWSConfigServiceRolePolicy – 新增 elasticfilesystem:DescribeTags," "redshift:DescribeTags", and "ssm-sap:ListTagsForResource"

此政策現在支援亞 Amazon Elastic File System (Amazon EFS)、Amazon Redshift 和 適用於 SAP 的 AWS Systems Manager.

 2024年6月17日
AWS_ConfigRole – 新增 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

此政策現在支援 Prometheus、Amazon、Amazon Cognito、Amazon、Amazon FSX、 AWS Identity and Access Management (IAM) CloudWatch、、、Amazon Redshift 無伺服器 ElastiCache AWS Glue、Amazon 和亞馬遜簡單通知服務 (Amazon SNS) 的亞馬遜 SageMaker受管服務的其他許可。 AWS Lambda AWS RAM

 2024年2月22 日
AWSConfigServiceRolePolicy – 新增 "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"

此政策現在支援 Prometheus、Amazon、Amazon Cognito、Amazon、Amazon FSX、 AWS Identity and Access Management (IAM) CloudWatch、、、Amazon Redshift 無伺服器 ElastiCache AWS Glue、Amazon 和亞馬遜簡單通知服務 (Amazon SNS) 的亞馬遜 SageMaker受管服務的其他許可。 AWS Lambda AWS RAM

 2024年2月22 日

AWSConfigUserAccess— AWS Config 開始追蹤此 AWS 受管理政策的變更

此原則提供使用權限 AWS Config,包括按資源上的標籤搜尋和讀取所有標籤。這不會提供設定權限 AWS Config,因此需要管理權限。

 2024年2月22 日
AWS_ConfigRole – 新增 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

此政策現在支援適用於 Prometheus AWS AppConfig、()、 AWS Database Migration Service (AWS DMSAWS Identity and Access Management) IAM 的 Amazon 受管服務、Apache 卡夫卡 (Amazon MSK)、Amazon CloudWatch 日誌和 Amazon 簡單儲存服務 (Amazon S3) 的其他許可。 AWS Organizations

 2023 年 12 月 5 日
AWSConfigServiceRolePolicy – 新增 "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"

此政策現在支援適用於 Prometheus AWS AppConfig、()、 AWS Database Migration Service (AWS DMSAWS Identity and Access Management) IAM 的 Amazon 受管服務、Apache 卡夫卡 (Amazon MSK)、Amazon CloudWatch 日誌和 Amazon 簡單儲存服務 (Amazon S3) 的其他許可。 AWS Organizations

 2023 年 12 月 5 日
AWS_ConfigRole – 新增 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon 關係資料庫服務 (Amazon RDS)、Amazon Redshift、Amazon 路線 53 和. QuickSight AWS Service Catalog AWS Transfer Family

 2023 年 11 月 17 日
AWS_ConfigRole – 新增 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

此政策現在會新增AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementIDAWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

 2023 年 11 月 17 日
AWSConfigServiceRolePolicy – 新增 "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"

此政策現在支援 Amazon Cognito、Amazon Connect、Amazon EMR、 AWS Ground Station AWS Mainframe Modernization、Amazon MemoryDB AWS Organizations、Amazon 關係資料庫服務 (Amazon RDS)、Amazon Redshift、Amazon 路線 53 和. QuickSight AWS Service Catalog AWS Transfer Family

 2023 年 11 月 17 日
AWSConfigServiceRolePolicy – 新增 "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"

此政策現在會新增AWSConfigServiceRolePolicyStatementIDAWSConfigSLRLogStatementIDAWSConfigSLRLogEventStatementIDAWSConfigSLRApiGatewayStatementID 的安全性識別碼 (SID)。

 2023 年 11 月 17 日
AWS_ConfigRole – 新增 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

該政策現在支持 Amazon Connect AWS Private CA AWS App Mesh,Amazon Elastic Container Service (Amazon ECS),Amazon CloudWatch 顯然,Amazon 託管 Grafana,Amazon,亞 Amazon Inspector 器 GuardDuty,Amazon Managed Streaming for Apache Kafka(Amazon MSK) AWS IoT TwinMaker,,,和 Amazon 的其他許可。 AWS IoT AWS Lambda AWS Network Manager AWS Organizations SageMaker

 2023 年 10 月 4 日
AWSConfigServiceRolePolicy – 新增 "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"

該政策現在支持 Amazon Connect AWS Private CA AWS App Mesh,Amazon Elastic Container Service (Amazon ECS),Amazon CloudWatch 顯然,Amazon 託管 Grafana,Amazon,亞 Amazon Inspector 器 GuardDuty,Amazon Managed Streaming for Apache Kafka(Amazon MSK) AWS IoT TwinMaker,,,和 Amazon 的其他許可。 AWS IoT AWS Lambda AWS Network Manager AWS Organizations SageMaker

 2023 年 10 月 4 日
AWSConfigServiceRolePolicy— 移除 "ssm:GetParameter"

此原則現在會移除 AWS Systems Manager (Systems Manager) 的權限。

 2023 年 9 月 6 日
AWS_ConfigRole – 新增 "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy"

此政策現在支援 Apache 卡夫卡 AWS App Mesh AWS CloudFormation、Amazon 瑪奇 CloudFront AWS CodeArtifact、 AWS CodeBuild、、、Amazon 路線 53 AWS Glue GuardDuty、亞 Amazon Inspector 遜簡單儲存服務 AWS Identity and Access Management (Amazon S3) 和 Amazon 簡單通知服務 (Amazon SNS) 的、Amazon 管理串流 AWS Elemental MediaConnect、、 AWS Network Manager AWS Organizations、Amazon Connect AWS 資源總管、、亞馬遜連接、亞馬遜、(IAM)、亞馬遜管理串流的額外許可。 AWS IoT AWS IoT TwinMaker AWS IoT Wireless

 2023 年 7 月 28 日
AWSConfigServiceRolePolicy – 新增 "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource"

此政策現在支援 Amazon AppStream 2.0 AWS App Mesh,, Amazon,, AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact, Amazon AWS CodeBuild, AWS Identity and Access Management (IAM) AWS Glue, Amazon 檢查器 GuardDuty,,, Amazon 管理流的額外許可 AWS IoT AWS IoT TwinMaker AWS IoT Wireless, Amazon 卡夫卡, Amazon Macie 奇,,,, Amazon 路線 53 AWS Elemental MediaConnect AWS Network Manager AWS Organizations AWS 資源總管, 亞馬遜 Simple Storage Service (Amazon S3), 亞馬遜 Simple Notification Service (Amazon SNS), 和 Amazon EC2 Systems Manager (SSM).

 2023 年 7 月 28 日
AWS_ConfigRole – 新增 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

該政策現在支持其他許可 AWS Amplify, Amazon Connect AWS App Mesh,, Amazon 雅典娜,,, Amazon DynamoDB, Amazon DynamoDB AWS Batch AWS CloudFormation AWS CloudTrail AWS CodeArtifact CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch 明顯, Amazon Forecast,,, (IAM) AWS Organizations, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management (Amazon MSK), Amazon Lightsail, 亞 Amazon Pinpoint CloudWatch 日誌, 亞 Amazon Virtual Private Cloud AWS Elemental MediaConnect, AWS Elemental MediaTailor亞馬遜 AWS IoT Greengrass AWS Ground Station VPC),Amazon Personalize 化,Amazon QuickSight AWS Migration Hub Refactor Spaces,Amazon Simple Storage Service (Amazon S3),Amazon SageMaker, AWS Transfer Family。

 2023 年 6 月 13 日
AWSConfigServiceRolePolicy – 新增 "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"

該政策現在支持其他許可 AWS Amplify, Amazon Connect AWS App Mesh,, Amazon 雅典娜,,, Amazon DynamoDB, Amazon DynamoDB AWS Batch AWS CloudFormation AWS CloudTrail AWS CodeArtifact CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch 明顯, Amazon Forecast,,, (IAM) AWS Organizations, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management (Amazon MSK), Amazon Lightsail, 亞 Amazon Pinpoint CloudWatch 日誌, 亞 Amazon Virtual Private Cloud AWS Elemental MediaConnect, AWS Elemental MediaTailor亞馬遜 AWS IoT Greengrass AWS Ground Station VPC),Amazon Personalize 化,Amazon QuickSight AWS Migration Hub Refactor Spaces,Amazon Simple Storage Service (Amazon S3),Amazon SageMaker, AWS Transfer Family。

 2023 年 6 月 13 日
AWSConfigServiceRolePolicy – 新增 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

此政策現在支援 Amazon 受管工作流程的 AWS Amplify額外許可 CloudFront,, AWS CodeArtifact, Amazon 彈性運算雲, Amazon 肯德拉, Amazon Macie, Amazon 路線 53, Amazon SageMaker, Amazon Pinpoint AWS Transfer Family, AWS 彈性中樞 AWS Migration Hub, Amazon, AWS Directory Service CloudWatch, 和. AWS App Mesh AWS App Runner AWS WAF

 2023 年 4 月 13 日
AWS_ConfigRole – 新增 amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations

此政策現在支援 Amazon 受管工作流程的 AWS Amplify額外許可 CloudFront,, AWS CodeArtifact, Amazon 彈性運算雲, Amazon 肯德拉, Amazon Macie, Amazon 路線 53, Amazon SageMaker, Amazon Pinpoint AWS Transfer Family, AWS 彈性中樞 AWS Migration Hub, Amazon, AWS Directory Service CloudWatch, 和. AWS App Mesh AWS App Runner AWS WAF

 2023 年 4 月 13 日
AWSConfigServiceRolePolicy – 新增 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

此政策現在支援 Amazon 管理工作流程的其他許可 AppFlow AWS App Runner CloudFront,Amazon AppStream 2.0 CloudWatch,Amazon AWS CodeArtifact, AWS CodeCommit Amazon AWS Device Farm,Amazon CloudWatch 預測, AWS Identity and Access Management (IAM), AWS Ground Station Amazon MemoryDB AWS IoT,Amazon 針點,亞馬 Amazon Relational Database Service(Amazon RDS),Amazon Redshift 和 Amazon。 AWS Network Manager AWS Panorama SageMaker

 2023 年 3 月 30 日
AWS_ConfigRole – 新增 appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions

此政策現在支援 Amazon、Amazon AppStream 2.0 AppFlow、Amazon AWS App Runner、Amazon 彈性運算雲 (Amazon EC2) CloudWatch AWS CodeArtifact AWS CodeCommit AWS Device Farm、Amazon CloudWatch Elastic Compute Cloud (Amazon EC2)、Amazon 預測、 AWS Identity and Access Management (IAM) AWS Ground Station AWS IoT、Amazon MemoryDB 的額外許可,Amazon Pinpoint 關係資料庫服務 (Amazon RDS)、Amazon Redshift 和 Amazon。 AWS CloudFormation CloudFront AWS Network Manager AWS Panorama SageMaker

 2023 年 3 月 30 日

AWSConfigRulesExecutionRole— AWS Config 開始追蹤此 AWS 受管理政策的變更

此政策允許 AWS Lambda 函數存取 AWS Config API 和定期交 AWS Config 付給 Amazon S3 的組態快照。評估 AWS 自訂 Lambda 規則之組態變更的函數需要此存取權。

 2023 年 3 月 7 日

AWSConfigRoleForOrganizations— AWS Config 開始追蹤此 AWS 受管理政策的變更

此原則允 AWS Config 許呼叫唯讀 AWS Organizations API。

 2023 年 3 月 7 日

AWSConfigRemediationServiceRolePolicy— AWS Config 開始追蹤此 AWS 受管理政策的變更

此原則允 AWS Config 許代表您修復NON_COMPLIANT資源。

 2023 年 3 月 7 日

AWSConfigServiceRolePolicy – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。

 2023 年 3 月 3 日

AWS_ConfigRole – 新增 auditmanager:GetAccountStatus

此政策現在會授予可傳回 AWS Audit Manager帳戶註冊狀態的許可。

 2023 年 3 月 3 日

AWSConfigMultiAccountSetupPolicy— AWS Config 開始追蹤此 AWS 受管理政策的變更

此原則 AWS Config 允許在組織中呼叫 AWS 服務和部署 AWS Config 資源 AWS Organizations。

 2023 年 2 月 27 日

AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Apache 氣流、Amazon AppStream 2.0、Amazon CodeGuru 審閱者 AWS IoT、Amazon Kinesis 影片串流、Amazon 路線 53 應用程式恢復控制器、Amazon 彈性運算雲端 (Amazon EC2) AWS Device Farm、Amazon 針點 AWS Identity and Access Management (IAM)、亞馬遜和亞馬遜日誌的其他管理工作流程的許可。 AWS HealthLake GuardDuty CloudWatch

2023 年 2 月 1 日

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Apache 氣流、Amazon AppStream 2.0、Amazon CodeGuru 審閱者 AWS IoT、Amazon Kinesis 影片串流、Amazon 路線 53 應用程式恢復控制器、Amazon 彈性運算雲端 (Amazon EC2) AWS Device Farm、Amazon 針點 AWS Identity and Access Management (IAM)、亞馬遜和亞馬遜日誌的其他管理工作流程的許可。 AWS HealthLake GuardDuty CloudWatch

2023 年 2 月 1 日

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務,此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

 2023 年 1 月 12 日

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援針對 Prometheus、、、、()、 AWS Audit Manager Amazon 彈性運算雲端 AWS Database Migration Service (Amazon EC2 AWS DMS)、 AWS Directory Service、、Amazon Lightsail、、Amazon AWS Glue、 AWS IoT亞馬遜路線 53 應用程式復原控制器 AWS Elemental MediaPackage AWS Network Manager QuickSight AWS Resource Access Manager、亞馬遜簡單儲存服務 (Amazon S3) 和 Amazon Timestream 的亞馬遜受管服務的額外許可。 AWS Device Farm

 2022 年 12 月 15 日

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援針對 Prometheus、、、、()、 AWS Audit Manager Amazon 彈性運算雲端 AWS Database Migration Service (Amazon EC2 AWS DMS)、 AWS Directory Service、、Amazon Lightsail、、Amazon AWS Glue、 AWS IoT亞馬遜路線 53 應用程式復原控制器 AWS Elemental MediaPackage AWS Network Manager QuickSight AWS Resource Access Manager、亞馬遜簡單儲存服務 (Amazon S3) 和 Amazon Timestream 的亞馬遜受管服務的額外許可。 AWS Device Farm

 2022 年 12 月 15 日

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此原則現在會授與傳回指定堆疊之所有資源描述的權限,並傳回狀態符合指定之 AWS CloudFormation 堆疊之摘要資訊的權限StackStatusFilter。

 2022 年 11 月 7 日

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此原則現在會授與傳回指定堆疊之所有資源描述的權限,並傳回狀態符合指定之 AWS CloudFormation 堆疊之摘要資訊的權限StackStatusFilter。

 2022 年 11 月 7 日

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

該政策現在支持其他許可 AWS Certificate Manager, Amazon 管理工作流程 Apache 氣流 AWS Amplify AWS AppConfig,, Amazon Keyspaces, Amazon CloudWatch, Amazon 雲 AWS Glue DataBrew, Amazon 彈性 Kubernetes 服務 (Amazon EKS), Amazon, Amazon Fraud Detector, Amazon FSx, Amazon EventBridge, Amazon Location Service AWS Fault Injection Service, Amazon 萊克斯, 亞馬遜 Lightsail GameLift, 亞 Amazon Pinpoint AWS IoT, 亞馬遜 FSx, 亞馬遜 RDS 關係, 服務 (亞馬遜 QuickSight RDS AWS OpsWorks AWS Panorama AWS Resource Access Manager, 關係)Amazon Rekognition,, AWS RoboMaker, Amazon 路線 53 AWS Resource Groups, Amazon Simple Storage Service (Amazon S3), AWS Cloud Map和. AWS Security Token Service

 2022 年 10 月 19 日

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

該政策現在支持其他許可 AWS Certificate Manager, Amazon 管理工作流程 Apache 氣流 AWS Amplify AWS AppConfig,, Amazon Keyspaces, Amazon CloudWatch, Amazon 雲 AWS Glue DataBrew, Amazon 彈性 Kubernetes 服務 (Amazon EKS), Amazon, Amazon Fraud Detector, Amazon FSx, Amazon EventBridge, Amazon Location Service AWS Fault Injection Service, Amazon 萊克斯, 亞馬遜 Lightsail GameLift, 亞 Amazon Pinpoint AWS IoT, 亞馬遜 FSx, 亞馬遜 RDS 關係, 服務 (亞馬遜 QuickSight RDS AWS OpsWorks AWS Panorama AWS Resource Access Manager, 關係)Amazon Rekognition,, AWS RoboMaker, Amazon 路線 53 AWS Resource Groups, Amazon Simple Storage Service (Amazon S3), AWS Cloud Map和. AWS Security Token Service

 2022 年 10 月 19 日

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此原則現在會授與擷取指定資料 AWS Glue 表之資料目錄中之資料表定義的權限。

 2022 年 9 月 14 日

AWS_ConfigRole – 新增 Glue::GetTable

此原則現在會授與擷取指定資料 AWS Glue 表之資料目錄中之資料表定義的權限。

 2022 年 9 月 14 日

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

該政策現在支持 Amazon,Amazon AppFlow,Amazon CloudWatch 朗姆酒 CloudWatch,Amazon CloudWatch Synthetics 料,Amazon Connect 語音 ID,Amazon DevOps 大師,Amazon Elastic Compute Cloud (Amazon EC2),Amazon EC2 Auto Scaling,Amazon EMR,Amazon EventBridge 模式,Amazon Fraud Detector EventBridge,Amazon Amazon FinSpace,Amazon 交互式視頻服務(Amazon IVS) GameLift,亞馬遜 Flink,EC2 Image Builder,亞馬遜 Lightsail,亞馬遜 Lex 的亞馬遜託管服務Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon 敏捷 StudioAmazon Pinpoint QuickSight, Amazon, Amazon 路線 53 應用程序恢復控制器,, Amazon 簡單存儲服務 (Amazon S3), Amazon Timestream,,,,,,,,,,,, AWS AppConfig,, AWS AppSync, AWS Auto Scaling, AWS Backup,, AWS Budgets, AWS Cost Explorer, AWS Cloud9,, AWS Directory Service, AWS DataSync, Amazon Route 53 Resolver AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker、 AWS Lake Formation、 AWS License Manager AWS Resilience Hub、 AWS Signer、和 AWS Transfer Family。

 2022 年 9 月 7 日

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

該政策現在支持 Amazon,Amazon AppFlow,Amazon CloudWatch 朗姆酒 CloudWatch,Amazon CloudWatch Synthetics 料,Amazon Connect 語音 ID,Amazon DevOps 大師,Amazon Elastic Compute Cloud (Amazon EC2),Amazon EC2 Auto Scaling,Amazon EMR,Amazon EventBridge 模式,Amazon Fraud Detector EventBridge,Amazon Amazon FinSpace,Amazon 交互式視頻服務(Amazon IVS) GameLift,亞馬遜 Flink,EC2 Image Builder,亞馬遜 Lightsail,亞馬遜 Lex 的亞馬遜託管服務Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon 敏捷 StudioAmazon Pinpoint QuickSight, Amazon, Amazon 路線 53 應用程序恢復控制器,, Amazon 簡單存儲服務 (Amazon S3), Amazon Timestream,,,,,,,,,,,, AWS AppConfig,, AWS AppSync, AWS Auto Scaling, AWS Backup,, AWS Budgets, AWS Cost Explorer, AWS Cloud9,, AWS Directory Service, AWS DataSync, Amazon Route 53 Resolver AWS Elemental MediaPackage AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker、 AWS Lake Formation AWS License Manager、 AWS Resilience Hub、 AWS Signer、和 AWS Transfer Family

 2022 年 9 月 7 日
AWSConfigServiceRolePolicy – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries 此政策現在支援 Apache 氣流、Amazon AppStream 2.0、Amazon CodeGuru 審閱者 AWS IoT、Amazon Kinesis 影片串流、Amazon 路線 53 應用程式恢復控制器、Amazon 彈性運算雲端 (Amazon EC2) AWS Device Farm、Amazon 針點 AWS Identity and Access Management (IAM)、亞馬遜和亞馬遜日誌的其他管理工作流程的許可。 AWS HealthLake GuardDuty CloudWatch 2023 年 2 月 1 日

AWS_ConfigRole – 新增 airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

此政策現在支援 Apache 氣流、Amazon AppStream 2.0、Amazon CodeGuru 審閱者 AWS IoT、Amazon Kinesis 影片串流、Amazon 路線 53 應用程式恢復控制器、Amazon 彈性運算雲端 (Amazon EC2) AWS Device Farm、Amazon 針點 AWS Identity and Access Management (IAM)、亞馬遜和亞馬遜日誌的其他管理工作流程的許可。 AWS HealthLake GuardDuty CloudWatch

2023 年 2 月 1 日

ConfigConformsServiceRolePolicy – 更新 config:DescribeConfigRules

作為安全最佳實務,此政策現可移除 config:DescribeConfigRules 的廣泛資源層級許可。

 2023 年 1 月 12 日

AWSConfigServiceRolePolicy – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援針對 Prometheus、、、、()、 AWS Audit Manager Amazon 彈性運算雲端 AWS Database Migration Service (Amazon EC2 AWS DMS)、 AWS Directory Service、、Amazon Lightsail、、Amazon AWS Glue、 AWS IoT亞馬遜路線 53 應用程式復原控制器 AWS Elemental MediaPackage AWS Network Manager QuickSight AWS Resource Access Manager、亞馬遜簡單儲存服務 (Amazon S3) 和 Amazon Timestream 的亞馬遜受管服務的額外許可。 AWS Device Farm

 2022 年 12 月 15 日

AWS_ConfigRole – 新增 APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

此政策現在支援針對 Prometheus、、、、()、 AWS Audit Manager Amazon 彈性運算雲端 AWS Database Migration Service (Amazon EC2 AWS DMS)、 AWS Directory Service、、Amazon Lightsail、、Amazon AWS Glue、 AWS IoT亞馬遜路線 53 應用程式復原控制器 AWS Elemental MediaPackage AWS Network Manager QuickSight AWS Resource Access Manager、亞馬遜簡單儲存服務 (Amazon S3) 和 Amazon Timestream 的亞馬遜受管服務的額外許可。 AWS Device Farm

 2022 年 12 月 15 日

AWSConfigServiceRolePolicy – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此原則現在會授與傳回指定堆疊之所有資源描述的權限,並傳回狀態符合指定之 AWS CloudFormation 堆疊之摘要資訊的權限StackStatusFilter。

 2022 年 11 月 7 日

AWS_ConfigRole – 新增 cloudformation:ListStackResources and cloudformation:ListStacks

此原則現在會授與傳回指定堆疊之所有資源描述的權限,並傳回狀態符合指定之 AWS CloudFormation 堆疊之摘要資訊的權限StackStatusFilter。

 2022 年 11 月 7 日

AWSConfigServiceRolePolicy – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

該政策現在支持其他許可 AWS Certificate Manager, Amazon 管理工作流程 Apache 氣流 AWS Amplify AWS AppConfig,, Amazon Keyspaces, Amazon CloudWatch, Amazon 雲 AWS Glue DataBrew, Amazon 彈性 Kubernetes 服務 (Amazon EKS), Amazon, Amazon Fraud Detector, Amazon FSx, Amazon EventBridge, Amazon Location Service AWS Fault Injection Service, Amazon 萊克斯, 亞馬遜 Lightsail GameLift, 亞 Amazon Pinpoint AWS IoT, 亞馬遜 FSx, 亞馬遜 RDS 關係, 服務 (亞馬遜 QuickSight RDS AWS OpsWorks AWS Panorama AWS Resource Access Manager, 關係)Amazon Rekognition,, AWS RoboMaker, Amazon 路線 53 AWS Resource Groups, Amazon Simple Storage Service (Amazon S3), AWS Cloud Map和. AWS Security Token Service

 2022 年 10 月 19 日

AWS_ConfigRole – 新增 acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

該政策現在支持其他許可 AWS Certificate Manager, Amazon 管理工作流程 Apache 氣流 AWS Amplify AWS AppConfig,, Amazon Keyspaces, Amazon CloudWatch, Amazon 雲 AWS Glue DataBrew, Amazon 彈性 Kubernetes 服務 (Amazon EKS), Amazon, Amazon Fraud Detector, Amazon FSx, Amazon EventBridge, Amazon Location Service AWS Fault Injection Service, Amazon 萊克斯, 亞馬遜 Lightsail GameLift, 亞 Amazon Pinpoint AWS IoT, 亞馬遜 FSx, 亞馬遜 RDS 關係, 服務 (亞馬遜 QuickSight RDS AWS OpsWorks AWS Panorama AWS Resource Access Manager, 關係)Amazon Rekognition,, AWS RoboMaker, Amazon 路線 53 AWS Resource Groups, Amazon Simple Storage Service (Amazon S3), AWS Cloud Map和. AWS Security Token Service

 2022 年 10 月 19 日

AWSConfigServiceRolePolicy – 新增 Glue::GetTable

此原則現在會授與擷取指定資料 AWS Glue 表之資料目錄中之資料表定義的權限。

 2022 年 9 月 14 日

AWS_ConfigRole – 新增 Glue::GetTable

此原則現在會授與擷取指定資料 AWS Glue 表之資料目錄中之資料表定義的權限。

 2022 年 9 月 14 日

AWSConfigServiceRolePolicy – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

該政策現在支持 Amazon,Amazon AppFlow,Amazon CloudWatch 朗姆酒 CloudWatch,Amazon CloudWatch Synthetics 料,Amazon Connect 語音 ID,Amazon DevOps 大師,Amazon Elastic Compute Cloud (Amazon EC2),Amazon EC2 Auto Scaling,Amazon EMR,Amazon EventBridge 模式,Amazon Fraud Detector EventBridge,Amazon Amazon FinSpace,Amazon 交互式視頻服務(Amazon IVS) GameLift,亞馬遜 Flink,EC2 Image Builder,亞馬遜 Lightsail,亞馬遜 Lex 的亞馬遜託管服務Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon 敏捷 StudioAmazon Pinpoint QuickSight, Amazon, Amazon 路線 53 應用程序恢復控制器,, Amazon 簡單存儲服務 (Amazon S3), Amazon Timestream,,,,,,,,,,,,, AWS AppConfig, AWS AppSync,, AWS Auto Scaling, AWS Backup, AWS Budgets,, AWS Cost Explorer, AWS Cloud9, AWS Directory Service,, AWS DataSync, AWS Elemental MediaPackage, Amazon Route 53 Resolver AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation、 AWS License Manager AWS Resilience Hub、 AWS Signer、和 AWS Transfer Family。

 2022 年 9 月 7 日

AWS_ConfigRole – 新增 appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

該政策現在支持 Amazon,Amazon AppFlow,Amazon CloudWatch 朗姆酒 CloudWatch,Amazon CloudWatch Synthetics 料,Amazon Connect 語音 ID,Amazon DevOps 大師,Amazon Elastic Compute Cloud (Amazon EC2),Amazon EC2 Auto Scaling,Amazon EMR,Amazon EventBridge 模式,Amazon Fraud Detector EventBridge,Amazon Amazon FinSpace,Amazon 交互式視頻服務(Amazon IVS) GameLift,亞馬遜 Flink,EC2 Image Builder,亞馬遜 Lightsail,亞馬遜 Lex 的亞馬遜託管服務Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon 敏捷 StudioAmazon Pinpoint QuickSight, Amazon, Amazon 路線 53 應用程序恢復控制器,, Amazon 簡單存儲服務 (Amazon S3), Amazon Timestream,,,,,,,,,,,,, AWS AppConfig, AWS AppSync,, AWS Auto Scaling, AWS Backup, AWS Budgets,, AWS Cost Explorer, AWS Cloud9, AWS Directory Service,, AWS DataSync, AWS Elemental MediaPackage, Amazon Route 53 Resolver AWS Glue AWS IoT AWS IoT Analytics AWS IoT Events AWS IoT SiteWise AWS IoT TwinMaker AWS Lake Formation、 AWS License Manager AWS Resilience Hub、 AWS Signer、和 AWS Transfer Family

 2022 年 9 月 7 日

AWSConfigServiceRolePolicy – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予傳回 AWS DataSync 代理程式清單、 DataSync 來源和目的地位置以及 DataSync 任務的權限 AWS 帳戶;列出與中一個或多個指定 AWS Cloud Map 命名空間關聯的命名空間和服務的摘要資訊 AWS 帳戶;並列出中可用的所有 Amazon Simple Email Service (Amazon SES) 聯絡人清單。 AWS 帳戶

 2022 年 8 月 22 日

AWS_ConfigRole – 新增 datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

此政策現在授予傳回 AWS DataSync 代理程式清單、 DataSync 來源和目的地位置以及 DataSync 任務的權限 AWS 帳戶;列出與中一個或多個指定 AWS Cloud Map 命名空間關聯的命名空間和服務的摘要資訊 AWS 帳戶;並列出中可用的所有 Amazon Simple Email Service (Amazon SES) 聯絡人清單。 AWS 帳戶

 2022 年 8 月 22 日

ConfigConformsServiceRolePolicy – 新增 cloudwatch:PutMetricData

此政策現在授予將指標資料點發佈到 Amazon 的權限 CloudWatch。

 2022 年 7 月 25 日

AWSConfigServiceRolePolicy – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon 彈性容器服務 (Amazon ECS)、Amazon、Amazon FSx、Amazon 管理服務 Apache Flink ElastiCache、Amazon 定位服務 EventBridge、Amazon 卡夫卡、Amazon Rekognition、Amazon 簡單儲存服務 (Amazon S3)、亞馬遜簡單電子郵件服務 (亞馬遜 SES)、亞馬遜管理串流 QuickSight、亞馬遜 Rekognition AWS RoboMaker、亞馬遜簡單儲存服務 (亞馬遜 S3)、亞馬遜簡單電子郵件服務 (亞馬遜 SES) AWS Amplify、亞馬遜管理串流 AWS AppConfig AWS AppSync AWS Billing Conductor、、 AWS DataSync、、 AWS Firewall Manager、、 AWS Glue、、、、 AWS IAM Identity Center IAM Elastic Load Balancing。

 2022 年 7 月 15 日

AWS_ConfigRole – 新增 amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

此政策現在支援 Amazon 彈性容器服務 (Amazon ECS)、Amazon、Amazon FSx、Amazon 管理服務 Apache Flink ElastiCache、Amazon 定位服務 EventBridge、Amazon 卡夫卡、Amazon Rekognition、Amazon 簡單儲存服務 (Amazon S3)、亞馬遜簡單電子郵件服務 (亞馬遜 SES)、亞馬遜管理串流 QuickSight、亞馬遜 Rekognition AWS RoboMaker、亞馬遜簡單儲存服務 (亞馬遜 S3)、亞馬遜簡單電子郵件服務 (亞馬遜 SES) AWS Amplify、亞馬遜管理串流 AWS AppConfig AWS AppSync AWS Billing Conductor、、 AWS DataSync、、 AWS Firewall Manager、、 AWS Glue、、、、 AWS IAM Identity Center IAM Elastic Load Balancing。

 2022 年 7 月 15 日

AWSConfigServiceRolePolicy – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄清單、在 Athena 資料目錄中列出與 Athena 工作群組或資料目錄資源相關聯的標籤的權限;若要取得 Detective 行為圖形的清單 AWS 帳戶、取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單、取得有關指定開發端點的資訊、取得所有開發端點的資訊、取得指定開發端點的所有開發端點的資訊、取得所有 AWS Glue 開發端點的資訊 AWS 帳戶、取得指定 AWS Glue 開發端點的所有開發 AWS Glue 端點的資訊配置,獲取所有 AWS Glue 安全配置,獲取與 AWS Glue 資源關聯的標籤列表,獲取有關具有指定名稱的工作 AWS Glue 組的信息,檢索帳戶中所有 AWS Glue 搜索器資源的名稱,獲取一個中所有 AWS Glue DevEndpoint資源的名稱 AWS 帳戶,列出一個 AWS 帳戶中所有 AWS Glue 作業資源的名稱 AWS 帳戶,獲取有關 AWS Glue 成員帳戶的詳細信息,列出在帳戶中創建的工作 AWS Glue 流程的名稱以及列出帳戶的可用 AWS Glue 工作組;擷取 Amazon GuardDuty 篩選 GuardDuty器的詳細資訊、擷取 GuardDuty IPSet、擷取集 GuardDutyThreatIntel合、擷取 GuardDuty 成員帳戶、取得篩選器清單、取得服務的 IPSet、擷取 GuardDuty 服務標籤,以及取得GuardDuty 服 GuardDuty 務;取得 Amazon Macie 帳戶的目前狀態和組態設定;擷取 AWS Resource Access Manager (AWS RAM) 資源共用的資源和主體關聯,以及擷取有關資源共用的詳細 AWS RAM 資訊; ThreatIntelSets 取得 Amazon Simple Email Service (Amazon SES) 現有組態集的相關資訊、取得與 Amazon SES 組態集關聯的事件目的地清單,以及列出與 Amazon SES 帳戶相關聯的所有組態集;若要取得身分中心目錄屬性清單,取得權限集的詳細資訊、取得指定 IAM 身分中心權限集的 IAM 受管政策、取得 IAM 執行個體許可集的詳細資訊 IAM 身分識別中心的標籤 AWS IAM Identity Center 資源。

 2022 年 5 月 31 日

AWS_ConfigRole – 新增 athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

此政策現在授予取得指定 Amazon Athena 資料目錄清單、在 Athena 資料目錄中列出與 Athena 工作群組或資料目錄資源相關聯的標籤的權限;若要取得 Detective 行為圖形的清單 AWS 帳戶、取得指定 AWS Glue 開發端點名稱清單的資源中繼資料清單、取得有關指定開發端點的資訊、取得所有開發端點的資訊、取得指定開發端點的所有開發端點的資訊、取得所有 AWS Glue 開發端點的資訊 AWS 帳戶、取得指定 AWS Glue 開發端點的所有開發 AWS Glue 端點的資訊配置,獲取所有 AWS Glue 安全配置,獲取與 AWS Glue 資源關聯的標籤列表,獲取有關具有指定名稱的工作 AWS Glue 組的信息,檢索帳戶中所有 AWS Glue 搜索器資源的名稱,獲取一個中所有 AWS Glue DevEndpoint資源的名稱 AWS 帳戶,列出一個 AWS 帳戶中所有 AWS Glue 作業資源的名稱 AWS 帳戶,獲取有關 AWS Glue 成員帳戶的詳細信息,列出在帳戶中創建的工作 AWS Glue 流程的名稱以及列出帳戶的可用 AWS Glue 工作組;擷取 Amazon GuardDuty 篩選 GuardDuty器的詳細資訊、擷取 GuardDuty IPSet、擷取集 GuardDutyThreatIntel合、擷取 GuardDuty 成員帳戶、取得篩選器清單、取得服務的 IPSet、擷取 GuardDuty 服務標籤,以及取得GuardDuty 服 GuardDuty 務;取得 Amazon Macie 帳戶的目前狀態和組態設定;擷取 AWS Resource Access Manager (AWS RAM) 資源共用的資源和主體關聯,以及擷取有關資源共用的詳細 AWS RAM 資訊; ThreatIntelSets 取得 Amazon Simple Email Service (Amazon SES) 現有組態集的相關資訊、取得與 Amazon SES 組態集關聯的事件目的地清單,以及列出與 Amazon SES 帳戶相關聯的所有組態集;若要取得身分中心目錄屬性清單,取得權限集的詳細資訊、取得指定 IAM 身分中心權限集的 IAM 受管政策、取得 IAM 執行個體許可集的詳細資訊 IAM 身分識別中心的標籤 AWS IAM Identity Center 資源。

 2022 年 5 月 31 日

AWSConfigServiceRolePolicy – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此原則現在授與取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 相關資訊的權限、取得有關全部或指定 AWS CloudFormation 資源的資訊、取得 DynamoDB 加速器 (DAX) 參數群組或子網路群組的清單、取得有關 AWS Database Migration Service (AWS DMS) 目前存取區域中帳戶複寫工作的資訊,以及取得指定類型的所有原則清單。 AWS Organizations

2022 年 4 月 7 日

AWS_ConfigRole – 新增 cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

此原則現在授與取得所有或指定 AWS CloudTrail 事件資料存放區 (EDS) 相關資訊的權限、取得有關全部或指定 AWS CloudFormation 資源的資訊、取得 DynamoDB 加速器 (DAX) 參數群組或子網路群組的清單、取得有關 AWS Database Migration Service (AWS DMS) 目前存取區域中帳戶複寫工作的資訊,以及取得指定類型的所有原則清單。 AWS Organizations

2022 年 4 月 7 日

AWSConfigServiceRolePolicy – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援 DynamoDB 加速器 AWS Backup AWS Batch、Amazon DynamoDB AWS Database Migration Service、Amazon 彈性運算雲端 (Amazon EC2)、亞馬 Amazon Elastic Kubernetes Service、Amazon FSx、Amazon Relational Database Service 服務、V2 和 Amazon GuardDuty 的其他許可。 AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces

 2022 年 3 月 14 日

AWS_ConfigRole – 新增 backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

此政策現在支援 DynamoDB 加速器 AWS Backup AWS Batch、Amazon DynamoDB AWS Database Migration Service、Amazon 彈性運算雲端 (Amazon EC2)、亞馬 Amazon Elastic Kubernetes Service、Amazon FSx、Amazon Relational Database Service 服務、V2 和 Amazon GuardDuty 的其他許可。 AWS Key Management Service AWS OpsWorks AWS WAF WorkSpaces

 2022 年 3 月 14 日

AWSConfigServiceRolePolicy – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予權限,以取得有關 Elastic Beanstalk 環境的詳細資料以及指定 Elastic Beanstalk 組態集的設定說明、取得 OpenSearch 或 Elasticsearch 版本的對應、描述資料庫的可用 Amazon RDS 選項群組,以及取得有關部署組態的資訊。 CodeDeploy 此政策現在也授與權限,可擷取附加至某個 AWS 帳戶指定的替代聯絡人、擷取有關 AWS Organizations 政策的資訊、擷取 Amazon ECR 儲存庫政策、擷取存檔 AWS Config 規則的資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OU),以及列出附加到指定目標根、組織單位或帳戶的政策。

 2022 年 2 月 10 日

AWS_ConfigRole – 新增 elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

此政策現在授予權限,以取得有關 Elastic Beanstalk 環境的詳細資料以及指定 Elastic Beanstalk 組態集的設定說明、取得 OpenSearch 或 Elasticsearch 版本的對應、描述資料庫的可用 Amazon RDS 選項群組,以及取得有關部署組態的資訊。 CodeDeploy 此政策現在也授與權限,可擷取附加至某個 AWS 帳戶指定的替代聯絡人、擷取有關 AWS Organizations 政策的資訊、擷取 Amazon ECR 儲存庫政策、擷取存檔 AWS Config 規則的資訊、擷取 Amazon ECS 任務定義系列清單、列出指定子 OU 或帳戶的根或父組織單位 (OU),以及列出附加到指定目標根、組織單位或帳戶的政策。

 2022 年 2 月 10 日

AWSConfigServiceRolePolicy – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予建立 Amazon 日 CloudWatch 誌群組和串流的權限,以及將日誌寫入建立的日誌串流。

 2021 年 12 月 15 日

AWS_ConfigRole – 新增 logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

此政策現在授予建立 Amazon 日 CloudWatch 誌群組和串流的權限,以及將日誌寫入建立的日誌串流。

 2021 年 12 月 15 日

AWSConfigServiceRolePolicy – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予取得 Amazon OpenSearch 服務 (服OpenSearch 務) 網域/網域詳細資料的權限,以及取得特定 Amazon 關聯式資料庫服務 (Amazon RDS) 資料庫參數群組的詳細參數清單的權限。此政策還授予獲得有關 Amazon ElastiCache 快照詳細資訊的許可。

 2021 年 9 月 8 日

AWS_ConfigRole – 新增 es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

此政策現在授予取得 Amazon OpenSearch 服務 (服OpenSearch 務) 網域/網域詳細資料的權限,以及取得特定 Amazon 關聯式資料庫服務 (Amazon RDS) 資料庫參數群組的詳細參數清單的權限。此政策還授予獲得有關 Amazon ElastiCache 快照詳細資訊的許可。

 2021 年 9 月 8 日

AWSConfigServiceRolePolicy— AWS 資源類型的新增logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine和其他權限

此政策現在授予的許可,可列出日誌群組標籤、列出狀態機器標籤,以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。該政策現在還支持 Amazon EC2 Systems Manager(SSM),Amazon 彈性容器註冊表,Amazon FSX,Amazon 數據火狐,阿帕奇卡夫卡 Amazon 託管流(Amazon MSK),Amazon Relational Database Service(Amazon RDS),Amazon 路線 53,Amazon 簡單通知服務 SageMaker,和。 AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway

 2021 年 7 月 28 日

AWS_ConfigRole— 新增 l ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine 和 AWS 資源類型的其他權限

此政策現在授予的許可,可列出日誌群組標籤、列出狀態機器標籤,以及列出所有狀態機器。此政策現在會授予可取得狀態機器詳細資訊的許可。該政策現在還支持 Amazon EC2 Systems Manager(SSM),Amazon 彈性容器註冊表,Amazon FSX,Amazon 數據火狐,阿帕奇卡夫卡 Amazon 託管流(Amazon MSK),Amazon Relational Database Service(Amazon RDS),Amazon 路線 53,Amazon 簡單通知服務 SageMaker,和。 AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway

 2021 年 7 月 28 日

AWSConfigServiceRolePolicy— 為 AWS 資源類型添加ssm:DescribeDocumentPermission和其他權限

此政策現在會授予可檢視 AWS Systems Manager 文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon、Amazon EMR ElastiCache、亞馬遜路線 53 和 Amazon Relational Database Service 服務 (Amazon RDS) 的其他 AWS 資源類型。 AWS Network Firewall這些權限變更 AWS Config 允許叫用支援這些資源類型所需的唯讀 API。此原則現在也支援針對 vpc AWS Config 部受管規則篩選 Lambda @Edge 函數。

 2021 年 6 月 8 日

AWS_ConfigRole— 為 AWS 資源類型添加ssm:DescribeDocumentPermission和其他權限

此政策現在會授予可檢視 AWS Systems Manager 文件許可和 IAM Access Analyzer 相關資訊的許可。此政策現在支援 Amazon Kinesis、Amazon、Amazon EMR ElastiCache、亞馬遜路線 53 和 Amazon Relational Database Service 服務 (Amazon RDS) 的其他 AWS 資源類型。 AWS Network Firewall這些權限變更 AWS Config 允許叫用支援這些資源類型所需的唯讀 API。此原則現在也支援針對 vpc AWS Config 部受管規則篩選 Lambda @Edge 函數。

 2021 年 6 月 8 日

AWSConfigServiceRolePolicy - 新增可向 API Gateway 發出唯讀 GET 呼叫的 apigateway:GET 許可,以及可調用 Amazon S3 唯讀 API 的 s3:GetAccessPointPolicy 許可和 s3:GetAccessPointPolicyStatus 許可

此原則現在會授與允許 AWS Config 對 API Gateway 進行唯讀 GET 呼叫以支援 API Gateway AWS Config 規則的權限。該政策還新增許可, AWS Config 允許叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 API,這些 API 是支援新AWS::S3::AccessPoint資源類型所需的。

 2021 年 5 月 10 日

AWS_ ConfigRole — 新增apigateway:GET對 API Gateway 進行唯讀 GET 呼叫的s3:GetAccessPointPolicy權限,以及叫用 Amazon S3 唯讀 API 的s3:GetAccessPointPolicyStatus許可和許可

此原則現在授與允 AWS Config 許 AWS Config 對 API Gateway 進行唯讀 GET 呼叫以支援 API Gateway 的權限。該政策還新增許可, AWS Config 允許叫用 Amazon Simple Storage Service (Amazon S3) 唯讀 API,這些 API 是支援新AWS::S3::AccessPoint資源類型所需的。

 2021 年 5 月 10 日

AWSConfigServiceRolePolicy— 為 AWS 資源類型添加ssm:ListDocuments權限和其他權限

此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在還支援 Amazon 彈性檔案系統 AWS Backup、Amazon、Amazon 簡單儲存服務 (Amazon S3) ElastiCache、亞馬遜彈性運算雲 (Amazon EC2)、亞馬遜 Kinesis、亞馬遜和亞馬遜 SageMaker路線 53 的其他 AWS 資源類型。 AWS Database Migration Service這些權限變更 AWS Config 允許叫用支援這些資源類型所需的唯讀 API。

 2021 年 4 月 1 日

AWS_ConfigRole— 為 AWS 資源類型添加ssm:ListDocuments權限和其他權限

此政策現在會授予可檢視 AWS Systems Manager 指定文件相關資訊的許可。此政策現在還支援 Amazon 彈性檔案系統 AWS Backup、Amazon、Amazon 簡單儲存服務 (Amazon S3) ElastiCache、亞馬遜彈性運算雲 (Amazon EC2)、亞馬遜 Kinesis、亞馬遜和亞馬遜 SageMaker路線 53 的其他 AWS 資源類型。 AWS Database Migration Service這些權限變更 AWS Config 允許叫用支援這些資源類型所需的唯讀 API。

 2021 年 4 月 1 日

AWSConfigRole 已棄用

AWSConfigRole 已棄用。替換政策是 AWS_ConfigRole

 2021 年 4 月 1 日

AWS Config 開始追蹤變更

AWS Config 開始追蹤其 AWS 受管理策略的變更。

 2021 年 4 月 1 日