Skip to content

Instantly share code, notes, and snippets.

@0xdabbad00

0xdabbad00/extract.py

Last active March 22, 2021 23:37
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save 0xdabbad00/581714de8f0957fce30efcb1634785a9 to your computer and use it in GitHub Desktop.
Save 0xdabbad00/581714de8f0957fce30efcb1634785a9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
extract.py
#!/usr/bin/env python
from os import listdir
from os.path import isfile, join
import re
import json
from bs4 import BeautifulSoup
"""
Setup
-----
# Install libraries
pip install beautifulsoup4
# Download files
wget -r -np -k -A .html -nc https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
"""
def chomp(string):
"""This chomp cleans up all white-space, not just at the ends"""
response = string.replace('\n', ' ') # Convert line ends to spaces
response = re.sub(' [ ]*', ' ', response) # Truncate multiple spaces to single space
response = re.sub('^[\W]*', '', response) # Clean start
return re.sub('[\W]*$', '', response) # Clean end
mypath = './docs.aws.amazon.com/IAM/latest/UserGuide/'
schema = []
for filename in [f for f in listdir(mypath) if isfile(join(mypath, f))]:
if not filename.startswith("list_"):
continue
with open(mypath+filename, 'r') as f:
soup = BeautifulSoup(f.read(), 'html.parser')
main_content = soup.find(id="main-content")
if main_content is None:
continue
# Get service name
title = main_content.find('h1', class_="topictitle")
title = re.sub('.*Actions, Resources, and Condition Keys for *', '', str(title))
title = title.replace('</h1>', '')
service_name = chomp(title)
service_schema = {'service_name': service_name, 'privileges': []}
tables = main_content.find_all('div', class_="table-contents")
for table in tables:
# There can be 3 tables, the actions table, an ARN table, and a condition key table
# Example: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssecuritytokenservice.html
if '<th>Actions</th>' not in [str(x) for x in table.find_all('th')]:
continue
for row in table.find_all('tr'):
cells = row.find_all('td')
if len(cells) == 0:
# Skip the header row, which has th, not td cells
continue
if len(cells) != 6:
# Sometimes the privilege might span multiple rows.
# Example: amazonroute53-DisassociateVPCFromHostedZone
# at https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonroute53.html
# TODO: Handle this situation. Currently, I only use the first row
continue
priv = ''
# Get the privilege
for link in cells[0].find_all('a'):
if 'href' not in link.attrs:
# Skip the <a id='...'> tags
continue
priv = chomp(link.text)
if priv == '':
continue
description = chomp(cells[1].text)
access_level = chomp(cells[2].text)
resource_types = chomp(cells[3].text)
condition_keys_element = cells[4]
condition_keys = []
if condition_keys_element.text != '':
for key_element in condition_keys_element.find_all('p'):
condition_keys.append(chomp(key_element.text))
dependent_actions_element = cells[5]
dependent_actions = []
if dependent_actions_element.text != '':
for action_element in dependent_actions_element.find_all('p'):
dependent_actions.append(chomp(action_element.text))
privilege_schema = {
'privilege': priv,
'description': description,
'access_level': access_level,
'resource_types': resource_types,
'condition_keys': condition_keys,
'dependent_actions': dependent_actions
}
service_schema['privileges'].append(privilege_schema)
schema.append(service_schema)
print(json.dumps(schema))
Raw
privileges.json
[
{
"service_name": "AWS Config",
"privileges": [
{
"resource_types": "ConfigurationAggregator",
"description": "Returns the current configuration items for resources that are present in your AWS Config aggregator",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetAggregateResourceConfig"
},
{
"resource_types": "",
"description": "Returns the current configuration for one or more requested resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetResourceConfig"
},
{
"resource_types": "AggregationAuthorization",
"description": "Deletes the authorization granted to the specified configuration aggregator account in a specified region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAggregationAuthorization"
},
{
"resource_types": "ConfigRule",
"description": "Deletes the specified AWS Config rule and all of its evaluation results",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigRule"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Deletes the specified configuration aggregator and the aggregated data associated with the aggregator",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigurationAggregator"
},
{
"resource_types": "",
"description": "Deletes the configuration recorder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigurationRecorder"
},
{
"resource_types": "",
"description": "Deletes the delivery channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDeliveryChannel"
},
{
"resource_types": "ConfigRule",
"description": "Deletes the evaluation results for the specified Config rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEvaluationResults"
},
{
"resource_types": "",
"description": "Deletes pending authorization requests for a specified aggregator account in a specified region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePendingAggregationRequest"
},
{
"resource_types": "",
"description": "Deletes the retention configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRetentionConfiguration"
},
{
"resource_types": "",
"description": "Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DeliverConfigSnapshot"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAggregateComplianceByConfigRules"
},
{
"resource_types": "",
"description": "Returns a list of authorizations granted to various aggregator accounts and regions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAggregationAuthorizations"
},
{
"resource_types": "ConfigRule",
"description": "Indicates whether the specified AWS Config rules are compliant",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeComplianceByConfigRule"
},
{
"resource_types": "",
"description": "Indicates whether the specified AWS resources are compliant",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeComplianceByResource"
},
{
"resource_types": "ConfigRule",
"description": "Returns status information for each of your AWS managed Config rules",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigRuleEvaluationStatus"
},
{
"resource_types": "ConfigRule",
"description": "Returns details about your AWS Config rules",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigRules"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns status information for sources within an aggregator",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigurationAggregatorSourcesStatus"
},
{
"resource_types": "",
"description": "Returns the details of one or more configuration aggregators",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigurationAggregators"
},
{
"resource_types": "",
"description": "Returns the current status of the specified configuration recorder",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigurationRecorderStatus"
},
{
"resource_types": "",
"description": "Returns the name of one or more specified configuration recorders",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConfigurationRecorders"
},
{
"resource_types": "",
"description": "Returns the current status of the specified delivery channel",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDeliveryChannelStatus"
},
{
"resource_types": "",
"description": "Returns details about the specified delivery channel",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDeliveryChannels"
},
{
"resource_types": "",
"description": "Returns a list of all pending aggregation requests",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePendingAggregationRequests"
},
{
"resource_types": "",
"description": "Returns the details of one or more retention configurations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeRetentionConfigurations"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns the evaluation results for the specified AWS Config rule for a specific resource in a rule",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAggregateComplianceDetailsByConfigRule"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAggregateConfigRuleComplianceSummary"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns the resource counts across accounts and regions that are present in your AWS Config aggregator",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAggregateDiscoveredResourceCounts"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Returns configuration item that is aggregated for your specific resource in a specific source account and region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAggregateResourceConfig"
},
{
"resource_types": "ConfigRule",
"description": "Returns the evaluation results for the specified AWS Config rule",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetComplianceDetailsByConfigRule"
},
{
"resource_types": "",
"description": "Returns the evaluation results for the specified AWS resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetComplianceDetailsByResource"
},
{
"resource_types": "",
"description": "Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetComplianceSummaryByConfigRule"
},
{
"resource_types": "",
"description": "Returns the number of resources that are compliant and the number that are noncompliant",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetComplianceSummaryByResourceType"
},
{
"resource_types": "",
"description": "Returns the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDiscoveredResourceCounts"
},
{
"resource_types": "",
"description": "Returns a list of configuration items for the specified resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetResourceConfigHistory"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAggregateDiscoveredResources"
},
{
"resource_types": "",
"description": "Accepts a resource type and returns a list of resource identifiers for the resources of that type",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDiscoveredResources"
},
{
"resource_types": "AggregationAuthorization",
"description": "Authorizes the aggregator account and region to collect data from the source account and region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAggregationAuthorization"
},
{
"resource_types": "ConfigRule",
"description": "Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutConfigRule"
},
{
"resource_types": "ConfigurationAggregator",
"description": "Creates and updates the configuration aggregator with the selected source accounts and regions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutConfigurationAggregator"
},
{
"resource_types": "",
"description": "Creates a new configuration recorder to record the selected resource configurations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutConfigurationRecorder"
},
{
"resource_types": "",
"description": "Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutDeliveryChannel"
},
{
"resource_types": "",
"description": "Used by an AWS Lambda function to deliver evaluation results to AWS Config",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutEvaluations"
},
{
"resource_types": "",
"description": "Creates and updates the retention configuration with details about retention period (number of days) that AWS Config stores your historical information",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutRetentionConfiguration"
},
{
"resource_types": "ConfigRule",
"description": "Evaluates your resources against the specified Config rules",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartConfigRulesEvaluation"
},
{
"resource_types": "",
"description": "Starts recording configurations of the AWS resources you have selected to record in your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartConfigurationRecorder"
},
{
"resource_types": "",
"description": "Stops recording configurations of the AWS resources you have selected to record in your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopConfigurationRecorder"
}
]
},
{
"service_name": "AWS Service Catalog",
"privileges": [
{
"resource_types": "",
"description": "Accepts a portfolio that has been shared with you",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptPortfolioShare"
},
{
"resource_types": "",
"description": "Associates an IAM principal with a portfolio, giving the specified principal access to any products associated with the specified portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociatePrincipalWithPortfolio"
},
{
"resource_types": "",
"description": "Associates a product with a portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateProductWithPortfolio"
},
{
"resource_types": "",
"description": "Creates a constraint on an associated product and portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConstraint"
},
{
"resource_types": "",
"description": "Creates a portfolio",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreatePortfolio"
},
{
"resource_types": "",
"description": "Shares a portfolio you own with another AWS account",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreatePortfolioShare"
},
{
"resource_types": "",
"description": "Creates a product and that product's first provisioning artifact",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateProduct"
},
{
"resource_types": "",
"description": "Adds a new provisioned product plan",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateProvisionedProductPlan"
},
{
"resource_types": "",
"description": "Adds a new provisioning artifact to an existing product",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProvisioningArtifact"
},
{
"resource_types": "",
"description": "Removes and deletes an existing constraint from an associated product and portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConstraint"
},
{
"resource_types": "",
"description": "Deletes a portfolio if all associations and shares have been removed from the portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePortfolio"
},
{
"resource_types": "",
"description": "Unshares a portfolio you own from an AWS account you previously shared the portfolio with",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeletePortfolioShare"
},
{
"resource_types": "",
"description": "Deletes a product if all associations have been removed from the product",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProduct"
},
{
"resource_types": "",
"description": "Deletes a provisioned product plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProvisionedProductPlan"
},
{
"resource_types": "",
"description": "Deletes a provisioning artifact from a product",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProvisioningArtifact"
},
{
"resource_types": "",
"description": "Describes a constraint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConstraint"
},
{
"resource_types": "",
"description": "Describes a portfolio",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePortfolio"
},
{
"resource_types": "",
"description": "Describes a product as an end-user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProduct"
},
{
"resource_types": "",
"description": "Describes a product as an admin",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProductAsAdmin"
},
{
"resource_types": "",
"description": "Describes a product as an end-user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProductView"
},
{
"resource_types": "",
"description": "Describes a provisioned product",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProvisionedProduct"
},
{
"resource_types": "",
"description": "Describes a provisioned product plan",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProvisionedProductPlan"
},
{
"resource_types": "",
"description": "Describes a provisioning artifact",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProvisioningArtifact"
},
{
"resource_types": "",
"description": "Describes the parameters that you need to specify to successfully provision a specified provisioning artifact",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProvisioningParameters"
},
{
"resource_types": "",
"description": "Describes a record and lists any outputs",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRecord"
},
{
"resource_types": "",
"description": "Disassociates an IAM principal from a portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociatePrincipalFromPortfolio"
},
{
"resource_types": "",
"description": "Disassociates a product from a portfolio",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateProductFromPortfolio"
},
{
"resource_types": "",
"description": "Executes a provisioned product plan",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "ExecuteProvisionedProductPlan"
},
{
"resource_types": "",
"description": "Executes a provisioned product plan",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "ExecuteProvisionedProductServiceAction"
},
{
"resource_types": "",
"description": "Lists the portfolios that have been shared with you and you have accepted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAcceptedPortfolioShares"
},
{
"resource_types": "",
"description": "Lists constraints associated with a given portfolio",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListConstraintsForPortfolio"
},
{
"resource_types": "",
"description": "Lists the different ways to launch a given product as an end-user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLaunchPaths"
},
{
"resource_types": "",
"description": "Lists the AWS accounts you have shared a given portfolio with",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPortfolioAccess"
},
{
"resource_types": "",
"description": "Lists the portfolios in your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPortfolios"
},
{
"resource_types": "",
"description": "Lists the portfolios associated with a given product",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPortfoliosForProduct"
},
{
"resource_types": "",
"description": "Lists the IAM principals associated with a given portfolio",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPrincipalsForPortfolio"
},
{
"resource_types": "",
"description": "Lists the provisioned product plans",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProvisionedProductPlans"
},
{
"resource_types": "",
"description": "Lists the provisioning artifacts associated with a given product",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProvisioningArtifacts"
},
{
"resource_types": "",
"description": "Lists all the records in your account or all the records related to a given provisioned product",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRecordHistory"
},
{
"resource_types": "",
"description": "Lists all the service actions in your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListServiceActionsForProvisioningArtifact"
},
{
"resource_types": "",
"description": "Provisions a product with a specified provisioning artifact and launch parameters",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "ProvisionProduct"
},
{
"resource_types": "",
"description": "Rejects a portfolio that has been shared with you that you previously accepted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RejectPortfolioShare"
},
{
"resource_types": "",
"description": "Lists all the provisioned products in your account",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "ScanProvisionedProducts"
},
{
"resource_types": "",
"description": "Lists the products available to you as an end-user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "SearchProducts"
},
{
"resource_types": "",
"description": "Lists all the products in your account or all the products associated with a given portfolio",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "SearchProductsAsAdmin"
},
{
"resource_types": "",
"description": "Lists all the provisioned products in your account",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "SearchProvisionedProducts"
},
{
"resource_types": "",
"description": "Terminates an existing provisioned product",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateProvisionedProduct"
},
{
"resource_types": "",
"description": "Updates the metadata fields of an existing constraint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConstraint"
},
{
"resource_types": "",
"description": "Updates the metadata fields and/or tags of an existing portfolio",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UpdatePortfolio"
},
{
"resource_types": "",
"description": "Updates the metadata fields and/or tags of an existing product",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UpdateProduct"
},
{
"resource_types": "",
"description": "Updates an existing provisioned product",
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProvisionedProduct"
},
{
"resource_types": "",
"description": "Updates the metadata fields of an existing provisioning artifact",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProvisioningArtifact"
}
]
},
{
"service_name": "AWS WAF",
"privileges": [
{
"resource_types": "bytematchset",
"description": "Creates a ByteMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateByteMatchSet"
},
{
"resource_types": "geomatchset",
"description": "Creates a GeoMatchSet, which you use to specify which web requests you want to allow or block based on the country that the requests originate from",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGeoMatchSet"
},
{
"resource_types": "ipset",
"description": "Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateIPSet"
},
{
"resource_types": "ratebasedrule",
"description": "Creates a RateBasedRule, which contains a RateLimit specifying the maximum number of requests that AWS WAF allows from a specified IP address in a five-minute period",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRateBasedRule"
},
{
"resource_types": "regexmatchset",
"description": "Creates a RegexMatchSet, which you use to specify which web requests you want to allow or block based on the regex patterns you specified in a RegexPatternSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRegexMatchSet"
},
{
"resource_types": "regexpatternset",
"description": "Creates a RegexPatternSet, which you use to specify the regular expression (regex) pattern that you want AWS WAF to search for",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRegexPatternSet"
},
{
"resource_types": "rule",
"description": "Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to block",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRule"
},
{
"resource_types": "rulegroup",
"description": "Creates a RuleGroup. A rule group is a collection of predefined rules that you add to a WebACL",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRuleGroup"
},
{
"resource_types": "sizeconstraintset",
"description": "Creates a SizeConstraintSet, which you use to identify the part of a web request that you want to check for length",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSizeConstraintSet"
},
{
"resource_types": "sqlinjectionmatchset",
"description": "Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSqlInjectionMatchSet"
},
{
"resource_types": "webacl",
"description": "Creates a WebACL, which contains the Rules that identify the CloudFront web requests that you want to allow, block, or count",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreateWebACL"
},
{
"resource_types": "xssmatchset",
"description": "Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateXssMatchSet"
},
{
"resource_types": "bytematchset",
"description": "Permanently deletes a ByteMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteByteMatchSet"
},
{
"resource_types": "geomatchset",
"description": "Permanently deletes an GeoMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGeoMatchSet"
},
{
"resource_types": "ipset",
"description": "Permanently deletes an IPSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIPSet"
},
{
"resource_types": "rulegroup",
"description": "Permanently deletes an IAM policy from the specified RuleGroup",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeletePermissionPolicy"
},
{
"resource_types": "ratebasedrule",
"description": "Permanently deletes a RateBasedRule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRateBasedRule"
},
{
"resource_types": "regexmatchset",
"description": "Permanently deletes an RegexMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRegexMatchSet"
},
{
"resource_types": "regexpatternset",
"description": "Permanently deletes an RegexPatternSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRegexPatternSet"
},
{
"resource_types": "rule",
"description": "Permanently deletes a Rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRule"
},
{
"resource_types": "rulegroup",
"description": "Permanently deletes a RuleGroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRuleGroup"
},
{
"resource_types": "sizeconstraintset",
"description": "Permanently deletes a SizeConstraintSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSizeConstraintSet"
},
{
"resource_types": "sqlinjectionmatchset",
"description": "Permanently deletes a SqlInjectionMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSqlInjectionMatchSet"
},
{
"resource_types": "webacl",
"description": "Permanently deletes a WebACL",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteWebACL"
},
{
"resource_types": "xssmatchset",
"description": "Permanently deletes an XssMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteXssMatchSet"
},
{
"resource_types": "bytematchset",
"description": "Returns the ByteMatchSet specified by ByteMatchSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetByteMatchSet"
},
{
"resource_types": "",
"description": "When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetChangeToken"
},
{
"resource_types": "",
"description": "Returns the status of a ChangeToken that you got by calling GetChangeToken",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetChangeTokenStatus"
},
{
"resource_types": "geomatchset",
"description": "Returns the GeoMatchSet specified by GeoMatchSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGeoMatchSet"
},
{
"resource_types": "ipset",
"description": "Returns the IPSet that is specified by IPSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIPSet"
},
{
"resource_types": "rulegroup",
"description": "Returns the IAM policy attached to the RuleGroup",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPermissionPolicy"
},
{
"resource_types": "ratebasedrule",
"description": "Returns the RateBasedRule that is specified by the RuleId that you included in the GetRateBasedRule request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRateBasedRule"
},
{
"resource_types": "ratebasedrule",
"description": "Returns an array of IP addresses currently being blocked by the RateBasedRule that is specified by the RuleId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRateBasedRuleManagedKeys"
},
{
"resource_types": "regexmatchset",
"description": "Returns the RegexMatchSet specified by RegexMatchSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRegexMatchSet"
},
{
"resource_types": "regexpatternset",
"description": "Returns the RegexPatternSet specified by RegexPatternSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRegexPatternSet"
},
{
"resource_types": "rule",
"description": "Returns the Rule that is specified by the RuleId that you included in the GetRule request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRule"
},
{
"resource_types": "rulegroup",
"description": "Returns the RuleGroup that is specified by the RuleGroupId that you included in the GetRuleGroup request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRuleGroup"
},
{
"resource_types": "rule",
"description": "Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSampledRequests"
},
{
"resource_types": "sizeconstraintset",
"description": "Returns the SizeConstraintSet specified by SizeConstraintSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSizeConstraintSet"
},
{
"resource_types": "sqlinjectionmatchset",
"description": "Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSqlInjectionMatchSet"
},
{
"resource_types": "webacl",
"description": "Returns the WebACL that is specified by WebACLId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetWebACL"
},
{
"resource_types": "xssmatchset",
"description": "Returns the XssMatchSet that is specified by XssMatchSetId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetXssMatchSet"
},
{
"resource_types": "",
"description": "Returns an array of ActivatedRule objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListActivatedRulesInRuleGroup"
},
{
"resource_types": "",
"description": "Returns an array of ByteMatchSetSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListByteMatchSets"
},
{
"resource_types": "",
"description": "Returns an array of GeoMatchSetSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGeoMatchSets"
},
{
"resource_types": "",
"description": "Returns an array of IPSetSummary objects in the response",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListIPSets"
},
{
"resource_types": "",
"description": "Returns an array of RuleSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRateBasedRules"
},
{
"resource_types": "",
"description": "Returns an array of RegexMatchSetSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRegexMatchSets"
},
{
"resource_types": "",
"description": "Returns an array of RegexPatternSetSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRegexPatternSets"
},
{
"resource_types": "",
"description": "Returns an array of RuleGroup objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRuleGroups"
},
{
"resource_types": "",
"description": "Returns an array of RuleSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRules"
},
{
"resource_types": "",
"description": "Returns an array of SizeConstraintSetSummary objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSizeConstraintSets"
},
{
"resource_types": "",
"description": "Returns an array of SqlInjectionMatchSet objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSqlInjectionMatchSets"
},
{
"resource_types": "",
"description": "Returns an array of RuleGroup objects that you are subscribed to",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSubscribedRuleGroups"
},
{
"resource_types": "",
"description": "Returns an array of WebACLSummary objects in the response",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListWebACLs"
},
{
"resource_types": "",
"description": "Returns an array of XssMatchSet objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListXssMatchSets"
},
{
"resource_types": "rulegroup",
"description": "Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutPermissionPolicy"
},
{
"resource_types": "bytematchset",
"description": "Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateByteMatchSet"
},
{
"resource_types": "geomatchset",
"description": "Inserts or deletes GeoMatchConstraint objects in a GeoMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGeoMatchSet"
},
{
"resource_types": "ipset",
"description": "Inserts or deletes IPSetDescriptor objects in an IPSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateIPSet"
},
{
"resource_types": "ratebasedrule",
"description": "Inserts or deletes Predicate objects in a rule and updates the RateLimit in the rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRateBasedRule"
},
{
"resource_types": "regexmatchset",
"description": "Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRegexMatchSet"
},
{
"resource_types": "regexpatternset",
"description": "Inserts or deletes RegexPatternStrings in a RegexPatternSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRegexPatternSet"
},
{
"resource_types": "rule",
"description": "Inserts or deletes Predicate objects in a Rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRule"
},
{
"resource_types": "rulegroup",
"description": "Inserts or deletes ActivatedRule objects in a RuleGroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRuleGroup"
},
{
"resource_types": "sizeconstraintset",
"description": "Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSizeConstraintSet"
},
{
"resource_types": "sqlinjectionmatchset",
"description": "Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSqlInjectionMatchSet"
},
{
"resource_types": "webacl",
"description": "Inserts or deletes ActivatedRule objects in a WebACL",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "UpdateWebACL"
},
{
"resource_types": "xssmatchset",
"description": "Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateXssMatchSet"
}
]
},
{
"service_name": "Amazon Elastic MapReduce",
"privileges": [
{
"resource_types": "",
"description": "Adds instance groups to a running cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddInstanceGroups"
},
{
"resource_types": "",
"description": "Adds new steps to a running job flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddJobFlowSteps"
},
{
"resource_types": "",
"description": "Adds tags to an Amazon EMR resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "",
"description": "Cancels a pending step or steps in a running cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelSteps"
},
{
"resource_types": "",
"description": "Creates a security configuration which is stored in the service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSecurityConfiguration"
},
{
"resource_types": "",
"description": "Deletes a security configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSecurityConfiguration"
},
{
"resource_types": "",
"description": "Provides cluster-level details including status, hardware and software configuration, VPC settings, and so on",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCluster"
},
{
"resource_types": "",
"description": "Provides the details of a security configuration by returning the configuration JSON",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSecurityConfiguration"
},
{
"resource_types": "",
"description": "Provides more detail about the cluster step",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStep"
},
{
"resource_types": "",
"description": "Provides information about the bootstrap actions associated with a cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBootstrapActions"
},
{
"resource_types": "",
"description": "Provides the status of all clusters visible to this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListClusters"
},
{
"resource_types": "",
"description": "Provides all available details about the instance groups in a cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInstanceGroups"
},
{
"resource_types": "",
"description": "Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when it creates the cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInstances"
},
{
"resource_types": "",
"description": "Lists all the security configurations visible to this account, providing their creation dates and times, and their names",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSecurityConfigurations"
},
{
"resource_types": "",
"description": "Provides a list of steps for the cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSteps"
},
{
"resource_types": "",
"description": "Modifies the number of nodes and configuration settings of an instance group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyInstanceGroups"
},
{
"resource_types": "",
"description": "Modifies the number of nodes and configuration settings of an instance group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAutoScalingPolicy"
},
{
"resource_types": "",
"description": "Removes an automatic scaling policy from a specified instance group within an EMR cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveAutoScalingPolicy"
},
{
"resource_types": "",
"description": "Removes tags from an Amazon EMR resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "",
"description": "Creates and starts running a new job flow",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RunJobFlow"
},
{
"resource_types": "",
"description": "Locks a job flow so the Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetTerminationProtection"
},
{
"resource_types": "",
"description": "Sets whether all AWS Identity and Access Management (IAM) users under your account can access the specified job flows",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetVisibleToAllUsers"
},
{
"resource_types": "",
"description": "Shuts a list of job flows down",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateJobFlows"
}
]
},
{
"service_name": "AWS Serverless Application Repository",
"privileges": []
},
{
"service_name": "Amazon WorkSpaces",
"privileges": [
{
"resource_types": "",
"description": "Creates tags for a WorkSpace",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateTags"
},
{
"resource_types": "workspacebundle",
"description": "Creates one or more WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateWorkspaces"
},
{
"resource_types": "",
"description": "Deletes tags from a Workspace",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "",
"description": "Describes tags for a WorkSpace",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "workspacebundle",
"description": "Obtains information about the WorkSpace bundles that are available to your account in the specified region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeWorkspaceBundles"
},
{
"resource_types": "",
"description": "Retrieves information about the AWS Directory Service directories in the region that are registered with Amazon WorkSpaces and are available to your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeWorkspaceDirectories"
},
{
"resource_types": "",
"description": "Obtains information about the specified WorkSpaces",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeWorkspaces"
},
{
"resource_types": "",
"description": "Describes the connection status of a specified WorkSpace",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeWorkspacesConnectionStatus"
},
{
"resource_types": "workspaceid",
"description": "Modifies the WorkSpace properties, including the running mode and AutoStop time",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyWorkspaceProperties"
},
{
"resource_types": "workspaceid",
"description": "Reboots the specified WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootWorkspaces"
},
{
"resource_types": "workspaceid",
"description": "Rebuilds the specified WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebuildWorkspaces"
},
{
"resource_types": "workspaceid",
"description": "Starts the specified WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartWorkspaces"
},
{
"resource_types": "workspaceid",
"description": "Stops the specified WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopWorkspaces"
},
{
"resource_types": "workspaceid",
"description": "Terminates the specified WorkSpaces",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateWorkspaces"
}
]
},
{
"service_name": "Amazon SNS",
"privileges": [
{
"resource_types": "topic",
"description": "Adds a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AddPermission"
},
{
"resource_types": "",
"description": "Accepts a phone number and indicates whether the phone holder has opted out of receiving SMS messages from your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "CheckIfPhoneNumberIsOptedOut"
},
{
"resource_types": "topic",
"description": "Verifies an endpoint owner's intent to receive messages by validating the token sent to the endpoint by an earlier Subscribe action",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ConfirmSubscription"
},
{
"resource_types": "",
"description": "Creates a platform application object for one of the supported push notification services, such as APNS and GCM, to which devices and mobile apps may register",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePlatformApplication"
},
{
"resource_types": "",
"description": "Creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePlatformEndpoint"
},
{
"resource_types": "topic",
"description": "Creates a topic to which notifications can be published",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTopic"
},
{
"resource_types": "",
"description": "Deletes the endpoint for a device and mobile app from Amazon SNS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEndpoint"
},
{
"resource_types": "",
"description": "Deletes a platform application object for one of the supported push notification services, such as APNS and GCM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePlatformApplication"
},
{
"resource_types": "topic",
"description": "Deletes a topic and all its subscriptions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTopic"
},
{
"resource_types": "",
"description": "Retrieves the endpoint attributes for a device on one of the supported push notification services, such as GCM and APNS",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetEndpointAttributes"
},
{
"resource_types": "",
"description": "Retrieves the attributes of the platform application object for the supported push notification services, such as APNS and GCM",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPlatformApplicationAttributes"
},
{
"resource_types": "",
"description": "Returns the settings for sending SMS messages from your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSMSAttributes"
},
{
"resource_types": "",
"description": "Returns all of the properties of a subscription",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSubscriptionAttributes"
},
{
"resource_types": "topic",
"description": "Returns all of the properties of a topic. Topic properties returned might differ based on the authorization of the user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTopicAttributes"
},
{
"resource_types": "",
"description": "Lists the endpoints and endpoint attributes for devices in a supported push notification service, such as GCM and APNS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEndpointsByPlatformApplication"
},
{
"resource_types": "",
"description": "Returns a list of phone numbers that are opted out, meaning you cannot send SMS messages to them",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListPhoneNumbersOptedOut"
},
{
"resource_types": "",
"description": "Lists the platform application objects for the supported push notification services, such as APNS and GCM",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPlatformApplications"
},
{
"resource_types": "",
"description": "Returns a list of the requester's subscriptions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSubscriptions"
},
{
"resource_types": "topic",
"description": "Returns a list of the subscriptions to a specific topic",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSubscriptionsByTopic"
},
{
"resource_types": "",
"description": "Returns a list of the requester's topics. Each call returns a limited list of topics, up to 100",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTopics"
},
{
"resource_types": "",
"description": "Opts in a phone number that is currently opted out, which enables you to resume sending SMS messages to the number",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "OptInPhoneNumber"
},
{
"resource_types": "topic",
"description": "Sends a message to all of a topic's subscribed endpoints",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Publish"
},
{
"resource_types": "topic",
"description": "Removes a statement from a topic's access control policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RemovePermission"
},
{
"resource_types": "",
"description": "Sets the attributes for an endpoint for a device on one of the supported push notification services, such as GCM and APNS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetEndpointAttributes"
},
{
"resource_types": "",
"description": "Sets the attributes of the platform application object for the supported push notification services, such as APNS and GCM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetPlatformApplicationAttributes"
},
{
"resource_types": "",
"description": "Allows a subscription owner to set an attribute of the topic to a new value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetSubscriptionAttributes"
},
{
"resource_types": "topic",
"description": "Allows a topic owner to set an attribute of the topic to a new value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetTopicAttributes"
},
{
"resource_types": "topic",
"description": "Prepares to subscribe an endpoint by sending the endpoint a confirmation message",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Subscribe"
},
{
"resource_types": "",
"description": "Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the subscription or the topic's owner can unsubscribe, and an AWS signature is required",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Unsubscribe"
}
]
},
{
"service_name": "Amazon FreeRTOS",
"privileges": []
},
{
"service_name": "Amazon API Gateway",
"privileges": [
{
"resource_types": "execute-api-general",
"description": "Used to invalidate API cache upon a client request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InvalidateCache"
},
{
"resource_types": "execute-api-general",
"description": "Used to invoke an API upon a client request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Invoke"
}
]
},
{
"service_name": "Amazon Connect",
"privileges": []
},
{
"service_name": "Elastic Load Balancing V2",
"privileges": [
{
"resource_types": "listener",
"description": "Adds the specified certificates to the specified secure listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddListenerCertificates"
},
{
"resource_types": "loadbalancer/app",
"description": "Adds the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "loadbalancer/app",
"description": "Creates a listener for the specified Application Load Balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateListener"
},
{
"resource_types": "loadbalancer/app",
"description": "Creates a load balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLoadBalancer"
},
{
"resource_types": "listener",
"description": "Creates a rule for the specified listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRule"
},
{
"resource_types": "targetgroup",
"description": "Creates a target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTargetGroup"
},
{
"resource_types": "listener",
"description": "Deletes the specified listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteListener"
},
{
"resource_types": "loadbalancer/app",
"description": "Deletes the specified load balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLoadBalancer"
},
{
"resource_types": "listener-rule",
"description": "Deletes the specified rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRule"
},
{
"resource_types": "targetgroup",
"description": "Deletes the specified target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTargetGroup"
},
{
"resource_types": "targetgroup",
"description": "Deregisters the specified targets from the specified target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterTargets"
},
{
"resource_types": "",
"description": "Describes the Elastic Load Balancing resource limits for the AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAccountLimits"
},
{
"resource_types": "",
"description": "Describes the certificates for the specified secure listener",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeListenerCertificates"
},
{
"resource_types": "",
"description": "Describes the specified listeners or the listeners for the specified Application Load Balancer",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeListeners"
},
{
"resource_types": "",
"description": "Describes the attributes for the specified load balancer",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLoadBalancerAttributes"
},
{
"resource_types": "",
"description": "Describes the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLoadBalancers"
},
{
"resource_types": "",
"description": "Describes the specified rules or the rules for the specified listener",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRules"
},
{
"resource_types": "",
"description": "Describes the specified policies or all policies used for SSL negotiation",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSSLPolicies"
},
{
"resource_types": "",
"description": "Describes the tags associated with the specified load balancers",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "",
"description": "Describes the attributes for the specified target group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTargetGroupAttributes"
},
{
"resource_types": "",
"description": "Describes the specified target groups or all of your target groups",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTargetGroups"
},
{
"resource_types": "",
"description": "Describes the health of the specified targets or all of your targets",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTargetHealth"
},
{
"resource_types": "listener",
"description": "Modifies the specified properties of the specified listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyListener"
},
{
"resource_types": "loadbalancer/app",
"description": "Modifies the attributes of the specified load balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyLoadBalancerAttributes"
},
{
"resource_types": "listener-rule",
"description": "Modifies the specified rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyRule"
},
{
"resource_types": "targetgroup",
"description": "Modifies the health checks used when evaluating the health state of the targets in the specified target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyTargetGroup"
},
{
"resource_types": "targetgroup",
"description": "Modifies the specified attributes of the specified target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyTargetGroupAttributes"
},
{
"resource_types": "targetgroup",
"description": "Registers the specified targets with the specified target group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterTargets"
},
{
"resource_types": "listener",
"description": "Removes the specified certificates of the specified secure listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveListenerCertificates"
},
{
"resource_types": "loadbalancer/app",
"description": "Removes one or more tags from the specified load balancer",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "loadbalancer/app",
"description": "Not found",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIpAddressType"
},
{
"resource_types": "listener-rule",
"description": "Sets the priorities of the specified rules",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetRulePriorities"
},
{
"resource_types": "loadbalancer/app",
"description": "Associates the specified security groups with the specified load balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetSecurityGroups"
},
{
"resource_types": "loadbalancer/app",
"description": "Enables the Availability Zone for the specified subnets for the specified load balancer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetSubnets"
}
]
},
{
"service_name": "Amazon Mobile Analytics",
"privileges": [
{
"resource_types": "",
"description": "The PutEvents operation records one or more events",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutEvents"
}
]
},
{
"service_name": "AWS Trusted Advisor",
"privileges": []
},
{
"service_name": "Amazon Macie",
"privileges": [
{
"resource_types": "",
"description": "Enables the user to associate a specified AWS account with Amazon Macie as a member account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateMemberAccount"
},
{
"resource_types": "",
"description": "Enables the user to associate specified S3 resources with Amazon Macie for monitoring and data classification",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateS3Resources"
},
{
"resource_types": "",
"description": "Enables the user to remove the specified member account from Amazon Macie",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateMemberAccount"
},
{
"resource_types": "",
"description": "Enables the user to remove specified S3 resources from being monitored by Amazon Macie",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateS3Resources"
},
{
"resource_types": "",
"description": "Enables the user to list all Amazon Macie member accounts for the current Macie master account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMemberAccounts"
},
{
"resource_types": "",
"description": "Enables the user to list all the S3 resources associated with Amazon Macie",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListS3Resources"
},
{
"resource_types": "",
"description": "Enables the user to update the classification types for the specified S3 resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateS3Resources"
}
]
},
{
"service_name": "Amazon Textract",
"privileges": [
{
"resource_types": "",
"description": "Detects instances of real-world document entities within an image provided as input",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"s3:GetObject"
],
"privilege": "AnalyzeDocument"
},
{
"resource_types": "",
"description": "Detects text in document images",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"s3:GetObject"
],
"privilege": "DetectDocumentText"
},
{
"resource_types": "",
"description": "Returns information about a document analysis job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDocumentAnalysis"
},
{
"resource_types": "",
"description": "Returns information about a document text detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDocumentTextDetection"
},
{
"resource_types": "",
"description": "Starts an asynchronous job to detect instances of real-world document entities within an image or pdf provided as input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:GetObject"
],
"privilege": "StartDocumentAnalysis"
},
{
"resource_types": "",
"description": "Starts an asynchronous job to detect text in document images or pdfs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:GetObject"
],
"privilege": "StartDocumentTextDetection"
}
]
},
{
"service_name": "AWS Certificate Manager Private Certificate Authority",
"privileges": [
{
"resource_types": "",
"description": "Creates an ACM Private CA and its associated private key and configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Creates an audit report for an ACM Private CA",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCertificateAuthorityAuditReport"
},
{
"resource_types": "certificate-authority",
"description": "Deletes an ACM Private CA and its associated private key and configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Returns a list of the configuration and status fields contained in the specified ACM Private CA",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Returns the status and information about an ACM Private CA audit report",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCertificateAuthorityAuditReport"
},
{
"resource_types": "certificate-authority",
"description": "Retrieves an ACM Private CA certificate and certificate chain for the certificate authority specified by an ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCertificate"
},
{
"resource_types": "certificate-authority",
"description": "Retrieves an ACM Private CA certificate and certificate chain for the certificate authority specified by an ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCertificateAuthorityCertificate"
},
{
"resource_types": "certificate-authority",
"description": "Retrieves an ACM Private CA certificate signing request (CSR) for the certificate-authority specified by an ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCertificateAuthorityCsr"
},
{
"resource_types": "certificate-authority",
"description": "Imports an SSL/TLS certificate into ACM Private CA for use as the CA certificate of an ACM Private CA",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportCertificateAuthorityCertificate"
},
{
"resource_types": "certificate-authority",
"description": "Issues an ACM Private CA certificate",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "IssueCertificate"
},
{
"resource_types": "",
"description": "Retrieves a list of the ACM Private CA certificate authority ARNs, and a summary of the status of each CA in the calling account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCertificateAuthorities"
},
{
"resource_types": "certificate-authority",
"description": "Lists the tags that have been applied to the ACM Private CA certificate authority",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "certificate-authority",
"description": "Restores an ACM Private CA from the deleted state to the state it was in when deleted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Revokes a certificate issued by an ACM Private CA",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RevokeCertificate"
},
{
"resource_types": "certificate-authority",
"description": "Adds one or more tags to an ACM Private CA",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Remove one or more tags from an ACM Private CA",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagCertificateAuthority"
},
{
"resource_types": "certificate-authority",
"description": "Updates the configuration of an ACM Private CA",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCertificateAuthority"
}
]
},
{
"service_name": "Amazon DynamoDB",
"privileges": [
{
"resource_types": "table",
"description": "Returns the attributes of one or more items from one or more tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetItem"
},
{
"resource_types": "table",
"description": "Puts or deletes multiple items in one or more tables",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchWriteItem"
},
{
"resource_types": "table",
"description": "The ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ConditionCheckItem"
},
{
"resource_types": "table",
"description": "Creates a backup for an existing table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBackup"
},
{
"resource_types": "global-table",
"description": "Enables the user to create a global table from an existing table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGlobalTable"
},
{
"resource_types": "table",
"description": "The CreateTable operation adds a new table to your account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTable"
},
{
"resource_types": "backup",
"description": "Deletes an existing backup of a table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackup"
},
{
"resource_types": "table",
"description": "Deletes a single item in a table by primary key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteItem"
},
{
"resource_types": "table",
"description": "The DeleteTable operation deletes a table and all of its items",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTable"
},
{
"resource_types": "backup",
"description": "Describes an existing backup of a table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBackup"
},
{
"resource_types": "table",
"description": "Checks the status of the backup restore settings on the specified table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeContinuousBackups"
},
{
"resource_types": "global-table",
"description": "Returns information about the specified global table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeGlobalTable"
},
{
"resource_types": "global-table",
"description": "Returns settings information about the specified global table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeGlobalTableSettings"
},
{
"resource_types": "",
"description": "Returns the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLimits"
},
{
"resource_types": "stream",
"description": "Returns information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStream"
},
{
"resource_types": "table",
"description": "Returns information about the table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTable"
},
{
"resource_types": "",
"description": "Gives a description of the Time to Live (TTL) status on the specified table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTimeToLive"
},
{
"resource_types": "table",
"description": "The GetItem operation returns a set of attributes for the item with the given primary key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetItem"
},
{
"resource_types": "stream",
"description": "Retrieves the stream records from a given shard",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRecords"
},
{
"resource_types": "stream",
"description": "Returns a shard iterator",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetShardIterator"
},
{
"resource_types": "",
"description": "List backups associated with the account and endpoint",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackups"
},
{
"resource_types": "",
"description": "Lists all global tables that have a replica in the specified region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGlobalTables"
},
{
"resource_types": "",
"description": "Returns an array of stream ARNs associated with the current account and endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListStreams"
},
{
"resource_types": "",
"description": "Returns an array of table names associated with the current account and endpoint",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTables"
},
{
"resource_types": "",
"description": "List all tags on an Amazon DynamoDB resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsOfResource"
},
{
"resource_types": "table",
"description": "Creates a new item, or replaces an old item with a new item",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutItem"
},
{
"resource_types": "table",
"description": "Uses the primary key of a table or a secondary index to directly access items from that table or index",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Query"
},
{
"resource_types": "backup",
"description": "Creates a new table from an existing backup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreTableFromBackup"
},
{
"resource_types": "table",
"description": "Restores a table to a point in time",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreTableToPointInTime"
},
{
"resource_types": "table",
"description": "Returns one or more items and item attributes by accessing every item in a table or a secondary index",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Scan"
},
{
"resource_types": "",
"description": "Associate a set of tags with an Amazon DynamoDB resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "",
"description": "Removes the association of tags from an Amazon DynamoDB resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "table",
"description": "Enables or disables continuous backups",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateContinuousBackups"
},
{
"resource_types": "global-table",
"description": "Enables the user to add or remove replicas in the specified global table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGlobalTable"
},
{
"resource_types": "global-table",
"description": "Enables the user to update settings of the specified global table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGlobalTableSettings"
},
{
"resource_types": "table",
"description": "Edits an existing item's attributes, or adds a new item to the table if it does not already exist",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateItem"
},
{
"resource_types": "table",
"description": "Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTable"
},
{
"resource_types": "table",
"description": "Enables or disables TTL for the specified table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTimeToLive"
}
]
},
{
"service_name": "AWS License Manager",
"privileges": [
{
"resource_types": "",
"description": "Creates a new license configuration",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateLicenseConfiguration"
},
{
"resource_types": "license-configuration",
"description": "Permanently deletes a license configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLicenseConfiguration"
},
{
"resource_types": "license-configuration",
"description": "Gets a license configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetLicenseConfiguration"
},
{
"resource_types": "",
"description": "Gets service settings",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetServiceSettings"
},
{
"resource_types": "license-configuration",
"description": "Lists associations for a selected license configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAssociationsForLicenseConfiguration"
},
{
"resource_types": "",
"description": "Lists license configurations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLicenseConfigurations"
},
{
"resource_types": "",
"description": "Lists license specifications associated with a selected resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLicenseSpecificationsForResource"
},
{
"resource_types": "",
"description": "Lists resource inventory",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResourceInventory"
},
{
"resource_types": "license-configuration",
"description": "Lists tags for a selected resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "license-configuration",
"description": "Lists usage records for selected license configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsageForLicenseConfiguration"
},
{
"resource_types": "license-configuration",
"description": "Tags a selected resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "license-configuration",
"description": "Untags a selected resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "license-configuration",
"description": "Updates an existing license configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateLicenseConfiguration"
},
{
"resource_types": "license-configuration",
"description": "Updates license specifications for a selected resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateLicenseSpecificationsForResource"
},
{
"resource_types": "",
"description": "Updates service settings",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "UpdateServiceSettings"
}
]
},
{
"service_name": "Amazon SimpleDB",
"privileges": [
{
"resource_types": "domain",
"description": "Performs multiple DeleteAttributes operations in a single call, which reduces round trips and latencies",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchDeleteAttributes"
},
{
"resource_types": "domain",
"description": "With the BatchPutAttributes operation, you can perform multiple PutAttribute operations in a single call. With the BatchPutAttributes operation, you can perform multiple PutAttribute operations in a single call",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchPutAttributes"
},
{
"resource_types": "domain",
"description": "The CreateDomain operation creates a new domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDomain"
},
{
"resource_types": "domain",
"description": "Deletes one or more attributes associated with the item",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAttributes"
},
{
"resource_types": "domain",
"description": "The DeleteDomain operation deletes a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomain"
},
{
"resource_types": "domain",
"description": "Returns information about the domain, including when the domain was created, the number of items and attributes, and the size of attribute names and values",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DomainMetadata"
},
{
"resource_types": "domain",
"description": "Returns all of the attributes associated with the item",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAttributes"
},
{
"resource_types": "",
"description": "Description for ListDomains",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDomains"
},
{
"resource_types": "domain",
"description": "The PutAttributes operation creates or replaces attributes in an item",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAttributes"
},
{
"resource_types": "domain",
"description": "Description for Select",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Select"
}
]
},
{
"service_name": "AWS Database Migration Service",
"privileges": [
{
"resource_types": "",
"description": "Adds metadata tags to a DMS resource, including replication instance, endpoint, security group, and migration task",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToResource"
},
{
"resource_types": "",
"description": "Creates an endpoint using the provided settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEndpoint"
},
{
"resource_types": "",
"description": "Creates the replication instance using the specified parameters",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReplicationInstance"
},
{
"resource_types": "",
"description": "Creates a replication subnet group given a list of the subnet IDs in a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReplicationSubnetGroup"
},
{
"resource_types": "",
"description": "Creates a replication task using the specified parameters",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReplicationTask"
},
{
"resource_types": "",
"description": "Deletes the specified endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEndpoint"
},
{
"resource_types": "",
"description": "Deletes an AWS DMS event subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEventSubscription"
},
{
"resource_types": "",
"description": "Deletes the specified replication instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReplicationInstance"
},
{
"resource_types": "",
"description": "Deletes a subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReplicationSubnetGroup"
},
{
"resource_types": "",
"description": "Deletes the specified replication task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReplicationTask"
},
{
"resource_types": "",
"description": "Lists all of the AWS DMS attributes for a customer account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAccountAttributes"
},
{
"resource_types": "",
"description": "Provides a description of the certificate",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCertificates"
},
{
"resource_types": "",
"description": "Describes the status of the connections that have been made between the replication instance and an endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConnections"
},
{
"resource_types": "",
"description": "Returns information about the type of endpoints available",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEndpointTypes"
},
{
"resource_types": "",
"description": "Returns information about the endpoints for your account in the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEndpoints"
},
{
"resource_types": "",
"description": "Lists categories for all event source types, or, if specified, for a specified source type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventCategories"
},
{
"resource_types": "",
"description": "Lists all the event subscriptions for a customer account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventSubscriptions"
},
{
"resource_types": "",
"description": "Lists events for a given source identifier and source type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEvents"
},
{
"resource_types": "",
"description": "Returns information about the replication instance types that can be created in the specified region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOrderableReplicationInstances"
},
{
"resource_types": "",
"description": "Returns the status of the RefreshSchemas operation",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRefreshSchemasStatus"
},
{
"resource_types": "",
"description": "Returns information about replication instances for your account in the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReplicationInstances"
},
{
"resource_types": "",
"description": "Returns information about the replication subnet groups",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReplicationSubnetGroups"
},
{
"resource_types": "",
"description": "Returns information about replication tasks for your account in the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReplicationTasks"
},
{
"resource_types": "",
"description": "Returns information about the schema for the specified endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSchemas"
},
{
"resource_types": "",
"description": "Returns table statistics on the database migration task, including table name, rows inserted, rows updated, and rows deleted",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTableStatistics"
},
{
"resource_types": "",
"description": "Lists all tags for an AWS DMS resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Modifies the specified endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyEndpoint"
},
{
"resource_types": "",
"description": "Modifies an existing AWS DMS event notification subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyEventSubscription"
},
{
"resource_types": "",
"description": "Modifies the replication instance to apply new settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyReplicationInstance"
},
{
"resource_types": "",
"description": "Modifies the settings for the specified replication subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyReplicationSubnetGroup"
},
{
"resource_types": "",
"description": "Modifies the specified replication task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyReplicationTask"
},
{
"resource_types": "",
"description": "Populates the schema for the specified endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RefreshSchemas"
},
{
"resource_types": "",
"description": "Removes metadata tags from a DMS resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromResource"
},
{
"resource_types": "",
"description": "Starts the replication task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartReplicationTask"
},
{
"resource_types": "",
"description": "Stops the replication task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopReplicationTask"
},
{
"resource_types": "",
"description": "Tests the connection between the replication instance and the endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "TestConnection"
}
]
},
{
"service_name": "AWS Elemental MediaPackage",
"privileges": [
{
"resource_types": "",
"description": "Grants permission to create a channel in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateChannel"
},
{
"resource_types": "",
"description": "Grants permission to create an endpoint in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateOriginEndpoint"
},
{
"resource_types": "",
"description": "Grants permission to delete a channel in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteChannel"
},
{
"resource_types": "",
"description": "Grants permission to delete an endpoint in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteOriginEndpoint"
},
{
"resource_types": "",
"description": "Grants permission to view the details of a channel in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeChannel"
},
{
"resource_types": "",
"description": "Grants permission to view the details of an endpoint in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOriginEndpoint"
},
{
"resource_types": "",
"description": "Grants permission to view a list of channels in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListChannels"
},
{
"resource_types": "",
"description": "Grants permission to view a list of endpoints in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListOriginEndpoints"
},
{
"resource_types": "",
"description": "Grants permission to make changes to a channel in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateChannel"
},
{
"resource_types": "",
"description": "Grants permission to make changes to an endpoint in AWS Elemental MediaPackage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateOriginEndpoint"
}
]
},
{
"service_name": "AWS OpsWorks Configuration Management",
"privileges": [
{
"resource_types": "",
"description": "Associate a node to a configuration management server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateNode"
},
{
"resource_types": "",
"description": "Create a backup for the specified server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBackup"
},
{
"resource_types": "",
"description": "Create a new server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateServer"
},
{
"resource_types": "",
"description": "Delete the specified backup and possibly its S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackup"
},
{
"resource_types": "",
"description": "Deletes the specified server with his corresponding CF stack and possibly the S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServer"
},
{
"resource_types": "",
"description": "Describe the service limits for the user's account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAccountAttributes"
},
{
"resource_types": "",
"description": "Describe a single backup, all backups of a specified server or all backups of the user's account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeBackups"
},
{
"resource_types": "",
"description": "Describe all events of the specified server",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEvents"
},
{
"resource_types": "",
"description": "Describe the association status for the specified node token and the specified server",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNodeAssociationStatus"
},
{
"resource_types": "",
"description": "Describes the specified server or all servers of the user's account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeServers"
},
{
"resource_types": "",
"description": "Disassociates a specified node from a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateNode"
},
{
"resource_types": "",
"description": "Applies a backup to specified server. Possibly swaps out the ec2-instance if specified",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreServer"
},
{
"resource_types": "",
"description": "Start the server maintenance immediately",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartMaintenance"
},
{
"resource_types": "",
"description": "Update general server settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateServer"
},
{
"resource_types": "",
"description": "Update server settings specific to the configuration management type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateServerEngineAttributes"
}
]
},
{
"service_name": "AWS Transfer for SFTP",
"privileges": [
{
"resource_types": "",
"description": "Enables the caller to create a server",
"condition_keys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateServer"
},
{
"resource_types": "server",
"description": "Enables the caller to add a user associated with a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"iam:PassRole"
],
"privilege": "CreateUser"
},
{
"resource_types": "server",
"description": "Enables the caller to delete a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServer"
},
{
"resource_types": "user",
"description": "Enables the caller to delete an SSH public key from a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSshPublicKey"
},
{
"resource_types": "user",
"description": "Enables the caller to delete a user associated with a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "server",
"description": "Enables the caller to describe a server",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeServer"
},
{
"resource_types": "user",
"description": "Enables the caller to describe a user associated with a server",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUser"
},
{
"resource_types": "user",
"description": "Enables the caller to add an SSH public key to a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportSshPublicKey"
},
{
"resource_types": "",
"description": "Enables the caller to list servers",
"condition_keys": [
"aws:TagKeys"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListServers"
},
{
"resource_types": "server",
"description": "Enables the caller to list tags for a server or a user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "user",
"description": "Enables the caller to list users associated with a server",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsers"
},
{
"resource_types": "server",
"description": "Enables the caller to start a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartServer"
},
{
"resource_types": "server",
"description": "Enables the caller to stop a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopServer"
},
{
"resource_types": "server",
"description": "Enables the caller to tag a server or a user",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "server",
"description": "Enables the caller to test a server's custom identity provider",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "TestIdentityProvider"
},
{
"resource_types": "server",
"description": "Enables the caller to untag a server or a user",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "server",
"description": "Enables the caller to update the configuration of a server",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateServer"
},
{
"resource_types": "server",
"description": "Enables the caller to update the configuration of a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
}
]
},
{
"service_name": "Amazon Route 53",
"privileges": [
{
"resource_types": "hostedzone",
"description": "Grants permission to associate an additional Amazon VPC with a private hosted zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateVPCWithHostedZone"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to create, update, or delete a record, which contains authoritative DNS information for a specified domain or subdomain name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ChangeResourceRecordSets"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to add, edit, or delete tags for a health check or a hosted zone",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "ChangeTagsForResource"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to create a new health check, which monitors the health and performance of your web applications, web servers, and other resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHealthCheck"
},
{
"resource_types": "",
"description": "Grants permission to create a public hosted zone, which you use to specify how the Domain Name System (DNS) routes traffic on the Internet for a domain, such as example.com, and its subdomains",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHostedZone"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to create a configuration for DNS query logging",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateQueryLoggingConfig"
},
{
"resource_types": "",
"description": "Grants permission to create a delegation set (a group of four name servers) that can be reused by multiple hosted zones",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReusableDelegationSet"
},
{
"resource_types": "",
"description": "Grants permission to create a traffic policy, which you use to create multiple DNS records for one domain name (such as example.com) or one subdomain name (such as www.example.com",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrafficPolicy"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to create records in a specified hosted zone based on the settings in a specified traffic policy version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrafficPolicyInstance"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to create a new version of an existing traffic policy",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrafficPolicyVersion"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to authorize the AWS account that created a specified VPC to submit an AssociateVPCWithHostedZone request, which associates the VPC with a specified hosted zone that was created by a different account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVPCAssociationAuthorization"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to delete a health check",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHealthCheck"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to delete a hosted zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHostedZone"
},
{
"resource_types": "queryloggingconfig",
"description": "Grants permission to delete a configuration for DNS query logging",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteQueryLoggingConfig"
},
{
"resource_types": "delegationset",
"description": "Grants permission to delete a reusable delegation set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReusableDelegationSet"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to delete a traffic policy",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTrafficPolicy"
},
{
"resource_types": "trafficpolicyinstance",
"description": "Grants permission to delete a traffic policy instance and all the records that Route 53 created when you created the instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTrafficPolicyInstance"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to remove authorization for associating an Amazon Virtual Private Cloud with a Route 53 private hosted zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVPCAssociationAuthorization"
},
{
"resource_types": "",
"description": "Grants permission to disassociate an Amazon Virtual Private Cloud from a Route 53 private hosted zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateVPCFromHostedZone"
},
{
"resource_types": "",
"description": "Grants permission to get the specified limit for the current account, for example, the maximum number of health checks that you can create using the account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountLimit"
},
{
"resource_types": "change",
"description": "Grants permission to get the current status of a request to create, update, or delete one or more records",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetChange"
},
{
"resource_types": "",
"description": "Grants permission to get a list of the IP ranges that are used by Route 53 health checkers to check the health of your resources",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetCheckerIpRanges"
},
{
"resource_types": "",
"description": "Grants permission to get information about whether a specified geographic location is supported for Route 53 geolocation records",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetGeoLocation"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to get information about a specified health check",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetHealthCheck"
},
{
"resource_types": "",
"description": "Grants permission to get the number of health checks that are associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetHealthCheckCount"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to get the reason that a specified health check failed most recently",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetHealthCheckLastFailureReason"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to get the status of a specified health check",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetHealthCheckStatus"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to get information about a specified hosted zone including the four name servers that Route 53 assigned to the hosted zone",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetHostedZone"
},
{
"resource_types": "",
"description": "Grants permission to get the number of hosted zones that are associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetHostedZoneCount"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to get the specified limit for a specified hosted zone",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetHostedZoneLimit"
},
{
"resource_types": "queryloggingconfig",
"description": "Grants permission to get information about a specified configuration for DNS query logging",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryLoggingConfig"
},
{
"resource_types": "delegationset",
"description": "Grants permission to get information about a specified reusable delegation set, including the four name servers that are assigned to the delegation set",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetReusableDelegationSet"
},
{
"resource_types": "delegationset",
"description": "Grants permission to get the maximum number of hosted zones that you can associate with the specified reusable delegation set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReusableDelegationSetLimit"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to get information about a specified traffic policy version",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTrafficPolicy"
},
{
"resource_types": "trafficpolicyinstance",
"description": "Grants permission to get information about a specified traffic policy instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTrafficPolicyInstance"
},
{
"resource_types": "",
"description": "Grants permission to get the number of traffic policy instances that are associated with the current AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTrafficPolicyInstanceCount"
},
{
"resource_types": "",
"description": "Grants permission to get a list of geographic locations that Route 53 supports for geolocation",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGeoLocations"
},
{
"resource_types": "",
"description": "Grants permission to get a list of the health checks that are associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHealthChecks"
},
{
"resource_types": "",
"description": "Grants permission to get a list of the public and private hosted zones that are associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHostedZones"
},
{
"resource_types": "",
"description": "Grants permission to get a list of your hosted zones in lexicographic order. Hosted zones are sorted by name with the labels reversed, for example, com.example.www",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHostedZonesByName"
},
{
"resource_types": "queryloggingconfig",
"description": "Grants permission to list the configurations for DNS query logging that are associated with the current AWS account or the configuration that is associated with a specified hosted zone",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListQueryLoggingConfigs"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to list the records in a specified hosted zone",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResourceRecordSets"
},
{
"resource_types": "",
"description": "Grants permission to list the reusable delegation sets that are associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListReusableDelegationSets"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to list tags for one health check or hosted zone",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to list tags for up to 10 health checks or hosted zones",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResources"
},
{
"resource_types": "",
"description": "Grants permission to get information about the latest version for every traffic policy that is associated with the current AWS account. Policies are listed in the order in which they were created",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTrafficPolicies"
},
{
"resource_types": "",
"description": "Grants permission to get information about the traffic policy instances that you created by using the current AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTrafficPolicyInstances"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to get information about the traffic policy instances that you created in a specified hosted zone",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTrafficPolicyInstancesByHostedZone"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to get information about the traffic policy instances that you created using a specified traffic policy version",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTrafficPolicyInstancesByPolicy"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to get information about all the versions for a specified traffic policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTrafficPolicyVersions"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to get a list of the VPCs that were created by other accounts and that can be associated with a specified hosted zone",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListVPCAssociationAuthorizations"
},
{
"resource_types": "",
"description": "Grants permission to get the value that Route 53 returns in response to a DNS query for a specified record name and type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "TestDNSAnswer"
},
{
"resource_types": "healthcheck",
"description": "Grants permission to update an existing health check",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateHealthCheck"
},
{
"resource_types": "hostedzone",
"description": "Grants permission to update the comment for a specified hosted zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateHostedZoneComment"
},
{
"resource_types": "trafficpolicy",
"description": "Grants permission to update the comment for a specified traffic policy version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTrafficPolicyComment"
},
{
"resource_types": "trafficpolicyinstance",
"description": "Grants permission to update the records in a specified hosted zone that were created based on the settings in a specified traffic policy version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTrafficPolicyInstance"
}
]
},
{
"service_name": "AWS Shield",
"privileges": [
{
"resource_types": "",
"description": "Authorizes the DDoS Response team to access the specified Amazon S3 bucket containing your flow logs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"privilege": "AssociateDRTLogBucket"
},
{
"resource_types": "",
"description": "Authorizes the DDoS Response team using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:PassRole"
],
"privilege": "AssociateDRTRole"
},
{
"resource_types": "protection",
"description": "Activate DDoS protection service for a given resource ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProtection"
},
{
"resource_types": "",
"description": "Activate subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSubscription"
},
{
"resource_types": "protection",
"description": "Delete an existing protection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProtection"
},
{
"resource_types": "",
"description": "Deactivate subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSubscription"
},
{
"resource_types": "attack",
"description": "Get attack details",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAttack"
},
{
"resource_types": "",
"description": "Returns the current role and list of Amazon S3 log buckets used by the DDoS Response team to access your AWS account while assisting with attack mitigation",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDRTAccess"
},
{
"resource_types": "",
"description": "Lists the email addresses that the DRT can use to contact you during a suspected attack",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEmergencyContactSettings"
},
{
"resource_types": "protection",
"description": "Get protection details",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProtection"
},
{
"resource_types": "",
"description": "Get subscription details, such as start time",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSubscription"
},
{
"resource_types": "",
"description": "Removes the DDoS Response team's access to the specified Amazon S3 bucket containing your flow logs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:DeleteBucketPolicy",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"privilege": "DisassociateDRTLogBucket"
},
{
"resource_types": "",
"description": "Removes the DDoS Response team's access to your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateDRTRole"
},
{
"resource_types": "",
"description": "Get subscription state",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSubscriptionState"
},
{
"resource_types": "",
"description": "List all existing attacks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAttacks"
},
{
"resource_types": "",
"description": "List all existing protections",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProtections"
},
{
"resource_types": "",
"description": "Updates the details of the list of email addresses that the DRT can use to contact you during a suspected attack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEmergencyContactSettings"
}
]
},
{
"service_name": "Amazon Elastic File System",
"privileges": [
{
"resource_types": "",
"description": "Creates a new, empty file system",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFileSystem"
},
{
"resource_types": "file-system",
"description": "Creates a mount target for a file system",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateMountTarget"
},
{
"resource_types": "file-system",
"description": "Creates or overwrites tags associated with a file system",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateTags"
},
{
"resource_types": "file-system",
"description": "Deletes a file system, permanently severing access to its contents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFileSystem"
},
{
"resource_types": "file-system",
"description": "Deletes the specified mount target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteMountTarget"
},
{
"resource_types": "file-system",
"description": "Deletes the specified tags from a file system",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "file-system",
"description": "Returns the description of a specific Amazon EFS file system if either the file system CreationToken or the FileSystemId is provided; otherwise, returns descriptions of all file systems owned by the caller's AWS account in the AWS region of the endpoint that you're calling",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFileSystems"
},
{
"resource_types": "file-system",
"description": "Returns the security groups currently in effect for a mount target",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeMountTargetSecurityGroups"
},
{
"resource_types": "file-system",
"description": "Returns the descriptions of all the current mount targets, or a specific mount target, for a file system",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeMountTargets"
},
{
"resource_types": "file-system",
"description": "Returns the tags associated with a file system",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "file-system",
"description": "Modifies the set of security groups in effect for a mount target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyMountTargetSecurityGroups"
},
{
"resource_types": "file-system",
"description": "Updates the throughput mode or the amount of provisioned throughput of an existing file system",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFileSystem"
}
]
},
{
"service_name": "Amazon Rekognition",
"privileges": [
{
"resource_types": "",
"description": "Compares a face in source input image with each face detected in the target input image",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "CompareFaces"
},
{
"resource_types": "collection",
"description": "Creates a collection in an AWS region. You can then add faces to the collection using the IndexFaces API",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCollection"
},
{
"resource_types": "collection",
"description": "Creates an Amazon Rekognition stream processor that you can use to detect and recognize faces in a streaming video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateStreamProcessor"
},
{
"resource_types": "collection",
"description": "Deletes the specified collection. Note that this operation removes all faces in the collection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCollection"
},
{
"resource_types": "collection",
"description": "Deletes faces from a collection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFaces"
},
{
"resource_types": "streamprocessor",
"description": "Deletes the stream processor identified by Name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteStreamProcessor"
},
{
"resource_types": "streamprocessor",
"description": "Provides information about a stream processor created by CreateStreamProcessor",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStreamProcessor"
},
{
"resource_types": "",
"description": "Detects human faces within an image (JPEG or PNG) provided as input",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectFaces"
},
{
"resource_types": "",
"description": "Detects instances of real-world labels within an image (JPEG or PNG) provided as input",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectLabels"
},
{
"resource_types": "",
"description": "Detects moderation labels within input image",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectModerationLabels"
},
{
"resource_types": "",
"description": "Detects text in the input image and converts it into machine-readable text",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectText"
},
{
"resource_types": "",
"description": "Gets the name and additional information about a celebrity based on his or her Rekognition ID",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCelebrityInfo"
},
{
"resource_types": "",
"description": "Gets the celebrity recognition results for a Rekognition Video analysis started by StartCelebrityRecognition",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCelebrityRecognition"
},
{
"resource_types": "",
"description": "Gets the content moderation analysis results for a Rekognition Video analysis started by StartContentModeration",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetContentModeration"
},
{
"resource_types": "",
"description": "Gets face detection results for a Rekognition Video analysis started by StartFaceDetection",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFaceDetection"
},
{
"resource_types": "",
"description": "Gets the face search results for Rekognition Video face search started by StartFaceSearch",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFaceSearch"
},
{
"resource_types": "",
"description": "Gets the label detection results of a Rekognition Video analysis started by StartLabelDetection",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLabelDetection"
},
{
"resource_types": "",
"description": "Gets information about people detected within a video",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPersonTracking"
},
{
"resource_types": "collection",
"description": "Detects faces in the input image and adds them to the specified collection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "IndexFaces"
},
{
"resource_types": "collection",
"description": "Returns a list of collection IDs in your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListCollections"
},
{
"resource_types": "collection",
"description": "Returns metadata for faces in the specified collection",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListFaces"
},
{
"resource_types": "streamprocessor",
"description": "Gets a list of stream processors that you have created with CreateStreamProcessor",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListStreamProcessors"
},
{
"resource_types": "",
"description": "Returns an array of celebrities recognized in the input image",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "RecognizeCelebrities"
},
{
"resource_types": "collection",
"description": "For a given input face ID, searches the specified collection for matching faces",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SearchFaces"
},
{
"resource_types": "collection",
"description": "For a given input image, first detects the largest face in the image, and then searches the specified collection for matching faces",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SearchFacesByImage"
},
{
"resource_types": "",
"description": "Starts asynchronous recognition of celebrities in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartCelebrityRecognition"
},
{
"resource_types": "",
"description": "Starts asynchronous detection of explicit or suggestive adult content in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartContentModeration"
},
{
"resource_types": "",
"description": "Starts asynchronous detection of faces in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartFaceDetection"
},
{
"resource_types": "collection",
"description": "Starts the asynchronous search for faces in a collection that match the faces of persons detected in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartFaceSearch"
},
{
"resource_types": "",
"description": "Starts asynchronous detection of labels in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartLabelDetection"
},
{
"resource_types": "",
"description": "Starts the asynchronous tracking of persons in a video",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartPersonTracking"
},
{
"resource_types": "streamprocessor",
"description": "Starts processing a stream processor",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartStreamProcessor"
},
{
"resource_types": "streamprocessor",
"description": "Stops a running stream processor that was created by CreateStreamProcessor",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopStreamProcessor"
}
]
},
{
"service_name": "Amazon DynamoDB Accelerator (DAX",
"privileges": [
{
"resource_types": "application",
"description": "The BatchGetItem action returns the attributes of one or more items from one or more tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetItem"
},
{
"resource_types": "application",
"description": "The BatchWriteItem action operation puts or deletes multiple items in one or more tables",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchWriteItem"
},
{
"resource_types": "application",
"description": "The ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ConditionCheckItem"
},
{
"resource_types": "application",
"description": "The CreateCluster action creates a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"dax:CreateParameterGroup",
"dax:CreateSubnetGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"iam:GetRole",
"iam:PassRole"
],
"privilege": "CreateCluster"
},
{
"resource_types": "",
"description": "The CreateParameterGroup action creates collection of parameters that you apply to all of the nodes in a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateParameterGroup"
},
{
"resource_types": "",
"description": "The CreateSubnetGroup action creates a new subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSubnetGroup"
},
{
"resource_types": "application",
"description": "The DecreaseReplicationFactor action removes one or more nodes from a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DecreaseReplicationFactor"
},
{
"resource_types": "application",
"description": "The DeleteCluster action deletes a previously provisioned DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCluster"
},
{
"resource_types": "application",
"description": "The DeleteItem action deletes a single item in a table by primary key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteItem"
},
{
"resource_types": "",
"description": "The DeleteParameterGroup action deletes the specified parameter group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteParameterGroup"
},
{
"resource_types": "",
"description": "The DeleteSubnetGroup action deletes a subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSubnetGroup"
},
{
"resource_types": "application",
"description": "The DescribeClusters action returns information about all provisioned DAX clusters",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeClusters"
},
{
"resource_types": "",
"description": "The DescribeDefaultParameters action returns the default system parameter information for DAX",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDefaultParameters"
},
{
"resource_types": "",
"description": "The DescribeEvents action returns events related to DAX clusters and parameter groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEvents"
},
{
"resource_types": "",
"description": "The DescribeParameterGroups action returns a list of parameter group descriptions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeParameterGroups"
},
{
"resource_types": "",
"description": "The DescribeParameters action returns the detailed parameter list for a particular parameter group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeParameters"
},
{
"resource_types": "",
"description": "The DescribeSubnetGroups action returns a list of subnet group descriptions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSubnetGroups"
},
{
"resource_types": "application",
"description": "The GetItem action returns a set of attributes for the item with the given primary key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetItem"
},
{
"resource_types": "application",
"description": "The IncreaseReplicationFactor action adds one or more nodes to a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "IncreaseReplicationFactor"
},
{
"resource_types": "application",
"description": "The ListTags action returns a list all of the tags for a DAX cluster",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "application",
"description": "The PutItem action creates a new item, or replaces an old item with a new item",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutItem"
},
{
"resource_types": "application",
"description": "The Query action finds items based on primary key values. You can query any table or secondary index that has a composite primary key (a partition key and a sort key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Query"
},
{
"resource_types": "application",
"description": "The RebootNode action reboots a single node of a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootNode"
},
{
"resource_types": "application",
"description": "The Scan action returns one or more items and item attributes by accessing every item in a table or a secondary index",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Scan"
},
{
"resource_types": "application",
"description": "The TagResource action associates a set of tags with a DAX resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "application",
"description": "The UntagResource action removes the association of tags from a DAX resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "application",
"description": "The UpdateCluster action modifies the settings for a DAX cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCluster"
},
{
"resource_types": "application",
"description": "The UpdateItem action edits an existing item's attributes, or adds a new item to the table if it does not already exist",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateItem"
},
{
"resource_types": "",
"description": "The UpdateParameterGroup action modifies the parameters of a parameter group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateParameterGroup"
},
{
"resource_types": "",
"description": "The UpdateSubnetGroup action modifies an existing subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSubnetGroup"
}
]
},
{
"service_name": "AWS Performance Insights",
"privileges": []
},
{
"service_name": "Amazon GameLift",
"privileges": [
{
"resource_types": "",
"description": "Creates an alias for a fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlias"
},
{
"resource_types": "",
"description": "Initializes a new build record and generates information required to upload a game build to Amazon GameLift",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBuild"
},
{
"resource_types": "",
"description": "Creates a new fleet of computing resources to run your game servers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFleet"
},
{
"resource_types": "",
"description": "Creates a game session for players to join",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGameSession"
},
{
"resource_types": "",
"description": "Adds a player to a game session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePlayerSession"
},
{
"resource_types": "",
"description": "Adds a group of players to a game session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePlayerSessions"
},
{
"resource_types": "",
"description": "Deletes an alias",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAlias"
},
{
"resource_types": "",
"description": "Deletes a build",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBuild"
},
{
"resource_types": "",
"description": "Deletes an empty fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFleet"
},
{
"resource_types": "",
"description": "Deletes a set of scaling rules",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteScalingPolicy"
},
{
"resource_types": "",
"description": "Retrieves properties for an alias",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAlias"
},
{
"resource_types": "",
"description": "Retrieves properties for a build",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBuild"
},
{
"resource_types": "",
"description": "Retrieves maximum allowed usage and current usage for all EC2 instance types or a specified type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEC2InstanceLimits"
},
{
"resource_types": "",
"description": "Retrieves general fleet properties for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleetAttributes"
},
{
"resource_types": "",
"description": "Retrieves the current capacity status for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleetCapacity"
},
{
"resource_types": "",
"description": "Retrieves entries from a fleet's event log",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleetEvents"
},
{
"resource_types": "",
"description": "Retrieves the inbound connection permissions set for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleetPortSettings"
},
{
"resource_types": "",
"description": "Retrieves utilization statistics for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleetUtilization"
},
{
"resource_types": "",
"description": "Retrieves game session properties plus game session protection policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeGameSessionDetails"
},
{
"resource_types": "",
"description": "Retrieves game session properties for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeGameSessions"
},
{
"resource_types": "",
"description": "Retrieves information about a fleet's instances, including instance IDs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeInstances"
},
{
"resource_types": "",
"description": "Retrieves player session properties for a game session",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePlayerSessions"
},
{
"resource_types": "",
"description": "Retrieves the runtime configuration for a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRuntimeConfiguration"
},
{
"resource_types": "",
"description": "Retrieves all scaling policies applied to a fleet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScalingPolicies"
},
{
"resource_types": "",
"description": "Retrieves the location of stored logs for a game session",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGameSessionLogUrl"
},
{
"resource_types": "",
"description": "Requests remote access to a fleet instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceAccess"
},
{
"resource_types": "",
"description": "Retrieves the fleet aliases used with this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAliases"
},
{
"resource_types": "",
"description": "Retrieves the builds for this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBuilds"
},
{
"resource_types": "",
"description": "Retrieves the fleet for this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListFleets"
},
{
"resource_types": "",
"description": "Creates or updates a fleet scaling policy",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutScalingPolicy"
},
{
"resource_types": "",
"description": "Retrieves a fresh set of upload credentials and the Amazon S3 storage location for a specific build",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "RequestUploadCredentials"
},
{
"resource_types": "",
"description": "Retrieves the fleet ID associated with an alias",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ResolveAlias"
},
{
"resource_types": "",
"description": "Retrieves game sessions that match the search criteria and sorts them as specified",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SearchGameSessions"
},
{
"resource_types": "",
"description": "Updates properties for an alias",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAlias"
},
{
"resource_types": "",
"description": "Updates a build's name and version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateBuild"
},
{
"resource_types": "",
"description": "Sets a fleet's general properties",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFleetAttributes"
},
{
"resource_types": "",
"description": "Sets a fleet's capacity settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFleetCapacity"
},
{
"resource_types": "",
"description": "Sets a fleet's port settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFleetPortSettings"
},
{
"resource_types": "",
"description": "Sets game session properties",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGameSession"
},
{
"resource_types": "",
"description": "Sets a fleet's runtime configuration, which specifies how to launch server processes on the fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRuntimeConfiguration"
}
]
},
{
"service_name": "AWS Direct Connect",
"privileges": [
{
"resource_types": "",
"description": "Creates a hosted connection on an interconnect",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocateConnectionOnInterconnect"
},
{
"resource_types": "",
"description": "Provisions a private virtual interface to be owned by a different customer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocatePrivateVirtualInterface"
},
{
"resource_types": "",
"description": "Provisions a public virtual interface to be owned by a different customer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocatePublicVirtualInterface"
},
{
"resource_types": "",
"description": "Confirm the creation of a hosted connection on an interconnect",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ConfirmConnection"
},
{
"resource_types": "",
"description": "Accept ownership of a private virtual interface created by another customer",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ConfirmPrivateVirtualInterface"
},
{
"resource_types": "",
"description": "Accept ownership of a public virtual interface created by another customer",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ConfirmPublicVirtualInterface"
},
{
"resource_types": "",
"description": "Creates a new connection between the customer network and a specific AWS Direct Connect location",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConnection"
},
{
"resource_types": "",
"description": "Creates a new interconnect between a AWS Direct Connect partner's network and a specific AWS Direct Connect location",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInterconnect"
},
{
"resource_types": "",
"description": "Creates a new private virtual interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePrivateVirtualInterface"
},
{
"resource_types": "",
"description": "Creates a new public virtual interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePublicVirtualInterface"
},
{
"resource_types": "",
"description": "Deletes the connection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConnection"
},
{
"resource_types": "",
"description": "Deletes the specified interconnect",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInterconnect"
},
{
"resource_types": "",
"description": "Deletes a virtual interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVirtualInterface"
},
{
"resource_types": "",
"description": "Returns the LOA-CFA for a Connection",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConnectionLoa"
},
{
"resource_types": "",
"description": "Displays all connections in this region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConnections"
},
{
"resource_types": "",
"description": "Return a list of connections that have been provisioned on the given interconnect",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConnectionsOnInterconnect"
},
{
"resource_types": "",
"description": "Returns the LOA-CFA for an Interconnect",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInterconnectLoa"
},
{
"resource_types": "",
"description": "Returns a list of interconnects owned by the AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInterconnects"
},
{
"resource_types": "",
"description": "Returns the list of AWS Direct Connect locations in the current AWS region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLocations"
},
{
"resource_types": "",
"description": "Returns a list of virtual private gateways owned by the AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVirtualGateways"
},
{
"resource_types": "",
"description": "Displays all virtual interfaces for an AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVirtualInterfaces"
}
]
},
{
"service_name": "Amazon Lightsail",
"privileges": [
{
"resource_types": "StaticIp",
"description": "Allocates a static IP address",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocateStaticIp"
},
{
"resource_types": "Instance",
"description": "Attaches a static IP address to a specific Amazon Lightsail instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachStaticIp"
},
{
"resource_types": "Instance",
"description": "Closes the public ports on a specific Amazon Lightsail instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CloseInstancePublicPorts"
},
{
"resource_types": "Domain",
"description": "Creates a domain resource for the specified domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDomain"
},
{
"resource_types": "Domain",
"description": "Creates one of the following entry records associated with the domain: A record, CNAME record, TXT record, or MX record",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDomainEntry"
},
{
"resource_types": "Instance",
"description": "Creates a snapshot of a specific instance. You can use a snapshot to create a new instance that is based on that snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInstanceSnapshot"
},
{
"resource_types": "KeyPair",
"description": "Creates one or more Amazon Lightsail instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInstances"
},
{
"resource_types": "Instance",
"description": "Uses a specific snapshot as a blueprint for creating one or more new instances that are based on that identical configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInstancesFromSnapshot"
},
{
"resource_types": "KeyPair",
"description": "Creates sn SSH key pair",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateKeyPair"
},
{
"resource_types": "Domain",
"description": "Deletes the specified domain recordset and all of its domain records",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomain"
},
{
"resource_types": "Domain",
"description": "Deletes a specific domain entry",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomainEntry"
},
{
"resource_types": "Instance",
"description": "Deletes a specific Amazon Lightsail instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInstance"
},
{
"resource_types": "InstanceSnapshot",
"description": "Deletes a specific snapshot of an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInstanceSnapshot"
},
{
"resource_types": "KeyPair",
"description": "Deletes a specific SSH key pair",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteKeyPair"
},
{
"resource_types": "Instance",
"description": "Detaches a static IP from the Amazon Lightsail instance to which it is attached",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachStaticIp"
},
{
"resource_types": "KeyPair",
"description": "Downloads the default SSH key pair from the user's account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DownloadDefaultKeyPair"
},
{
"resource_types": "",
"description": "Returns the names of all active (not deleted) resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetActiveNames"
},
{
"resource_types": "",
"description": "Returns the list of available instance images, or blueprints. You can use a blueprint to create a new instance already running a specific operating system, as well as a preinstalled app or development stack. The software each instance is running depends on the blueprint image you choose",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBlueprints"
},
{
"resource_types": "",
"description": "Returns the list of bundles that are available for purchase. A bundle describes the specifications for your instance",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBundles"
},
{
"resource_types": "Domain",
"description": "Returns information about a specific domain recordset",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetDomain"
},
{
"resource_types": "Domain",
"description": "Returns a list of all domains in the user's account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDomains"
},
{
"resource_types": "Instance",
"description": "Returns information about a specific Amazon Lightsail instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstance"
},
{
"resource_types": "Instance",
"description": "Returns temporary SSH keys you can use to connect to a specific instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceAccessDetails"
},
{
"resource_types": "Instance",
"description": "Returns the data points for the specified Amazon Lightsail instance metric, given an instance name",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceMetricData"
},
{
"resource_types": "Instance",
"description": "Returns the port states for a specific instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstancePortStates"
},
{
"resource_types": "InstanceSnapshot",
"description": "Returns information about a specific instance snapshot",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceSnapshot"
},
{
"resource_types": "InstanceSnapshot",
"description": "Returns all instance snapshots for the user's account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetInstanceSnapshots"
},
{
"resource_types": "Instance",
"description": "Returns the state of a specific instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceState"
},
{
"resource_types": "Instance",
"description": "Returns information about all Amazon Lightsail instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetInstances"
},
{
"resource_types": "KeyPair",
"description": "Returns information about a specific key pair",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetKeyPair"
},
{
"resource_types": "KeyPair",
"description": "Returns information about all key pairs in the user's account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetKeyPairs"
},
{
"resource_types": "",
"description": "Returns information about a specific operation. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetOperation"
},
{
"resource_types": "",
"description": "Returns information about all operations",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetOperations"
},
{
"resource_types": "Domain",
"description": "Gets operations for a specific resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetOperationsForResource"
},
{
"resource_types": "",
"description": "Returns a list of all valid regions for Amazon Lightsail",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetRegions"
},
{
"resource_types": "StaticIp",
"description": "Returns information about a specific static IP",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetStaticIp"
},
{
"resource_types": "StaticIp",
"description": "Returns information about all static IPs in the user's account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetStaticIps"
},
{
"resource_types": "KeyPair",
"description": "Imports a public SSH key from a specific key pair",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportKeyPair"
},
{
"resource_types": "",
"description": "Returns a Boolean value indicating whether your Lightsail VPC is peered",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "IsVpcPeered"
},
{
"resource_types": "Instance",
"description": "Adds public ports to an Amazon Lightsail instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "OpenInstancePublicPorts"
},
{
"resource_types": "",
"description": "Tries to peer the Lightsail VPC with the user's default VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PeerVpc"
},
{
"resource_types": "Instance",
"description": "Restarts a specific instance. When your Amazon Lightsail instance is finished rebooting, Lightsail assigns a new public IP address. To use the same IP address after restarting, create a static IP address and attach it to the instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootInstance"
},
{
"resource_types": "StaticIp",
"description": "Deletes a specific static IP from your account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReleaseStaticIp"
},
{
"resource_types": "Instance",
"description": "Starts a specific Amazon Lightsail instance from a stopped state. To restart an instance, use the reboot instance operation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartInstance"
},
{
"resource_types": "Instance",
"description": "Stops a specific Amazon Lightsail instance that is currently running",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopInstance"
},
{
"resource_types": "",
"description": "Attempts to unpeer the Lightsail VPC from the user's default VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnpeerVpc"
},
{
"resource_types": "Domain",
"description": "Updates a domain RecordSet after it is created",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDomainEntry"
}
]
},
{
"service_name": "Amazon Lex",
"privileges": [
{
"resource_types": "bot",
"description": "Creates a new version based on the $LATEST version of the specified bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBotVersion"
},
{
"resource_types": "intent",
"description": "Creates a new version based on the $LATEST version of the specified intent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateIntentVersion"
},
{
"resource_types": "slottype",
"description": "Creates a new version based on the $LATEST version of the specified slot type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSlotTypeVersion"
},
{
"resource_types": "bot",
"description": "Deletes all versions of a bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBot"
},
{
"resource_types": "bot",
"description": "Deletes an alias for a specific bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBotAlias"
},
{
"resource_types": "channel",
"description": "Deletes the association between a Amazon Lex bot alias and a messaging platform",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBotChannelAssociation"
},
{
"resource_types": "bot",
"description": "Deletes a specific version of a bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBotVersion"
},
{
"resource_types": "intent",
"description": "Deletes all versions of an intent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIntent"
},
{
"resource_types": "intent",
"description": "Deletes a specific version of an intent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIntentVersion"
},
{
"resource_types": "slottype",
"description": "Deletes all versions of a slot type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSlotType"
},
{
"resource_types": "slottype",
"description": "Deletes a specific version of a slot type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSlotTypeVersion"
},
{
"resource_types": "bot",
"description": "Deletes the information Amazon Lex maintains for utterances on a specific bot and userId",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUtterances"
},
{
"resource_types": "bot",
"description": "Returns information for a specific bot. In addition to the bot name, the bot version or alias is required",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBot"
},
{
"resource_types": "bot",
"description": "Returns information about a Amazon Lex bot alias",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBotAlias"
},
{
"resource_types": "bot",
"description": "Returns a list of aliases for a given Amazon Lex bot",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBotAliases"
},
{
"resource_types": "channel",
"description": "Returns information about the association between a Amazon Lex bot and a messaging platform",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBotChannelAssociation"
},
{
"resource_types": "channel",
"description": "Returns a list of all of the channels associated with a single bot",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBotChannelAssociations"
},
{
"resource_types": "bot",
"description": "Returns information for all versions of a specific bot",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBotVersions"
},
{
"resource_types": "",
"description": "Returns information for the $LATEST version of all bots, subject to filters provided by the client",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetBots"
},
{
"resource_types": "",
"description": "Returns information about a built-in intent",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBuiltinIntent"
},
{
"resource_types": "",
"description": "Gets a list of built-in intents that meet the specified criteria",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBuiltinIntents"
},
{
"resource_types": "",
"description": "Gets a list of built-in slot types that meet the specified criteria",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBuiltinSlotTypes"
},
{
"resource_types": "intent",
"description": "Returns information for a specific intent. In addition to the intent name, you must also specify the intent version",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIntent"
},
{
"resource_types": "intent",
"description": "Returns information for all versions of a specific intent",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetIntentVersions"
},
{
"resource_types": "",
"description": "Returns information for the $LATEST version of all intents, subject to filters provided by the client",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetIntents"
},
{
"resource_types": "slottype",
"description": "Returns information about a specific version of a slot type. In addition to specifying the slot type name, you must also specify the slot type version",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSlotType"
},
{
"resource_types": "slottype",
"description": "Returns information for all versions of a specific slot type",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetSlotTypeVersions"
},
{
"resource_types": "",
"description": "Returns information for the $LATEST version of all slot types, subject to filters provided by the client",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetSlotTypes"
},
{
"resource_types": "bot",
"description": "Returns a view of aggregate utterance data for versions of a bot for a recent time period",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetUtterancesView"
},
{
"resource_types": "bot",
"description": "Sends user input (text or speech) to Amazon Lex",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PostContent"
},
{
"resource_types": "bot",
"description": "Sends user input (text-only) to Amazon Lex",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PostText"
},
{
"resource_types": "bot",
"description": "Creates or updates the $LATEST version of a Amazon Lex conversational bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutBot"
},
{
"resource_types": "bot",
"description": "Creates or updates an alias for the specific bot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutBotAlias"
},
{
"resource_types": "intent",
"description": "Creates or updates the $LATEST version of an intent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutIntent"
},
{
"resource_types": "slottype",
"description": "Creates or updates the $LATEST version of a slot type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutSlotType"
}
]
},
{
"service_name": "AWS Amplify",
"privileges": [
{
"resource_types": "",
"description": "Creates a new Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApp"
},
{
"resource_types": "apps",
"description": "Creates a new Branch for an Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBranch"
},
{
"resource_types": "apps",
"description": "Create a new DomainAssociation on an App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDomainAssociation"
},
{
"resource_types": "apps",
"description": "Delete an existing Aemilia App by appId",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApp"
},
{
"resource_types": "branches",
"description": "Deletes a branch for an Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBranch"
},
{
"resource_types": "domains",
"description": "Deletes a DomainAssociation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomainAssociation"
},
{
"resource_types": "jobs",
"description": "Delete a job, for an Aemilia branch, part of Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteJob"
},
{
"resource_types": "apps",
"description": "Retrieves an existing Aemilia App by appId",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetApp"
},
{
"resource_types": "branches",
"description": "Retrieves a branch for an Aemilia App",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBranch"
},
{
"resource_types": "domains",
"description": "Retrieves domain info that corresponds to an appId and domainName",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDomainAssociation"
},
{
"resource_types": "jobs",
"description": "Get a job for a branch, part of an Aemilia App",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJob"
},
{
"resource_types": "",
"description": "Lists existing Aemilia Apps",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListApps"
},
{
"resource_types": "apps",
"description": "Lists branches for an Aemilia App",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBranches"
},
{
"resource_types": "apps",
"description": "List domains with an app",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDomainAssociations"
},
{
"resource_types": "branches",
"description": "List Jobs for a branch, part of an Aemilia App",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "jobs",
"description": "Starts a new job for a branch, part of an Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartJob"
},
{
"resource_types": "jobs",
"description": "Stop a job that is in progress, for an Aemilia branch, part of Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopJob"
},
{
"resource_types": "apps",
"description": "Updates an existing Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApp"
},
{
"resource_types": "branches",
"description": "Updates a branch for an Aemilia App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateBranch"
},
{
"resource_types": "domains",
"description": "Update a DomainAssociation on an App",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDomainAssociation"
}
]
},
{
"service_name": "Amazon SQS",
"privileges": [
{
"resource_types": "queue",
"description": "Adds a permission to a queue for a specific principal",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AddPermission"
},
{
"resource_types": "queue",
"description": "Changes the visibility timeout of a specified message in a queue to a new value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ChangeMessageVisibility"
},
{
"resource_types": "queue",
"description": "Changes the visibility timeout of multiple messages",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ChangeMessageVisibilityBatch"
},
{
"resource_types": "queue",
"description": "Creates a new queue, or returns the URL of an existing one",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateQueue"
},
{
"resource_types": "queue",
"description": "Deletes the specified message from the specified queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteMessage"
},
{
"resource_types": "queue",
"description": "Deletes up to ten messages from the specified queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteMessageBatch"
},
{
"resource_types": "queue",
"description": "Deletes the queue specified by the queue URL, regardless of whether the queue is empty",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteQueue"
},
{
"resource_types": "queue",
"description": "Gets attributes for the specified queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueueAttributes"
},
{
"resource_types": "queue",
"description": "Returns the URL of an existing queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueueUrl"
},
{
"resource_types": "queue",
"description": "Returns a list of your queues that have the RedrivePolicy queue attribute configured with a dead letter queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListDeadLetterSourceQueues"
},
{
"resource_types": "queue",
"description": "Lists tags added to an SQS queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListQueueTags"
},
{
"resource_types": "",
"description": "Returns a list of your queues",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListQueues"
},
{
"resource_types": "queue",
"description": "Deletes the messages in a queue specified by the queue URL",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurgeQueue"
},
{
"resource_types": "queue",
"description": "Retrieves one or more messages, with a maximum limit of 10 messages, from the specified queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ReceiveMessage"
},
{
"resource_types": "queue",
"description": "Revokes any permissions in the queue policy that matches the specified Label parameter",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RemovePermission"
},
{
"resource_types": "queue",
"description": "Delivers a message to the specified queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendMessage"
},
{
"resource_types": "queue",
"description": "Delivers up to ten messages to the specified queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendMessageBatch"
},
{
"resource_types": "queue",
"description": "Sets the value of one or more queue attributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetQueueAttributes"
},
{
"resource_types": "queue",
"description": "Add tags to the specified SQS queue",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagQueue"
},
{
"resource_types": "queue",
"description": "Remove tags from the specified SQS queue",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagQueue"
}
]
},
{
"service_name": "AWS Marketplace",
"privileges": [
{
"resource_types": "",
"description": "Allows users to add new software subscriptions on the Your Software page",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Subscribe"
},
{
"resource_types": "",
"description": "Allows users to remove software subscriptions from the Your Software page",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Unsubscribe"
},
{
"resource_types": "",
"description": "Allows users to see subscribed software. Without this permission, no other permissions will work",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ViewSubscriptions"
}
]
},
{
"service_name": "Amazon CloudWatch Logs",
"privileges": [
{
"resource_types": "log-group",
"description": "Associates the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateKmsKey"
},
{
"resource_types": "",
"description": "Cancels an export task if it is in PENDING or RUNNING state",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelExportTask"
},
{
"resource_types": "log-group",
"description": "Creates an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateExportTask"
},
{
"resource_types": "",
"description": "Creates a new log group with the specified name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLogGroup"
},
{
"resource_types": "log-group",
"description": "Creates a new log stream with the specified name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLogStream"
},
{
"resource_types": "",
"description": "Deletes the destination with the specified name and eventually disables all the subscription filters that publish to it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDestination"
},
{
"resource_types": "log-group",
"description": "Deletes the log group with the specified name and permanently deletes all the archived log events associated with it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLogGroup"
},
{
"resource_types": "log-group",
"description": "Deletes a log stream and permanently deletes all the archived log events associated with it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLogStream"
},
{
"resource_types": "log-group",
"description": "Deletes a metric filter associated with the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteMetricFilter"
},
{
"resource_types": "",
"description": "Deletes a resource policy from this account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteResourcePolicy"
},
{
"resource_types": "log-group",
"description": "Deletes the retention policy of the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRetentionPolicy"
},
{
"resource_types": "log-group",
"description": "Deletes a subscription filter associated with the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSubscriptionFilter"
},
{
"resource_types": "",
"description": "Returns all the destinations that are associated with the AWS account making the request",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDestinations"
},
{
"resource_types": "",
"description": "Returns all the export tasks that are associated with the AWS account making the request",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeExportTasks"
},
{
"resource_types": "log-group",
"description": "Returns all the log groups that are associated with the AWS account making the request",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLogGroups"
},
{
"resource_types": "log-group",
"description": "Returns all the log streams that are associated with the specified log group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLogStreams"
},
{
"resource_types": "log-group",
"description": "Returns all the metrics filters associated with the specified log group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeMetricFilters"
},
{
"resource_types": "",
"description": "Returns a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account. You can request all queries, or limit it to queries of a specific log group or queries with a certain status",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeQueries"
},
{
"resource_types": "",
"description": "Return all the resource policies in this account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeResourcePolicies"
},
{
"resource_types": "log-group",
"description": "Returns all the subscription filters associated with the specified log group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSubscriptionFilters"
},
{
"resource_types": "log-group",
"description": "Disassociates the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateKmsKey"
},
{
"resource_types": "log-group",
"description": "Retrieves log events, optionally filtered by a filter pattern from the specified log group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "FilterLogEvents"
},
{
"resource_types": "log-group",
"description": "Retrieves log events from the specified log stream",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLogEvents"
},
{
"resource_types": "log-group",
"description": "Returns a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field. The search is limited to a time period that you specify",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLogGroupFields"
},
{
"resource_types": "",
"description": "Retrieves all the fields and values of a single log event. All fields are retrieved, even if the original query that produced the logRecordPointer retrieved only a subset of fields. Fields are returned as field name/field value pairs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLogRecord"
},
{
"resource_types": "",
"description": "Returns the results from the specified query. If the query is in progress, partial results of that current execution are returned. Only the fields requested in the query are returned",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryResults"
},
{
"resource_types": "log-group",
"description": "Lists the tags for the specified log group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsLogGroup"
},
{
"resource_types": "",
"description": "Creates or updates a Destination",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutDestination"
},
{
"resource_types": "",
"description": "Creates or updates an access policy associated with an existing Destination",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutDestinationPolicy"
},
{
"resource_types": "log-group",
"description": "Uploads a batch of log events to the specified log stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutLogEvents"
},
{
"resource_types": "log-group",
"description": "Creates or updates a metric filter and associates it with the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutMetricFilter"
},
{
"resource_types": "",
"description": "Creates or updates a resource policy allowing other AWS services to put log events to this account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutResourcePolicy"
},
{
"resource_types": "log-group",
"description": "Sets the retention of the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutRetentionPolicy"
},
{
"resource_types": "log-group",
"description": "Creates or updates a subscription filter and associates it with the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutSubscriptionFilter"
},
{
"resource_types": "log-group",
"description": "Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group and time range to query, and the query string to use",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "StartQuery"
},
{
"resource_types": "",
"description": "Stops a CloudWatch Logs Insights query that is in progress. If the query has already ended, the operation returns an error indicating that the specified query is not running",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "StopQuery"
},
{
"resource_types": "log-group",
"description": "Adds or updates the specified tags for the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagLogGroup"
},
{
"resource_types": "",
"description": "Tests the filter pattern of a metric filter against a sample of log event messages",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "TestMetricFilter"
},
{
"resource_types": "log-group",
"description": "Removes the specified tags from the specified log group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UntagLogGroup"
}
]
},
{
"service_name": "Amazon Redshift",
"privileges": [
{
"resource_types": "securitygroup",
"description": "Adds an inbound (ingress) rule to an Amazon Redshift security group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AuthorizeClusterSecurityGroupIngress"
},
{
"resource_types": "snapshot",
"description": "Authorizes the specified AWS customer account to restore the specified snapshot",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AuthorizeSnapshotAccess"
},
{
"resource_types": "",
"description": "Controls whether a user can see queries in the Amazon Redshift console in the Queries tab of the Cluster section",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelQuerySession"
},
{
"resource_types": "snapshot",
"description": "Copies the specified automated cluster snapshot to a new manual cluster snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyClusterSnapshot"
},
{
"resource_types": "cluster",
"description": "Creates a new cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCluster"
},
{
"resource_types": "parametergroup",
"description": "Creates an Amazon Redshift parameter group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateClusterParameterGroup"
},
{
"resource_types": "securitygroup",
"description": "Creates a new Amazon Redshift security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateClusterSecurityGroup"
},
{
"resource_types": "snapshot",
"description": "Creates a manual snapshot of the specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateClusterSnapshot"
},
{
"resource_types": "subnetgroup",
"description": "Creates a new Amazon Redshift subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateClusterSubnetGroup"
},
{
"resource_types": "dbuser",
"description": "Give permission to auto create the specified redshift user if it does not exist",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreateClusterUser"
},
{
"resource_types": "eventsubscription",
"description": "Creates an Amazon Redshift event notification subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEventSubscription"
},
{
"resource_types": "hsmclientcertificate",
"description": "Creates an HSM client certificate that an Amazon Redshift cluster will use to connect to the client's HSM in order to store and retrieve the keys used to encrypt the cluster databases",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHsmClientCertificate"
},
{
"resource_types": "hsmconfiguration",
"description": "Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to store and use database encryption keys in a Hardware Security Module (HSM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHsmConfiguration"
},
{
"resource_types": "snapshotcopygrant",
"description": "Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from AWS Key Management Service (AWS KMS) to encrypt copied snapshots in a destination region",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreateSnapshotCopyGrant"
},
{
"resource_types": "",
"description": "Adds one or more tags to a specified resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateTags"
},
{
"resource_types": "cluster",
"description": "Deletes a previously provisioned cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCluster"
},
{
"resource_types": "parametergroup",
"description": "Deletes a specified Amazon Redshift parameter group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteClusterParameterGroup"
},
{
"resource_types": "securitygroup",
"description": "Deletes an Amazon Redshift security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteClusterSecurityGroup"
},
{
"resource_types": "snapshot",
"description": "Deletes the specified manual snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteClusterSnapshot"
},
{
"resource_types": "subnetgroup",
"description": "Deletes the specified cluster subnet group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteClusterSubnetGroup"
},
{
"resource_types": "eventsubscription",
"description": "Deletes an Amazon Redshift event notification subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEventSubscription"
},
{
"resource_types": "hsmclientcertificate",
"description": "Deletes the specified HSM client certificate",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHsmClientCertificate"
},
{
"resource_types": "hsmconfiguration",
"description": "Deletes the specified Amazon Redshift HSM configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHsmConfiguration"
},
{
"resource_types": "snapshotcopygrant",
"description": "Deletes the specified snapshot copy grant",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSnapshotCopyGrant"
},
{
"resource_types": "",
"description": "Deletes a tag or tags from a resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "",
"description": "Returns a list of Amazon Redshift parameter groups, including parameter groups you created and the default parameter group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterParameterGroups"
},
{
"resource_types": "parametergroup",
"description": "Returns a detailed list of parameters contained within the specified Amazon Redshift parameter group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterParameters"
},
{
"resource_types": "",
"description": "Returns information about Amazon Redshift security groups",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterSecurityGroups"
},
{
"resource_types": "",
"description": "Returns one or more snapshot objects, which contain metadata about your cluster snapshots",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterSnapshots"
},
{
"resource_types": "",
"description": "Returns one or more cluster subnet group objects, which contain metadata about your cluster subnet groups",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterSubnetGroups"
},
{
"resource_types": "",
"description": "Returns descriptions of the available Amazon Redshift cluster versions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusterVersions"
},
{
"resource_types": "",
"description": "Returns properties of provisioned clusters including general cluster properties, cluster database properties, maintenance and backup properties, and security and access properties",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeClusters"
},
{
"resource_types": "",
"description": "Returns a list of parameter settings for the specified parameter group family",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDefaultClusterParameters"
},
{
"resource_types": "",
"description": "Displays a list of event categories for all event source types, or for a specified source type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventCategories"
},
{
"resource_types": "",
"description": "Lists descriptions of all the Amazon Redshift event notifications subscription for a customer account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventSubscriptions"
},
{
"resource_types": "",
"description": "Returns events related to clusters, security groups, snapshots, and parameter groups for the past 14 days",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEvents"
},
{
"resource_types": "",
"description": "Returns information about the specified HSM client certificate",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHsmClientCertificates"
},
{
"resource_types": "",
"description": "Returns information about the specified Amazon Redshift HSM configuration",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHsmConfigurations"
},
{
"resource_types": "cluster",
"description": "Describes whether information, such as queries and connection attempts, is being logged for the specified Amazon Redshift cluster",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLoggingStatus"
},
{
"resource_types": "",
"description": "Returns a list of orderable cluster options",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOrderableClusterOptions"
},
{
"resource_types": "",
"description": "Returns a list of the available reserved node offerings by Amazon Redshift with their descriptions including the node type, the fixed and recurring costs of reserving the node and duration the node will be reserved for you",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReservedNodeOfferings"
},
{
"resource_types": "",
"description": "Returns the descriptions of the reserved nodes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReservedNodes"
},
{
"resource_types": "cluster",
"description": "Returns information about the last resize operation for the specified cluster",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeResize"
},
{
"resource_types": "",
"description": "Returns a list of snapshot copy grants owned by the AWS account in the destination region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSnapshotCopyGrants"
},
{
"resource_types": "",
"description": "Lists the status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTableRestoreStatus"
},
{
"resource_types": "",
"description": "Returns a list of tags",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "cluster",
"description": "Stops logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableLogging"
},
{
"resource_types": "cluster",
"description": "Disables the automatic copying of snapshots from one region to another region for a specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableSnapshotCopy"
},
{
"resource_types": "cluster",
"description": "Starts logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableLogging"
},
{
"resource_types": "cluster",
"description": "Enables the automatic copy of snapshots from one region to another region for a specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableSnapshotCopy"
},
{
"resource_types": "dbuser",
"description": "Get a temporary cluster credential for the specified redshift user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GetClusterCredentials"
},
{
"resource_types": "dbgroup",
"description": "Give permission to join the specified redshift groups",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "JoinGroup"
},
{
"resource_types": "cluster",
"description": "Modifies the settings for a cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyCluster"
},
{
"resource_types": "cluster",
"description": "Modifies the list of AWS Identity and Access Management (IAM) roles that can be used by the cluster to access other AWS services",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "ModifyClusterIamRoles"
},
{
"resource_types": "parametergroup",
"description": "Modifies the parameters of a parameter group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyClusterParameterGroup"
},
{
"resource_types": "subnetgroup",
"description": "Modifies a cluster subnet group to include the specified list of VPC subnets",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyClusterSubnetGroup"
},
{
"resource_types": "eventsubscription",
"description": "Modifies an existing Amazon Redshift event notification subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyEventSubscription"
},
{
"resource_types": "cluster",
"description": "Modifies the number of days to retain automated snapshots in the destination region after they are copied from the source region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifySnapshotCopyRetentionPeriod"
},
{
"resource_types": "",
"description": "Allows you to purchase reserved nodes. Amazon Redshift offers a predefined set of reserved node offerings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseReservedNodeOffering"
},
{
"resource_types": "cluster",
"description": "Reboots a cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootCluster"
},
{
"resource_types": "parametergroup",
"description": "Sets one or more parameters of the specified parameter group to their default values and sets the source values of the parameters to \"engine-default",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetClusterParameterGroup"
},
{
"resource_types": "snapshot",
"description": "Creates a new cluster from a snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreFromClusterSnapshot"
},
{
"resource_types": "cluster",
"description": "Creates a new table from a table in an Amazon Redshift cluster snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreTableFromClusterSnapshot"
},
{
"resource_types": "securitygroup",
"description": "Revokes an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RevokeClusterSecurityGroupIngress"
},
{
"resource_types": "snapshot",
"description": "Removes the ability of the specified AWS customer account to restore the specified snapshot",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RevokeSnapshotAccess"
},
{
"resource_types": "cluster",
"description": "Rotates the encryption keys for a cluster",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RotateEncryptionKey"
},
{
"resource_types": "",
"description": "Controls whether a user can terminate running queries and loads from the Cluster section in the Amazon Redshift console",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ViewQueriesInConsole"
}
]
},
{
"service_name": "Amazon Glacier",
"privileges": [
{
"resource_types": "vault",
"description": "Aborts a multipart upload identified by the upload ID",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AbortMultipartUpload"
},
{
"resource_types": "vault",
"description": "Aborts the vault locking process if the vault lock is not in the Locked state",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AbortVaultLock"
},
{
"resource_types": "vault",
"description": "Adds the specified tags to a vault",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToVault"
},
{
"resource_types": "vault",
"description": "Completes a multipart upload process",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CompleteMultipartUpload"
},
{
"resource_types": "vault",
"description": "Completes the vault locking process",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CompleteVaultLock"
},
{
"resource_types": "vault",
"description": "Creates a new vault with the specified name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVault"
},
{
"resource_types": "vault",
"description": "Deletes an archive from a vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteArchive"
},
{
"resource_types": "vault",
"description": "Deletes a vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVault"
},
{
"resource_types": "vault",
"description": "Deletes the access policy associated with the specified vault",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteVaultAccessPolicy"
},
{
"resource_types": "vault",
"description": "Deletes the notification configuration set for a vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVaultNotifications"
},
{
"resource_types": "vault",
"description": "Returns information about a job you previously initiated",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeJob"
},
{
"resource_types": "vault",
"description": "Returns information about a vault",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeVault"
},
{
"resource_types": "",
"description": "Returns the current data retrieval policy for the account and region specified in the GET request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDataRetrievalPolicy"
},
{
"resource_types": "vault",
"description": "Downloads the output of the job you initiated",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJobOutput"
},
{
"resource_types": "vault",
"description": "Retrieves the access-policy subresource set on the vault",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetVaultAccessPolicy"
},
{
"resource_types": "vault",
"description": "Retrieves attributes from the lock-policy subresource set on the specified vault",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetVaultLock"
},
{
"resource_types": "vault",
"description": "Retrieves the notification-configuration subresource set on the vault",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetVaultNotifications"
},
{
"resource_types": "vault",
"description": "Initiates a job of the specified type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InitiateJob"
},
{
"resource_types": "vault",
"description": "Initiates a multipart upload",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InitiateMultipartUpload"
},
{
"resource_types": "vault",
"description": "Initiates the vault locking process",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "InitiateVaultLock"
},
{
"resource_types": "vault",
"description": "Lists jobs for a vault that are in-progress and jobs that have recently finished",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "vault",
"description": "Lists in-progress multipart uploads for the specified vault",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMultipartUploads"
},
{
"resource_types": "vault",
"description": "Lists the parts of an archive that have been uploaded in a specific multipart upload",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListParts"
},
{
"resource_types": "",
"description": "This operation lists the provisioned capacity for the specified AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProvisionedCapacity"
},
{
"resource_types": "vault",
"description": "Lists all the tags attached to a vault",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForVault"
},
{
"resource_types": "",
"description": "Lists all vaults",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListVaults"
},
{
"resource_types": "",
"description": "This operation purchases a provisioned capacity unit for an AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseProvisionedCapacity"
},
{
"resource_types": "vault",
"description": "Removes one or more tags from the set of tags attached to a vault",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromVault"
},
{
"resource_types": "",
"description": "Sets and then enacts a data retrieval policy in the region specified in the PUT request",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "SetDataRetrievalPolicy"
},
{
"resource_types": "vault",
"description": "Configures an access policy for a vault and will overwrite an existing policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "SetVaultAccessPolicy"
},
{
"resource_types": "vault",
"description": "Configures vault notifications",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetVaultNotifications"
},
{
"resource_types": "vault",
"description": "Adds an archive to a vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadArchive"
},
{
"resource_types": "vault",
"description": "Uploads a part of an archive",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadMultipartPart"
}
]
},
{
"service_name": "Amazon Kinesis Firehose",
"privileges": [
{
"resource_types": "deliverystream",
"description": "Creates a delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDeliveryStream"
},
{
"resource_types": "deliverystream",
"description": "Deletes a delivery stream and its data",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDeliveryStream"
},
{
"resource_types": "deliverystream",
"description": "Describes the specified delivery stream and gets the status",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDeliveryStream"
},
{
"resource_types": "",
"description": "Lists your delivery streams",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDeliveryStreams"
},
{
"resource_types": "deliverystream",
"description": "Lists the tags for the specified delivery stream",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForDeliveryStream"
},
{
"resource_types": "deliverystream",
"description": "Writes a single data record into an Amazon Kinesis Firehose delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutRecord"
},
{
"resource_types": "deliverystream",
"description": "Writes multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutRecordBatch"
},
{
"resource_types": "deliverystream",
"description": "Enables server-side encryption (SSE) for the delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDeliveryStreamEncryption"
},
{
"resource_types": "deliverystream",
"description": "Disables the specified destination of the specified delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopDeliveryStreamEncryption"
},
{
"resource_types": "deliverystream",
"description": "Adds or updates tags for the specified delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagDeliveryStream"
},
{
"resource_types": "deliverystream",
"description": "Removes tags from the specified delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UntagDeliveryStream"
},
{
"resource_types": "deliverystream",
"description": "Updates the specified destination of the specified delivery stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDestination"
}
]
},
{
"service_name": "AWS Security Hub",
"privileges": [
{
"resource_types": "",
"description": "Accepts the invitation to be monitored by a master Security Hub account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptInvitation"
},
{
"resource_types": "standards-subscription",
"description": "Disables the standards specified by the standards subscription ARNs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchDisableStandards"
},
{
"resource_types": "standard",
"description": "Enables the standards specified by the standards ARNs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchEnableStandards"
},
{
"resource_types": "",
"description": "Imports security findings that are generated by the integrated third-party products into Security Hub",
"condition_keys": [
"securityhub:TargetAccount"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchImportFindings"
},
{
"resource_types": "",
"description": "Creates an insight, which is a collection of related findings defined by an aggregation statement and optional filters",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInsight"
},
{
"resource_types": "",
"description": "Creates member Security Hub accounts in the current AWS account (which becomes the master Security Hub account) that has Security Hub enabled",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateMembers"
},
{
"resource_types": "",
"description": "Declines invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by the account IDs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeclineInvitations"
},
{
"resource_types": "insight",
"description": "Deletes an insight that is specified by the insight ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInsight"
},
{
"resource_types": "",
"description": "Deletes invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by their account IDs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInvitations"
},
{
"resource_types": "",
"description": "Deletes the Security Hub member accounts that are specified by the account IDs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteMembers"
},
{
"resource_types": "product",
"description": "Stops you from being able to import findings generated by the integrated third-party providers into Security Hub",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableImportFindingsForProduct"
},
{
"resource_types": "",
"description": "Disables the AWS Security Hub Service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableSecurityHub"
},
{
"resource_types": "",
"description": "Disassociates the current Security Hub member account from its master account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateFromMasterAccount"
},
{
"resource_types": "",
"description": "Disassociates the Security Hub member accounts that are specified by the account IDs from their master account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateMembers"
},
{
"resource_types": "product",
"description": "Enables you to import findings generated by the integrated third-party providers into Security Hub",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableImportFindingsForProduct"
},
{
"resource_types": "",
"description": "Enables the AWS Security Hub service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableSecurityHub"
},
{
"resource_types": "",
"description": "Lists and describes enabled standards",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetEnabledStandards"
},
{
"resource_types": "",
"description": "Lists and describes Security Hub-aggregated findings that are specified by filter attributes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFindings"
},
{
"resource_types": "insight",
"description": "Lists the results of the Security Hub insight specified by the insight ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInsightResults"
},
{
"resource_types": "insight",
"description": "Lists and describes insights that are specified by insight ARNs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetInsights"
},
{
"resource_types": "",
"description": "Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInvitationsCount"
},
{
"resource_types": "",
"description": "Provides the details for the Security Hub master account to the current member account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMasterAccount"
},
{
"resource_types": "",
"description": "Returns the details on the Security Hub member accounts that are specified by the account IDs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMembers"
},
{
"resource_types": "",
"description": "Invites other AWS accounts to enable Security Hub and become Security Hub member accounts. When an account accepts the invitation and becomes a member account, the master account can view and manage the Security Hub findings of the member account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InviteMembers"
},
{
"resource_types": "",
"description": "Lists all Security Hub integrated third-party findings providers",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEnabledProductsForImport"
},
{
"resource_types": "",
"description": "Lists all Security Hub membership invitations that were sent to the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInvitations"
},
{
"resource_types": "",
"description": "Lists details about all member accounts for the current Security Hub master account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMembers"
},
{
"resource_types": "",
"description": "Updates the AWS Security Hub-aggregated findings specified by the filter attributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFindings"
},
{
"resource_types": "insight",
"description": "Updates the AWS Security Hub insight specified by the insight ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateInsight"
}
]
},
{
"service_name": "Amazon GroundTruth Labeling",
"privileges": [
{
"resource_types": "",
"description": "Get status of GroundTruthLabeling Jobs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConsoleJob"
},
{
"resource_types": "",
"description": "Paginated list api to list dataset objects in a manifest file",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListDatasetObjects"
},
{
"resource_types": "",
"description": "Filter records from a manifest file using S3 select. Get Sample entries based on random sampling",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RunFilterOrSampleDatasetJob"
},
{
"resource_types": "",
"description": "List a S3 prefix and create manifest files from objects in there",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RunGenerateManifestByCrawlingJob"
}
]
},
{
"service_name": "AWS Artifact",
"privileges": [
{
"resource_types": "agreement",
"description": "Grants permission to accept an AWS agreement that has not yet been accepted by the customer account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptAgreement"
},
{
"resource_types": "agreement",
"description": "Grants permission to download an AWS agreement that has not yet been accepted or a customer agreement that has been accepted by the customer account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DownloadAgreement"
},
{
"resource_types": "report-package",
"description": "Grants permission to download an AWS compliance report package",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Get"
},
{
"resource_types": "customer-agreement",
"description": "Grants permission to terminate a customer agreement that was previously accepted by the customer account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateAgreement"
}
]
},
{
"service_name": "AWS Billing",
"privileges": [
{
"resource_types": "",
"description": "Allow or deny IAM users permission to modify Account Settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyAccount"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to modify billing settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyBilling"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to modify payment methods",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyPaymentMethods"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to view account settings",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ViewAccount"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to view billing pages in the console",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ViewBilling"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to view payment methods",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ViewPaymentMethods"
},
{
"resource_types": "",
"description": "Allow or deny IAM users permission to view AWS usage reports",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ViewUsage"
}
]
},
{
"service_name": "Amazon CloudWatch",
"privileges": [
{
"resource_types": "",
"description": "Deletes all specified alarms. In the event of an error, no alarms are deleted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAlarms"
},
{
"resource_types": "",
"description": "Deletes all CloudWatch dashboards that you specify",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDashboards"
},
{
"resource_types": "",
"description": "Retrieves history for the specified alarm",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAlarmHistory"
},
{
"resource_types": "",
"description": "Retrieves alarms with the specified names",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAlarms"
},
{
"resource_types": "",
"description": "Retrieves all alarms for a single metric",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAlarmsForMetric"
},
{
"resource_types": "",
"description": "Disables actions for the specified alarms",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableAlarmActions"
},
{
"resource_types": "",
"description": "Enables actions for the specified alarms",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableAlarmActions"
},
{
"resource_types": "",
"description": "Displays the details of the CloudWatch dashboard you specify",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDashboard"
},
{
"resource_types": "",
"description": "Required to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMetricData"
},
{
"resource_types": "",
"description": "Gets statistics for the specified metric",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMetricStatistics"
},
{
"resource_types": "",
"description": "Required to retrieve snapshots of metric widgets",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMetricWidgetImage"
},
{
"resource_types": "",
"description": "Returns a list of all CloudWatch dashboards in your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDashboards"
},
{
"resource_types": "",
"description": "Returns a list of valid metrics stored for the AWS account owner",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMetrics"
},
{
"resource_types": "",
"description": "Creates a CloudWatch dashboard, or updates an existing dashboard if it already exists",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutDashboard"
},
{
"resource_types": "",
"description": "Creates or updates an alarm and associates it with the specified Amazon CloudWatch metric",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutMetricAlarm"
},
{
"resource_types": "",
"description": "Publishes metric data points to Amazon CloudWatch",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutMetricData"
},
{
"resource_types": "",
"description": "Temporarily sets the state of an alarm for testing purposes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetAlarmState"
}
]
},
{
"service_name": "AWS Health APIs and Notifications",
"privileges": [
{
"resource_types": "event",
"description": "Gets a list of entities that have been affected by the specified events",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAffectedEntities"
},
{
"resource_types": "",
"description": "Returns the number of entities that are affected by each of the specified events",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEntityAggregates"
},
{
"resource_types": "",
"description": "Returns the number of events of each event type (issue, scheduled change, and account notification",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventAggregates"
},
{
"resource_types": "event",
"description": "Returns detailed information about one or more specified events",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventDetails"
},
{
"resource_types": "",
"description": "Returns the event types that meet the specified filter criteria",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventTypes"
},
{
"resource_types": "",
"description": "Returns information about events that meet the specified filter criteria",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEvents"
}
]
},
{
"service_name": "AWS Cloud9",
"privileges": [
{
"resource_types": "",
"description": "Creates an AWS Cloud9 development environment, launches an Amazon Elastic Compute Cloud (Amazon EC2) instance, and then hosts the environment on the instance",
"condition_keys": [
"cloud9:EnvironmentName",
"cloud9:InstanceType",
"cloud9:SubnetId",
"cloud9:UserArn"
],
"access_level": "Write",
"dependent_actions": [
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"iam:CreateServiceLinkedRole"
],
"privilege": "CreateEnvironmentEC2"
},
{
"resource_types": "",
"description": "Adds an environment member to an AWS Cloud9 development environment",
"condition_keys": [
"cloud9:UserArn",
"cloud9:EnvironmentId",
"cloud9:Permissions"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEnvironmentMembership"
},
{
"resource_types": "environment",
"description": "Deletes an AWS Cloud9 development environment. If the environment is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance, also terminates the instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"iam:CreateServiceLinkedRole"
],
"privilege": "DeleteEnvironment"
},
{
"resource_types": "",
"description": "Deletes an environment member from an AWS Cloud9 development environment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEnvironmentMembership"
},
{
"resource_types": "",
"description": "Gets information about environment members for an AWS Cloud9 development environment",
"condition_keys": [
"cloud9:UserArn",
"cloud9:EnvironmentId"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEnvironmentMemberships"
},
{
"resource_types": "",
"description": "Gets status information for an AWS Cloud9 development environment",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEnvironmentStatus"
},
{
"resource_types": "environment",
"description": "Gets information about AWS Cloud9 development environments",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEnvironments"
},
{
"resource_types": "",
"description": "Gets a list of AWS Cloud9 development environment identifiers",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListEnvironments"
},
{
"resource_types": "environment",
"description": "Changes the settings of an existing AWS Cloud9 development environment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEnvironment"
},
{
"resource_types": "",
"description": "Changes the settings of an existing environment member for an AWS Cloud9 development environment",
"condition_keys": [
"cloud9:UserArn",
"cloud9:EnvironmentId",
"cloud9:Permissions"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEnvironmentMembership"
}
]
},
{
"service_name": "AWS Directory Service",
"privileges": [
{
"resource_types": "",
"description": "Accepts a directory sharing request that was sent from the directory owner account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptSharedDirectory"
},
{
"resource_types": "",
"description": "Adds a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeSecurityGroups"
],
"privilege": "AddIpRoutes"
},
{
"resource_types": "",
"description": "Adds or overwrites one or more tags for the specified Amazon Directory Services directory",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToResource"
},
{
"resource_types": "",
"description": "Cancels an in-progress schema extension to a Microsoft AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelSchemaExtension"
},
{
"resource_types": "",
"description": "Creates an AD Connector to connect to an on-premises directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"privilege": "ConnectDirectory"
},
{
"resource_types": "",
"description": "Creates an alias for a directory and assigns the alias to the directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlias"
},
{
"resource_types": "",
"description": "Creates a computer account in the specified directory, and joins the computer to the directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateComputer"
},
{
"resource_types": "",
"description": "Creates a conditional forwarder associated with your AWS directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConditionalForwarder"
},
{
"resource_types": "",
"description": "Creates a Simple AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"privilege": "CreateDirectory"
},
{
"resource_types": "",
"description": "Creates a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLogSubscription"
},
{
"resource_types": "",
"description": "Creates a Microsoft AD in the AWS cloud",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"privilege": "CreateMicrosoftAD"
},
{
"resource_types": "",
"description": "Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSnapshot"
},
{
"resource_types": "",
"description": "Initiates the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrust"
},
{
"resource_types": "",
"description": "Deletes a conditional forwarder that has been set up for your AWS directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConditionalForwarder"
},
{
"resource_types": "",
"description": "Deletes an AWS Directory Service directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"privilege": "DeleteDirectory"
},
{
"resource_types": "",
"description": "Deletes the specified log subscription",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLogSubscription"
},
{
"resource_types": "",
"description": "Deletes a directory snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSnapshot"
},
{
"resource_types": "",
"description": "Deletes an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTrust"
},
{
"resource_types": "",
"description": "Removes the specified directory as a publisher to the specified SNS topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterEventTopic"
},
{
"resource_types": "",
"description": "Obtains information about the conditional forwarders for this account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConditionalForwarders"
},
{
"resource_types": "",
"description": "Obtains information about the directories that belong to this account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDirectories"
},
{
"resource_types": "",
"description": "Provides information about any domain controllers in your directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDomainControllers"
},
{
"resource_types": "",
"description": "Obtains information about which SNS topics receive status messages from the specified directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEventTopics"
},
{
"resource_types": "",
"description": "Returns the shared directories in your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSharedDirectories"
},
{
"resource_types": "",
"description": "Obtains information about the directory snapshots that belong to this account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSnapshots"
},
{
"resource_types": "",
"description": "Obtains information about the trust relationships for this account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrusts"
},
{
"resource_types": "",
"description": "Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableRadius"
},
{
"resource_types": "",
"description": "Disables single-sign on for a directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableSso"
},
{
"resource_types": "",
"description": "Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableRadius"
},
{
"resource_types": "",
"description": "Enables single-sign on for a directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableSso"
},
{
"resource_types": "",
"description": "Obtains directory limit information for the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDirectoryLimits"
},
{
"resource_types": "",
"description": "Obtains the manual snapshot limits for a directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSnapshotLimits"
},
{
"resource_types": "",
"description": "Lists the address blocks that you have added to a directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListIpRoutes"
},
{
"resource_types": "",
"description": "Lists the active log subscriptions for the AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListLogSubscriptions"
},
{
"resource_types": "",
"description": "Lists all schema extensions applied to a Microsoft AD Directory",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSchemaExtensions"
},
{
"resource_types": "",
"description": "Lists all tags on an Amazon Directory Services directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Associates a directory with an SNS topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"sns:GetTopicAttributes"
],
"privilege": "RegisterEventTopic"
},
{
"resource_types": "",
"description": "Rejects a directory sharing request that was sent from the directory owner account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RejectSharedDirectory"
},
{
"resource_types": "",
"description": "Removes IP address blocks from a directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveIpRoutes"
},
{
"resource_types": "",
"description": "Removes tags from an Amazon Directory Services directory",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromResource"
},
{
"resource_types": "",
"description": "Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetUserPassword"
},
{
"resource_types": "",
"description": "Restores a directory using an existing directory snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreFromSnapshot"
},
{
"resource_types": "",
"description": "Shares a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ShareDirectory"
},
{
"resource_types": "",
"description": "Applies a schema extension to a Microsoft AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartSchemaExtension"
},
{
"resource_types": "",
"description": "Stops the directory sharing between the directory owner and consumer accounts",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnshareDirectory"
},
{
"resource_types": "",
"description": "Updates a conditional forwarder that has been set up for your AWS directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConditionalForwarder"
},
{
"resource_types": "",
"description": "Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateNumberOfDomainControllers"
},
{
"resource_types": "",
"description": "Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRadius"
},
{
"resource_types": "",
"description": "Verifies a trust relationship between your Microsoft AD in the AWS cloud and an external domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyTrust"
}
]
},
{
"service_name": "AWS Elemental MediaStore",
"privileges": [
{
"resource_types": "",
"description": "Creates a storage container",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateContainer"
},
{
"resource_types": "",
"description": "Deletes a storage container",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteContainer"
},
{
"resource_types": "",
"description": "Deletes a container storage policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteContainerPolicy"
},
{
"resource_types": "",
"description": "Deletes an object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteObject"
},
{
"resource_types": "",
"description": "Retrieves details of a specific container",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeContainer"
},
{
"resource_types": "",
"description": "Retrieves an objects metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeObject"
},
{
"resource_types": "",
"description": "Retrieves a container resource policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetContainerPolicy"
},
{
"resource_types": "",
"description": "Retrieves an object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetObject"
},
{
"resource_types": "",
"description": "Retrieves a list of storage containers",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListContainers"
},
{
"resource_types": "",
"description": "Retrieves a list of items like objects or folders",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListItems"
},
{
"resource_types": "",
"description": "Adds or modifies a container resource policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutContainerPolicy"
},
{
"resource_types": "",
"description": "Uploads an object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutObject"
}
]
},
{
"service_name": "AWS Support",
"privileges": [
{
"resource_types": "",
"description": "Adds one or more attachments to an attachment set. If an attachmentSetId is not specified, a new attachment set is created",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddAttachmentsToSet"
},
{
"resource_types": "",
"description": "Adds additional customer communication to an AWS Support case",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddCommunicationToCase"
},
{
"resource_types": "",
"description": "Creates a new case in the AWS Support Center",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCase"
},
{
"resource_types": "",
"description": "Returns a description of an attachment",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAttachment"
},
{
"resource_types": "",
"description": "Returns a list of cases that matches the given inputs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeCases"
},
{
"resource_types": "",
"description": "Returns the communications (and attachments) for one or more support cases",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCommunications"
},
{
"resource_types": "",
"description": "Returns the current list of AWS services and a list of service categories that applies to each one",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeServices"
},
{
"resource_types": "",
"description": "Returns the list of severity levels that can be assigned to an AWS Support case",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSeverityLevels"
},
{
"resource_types": "",
"description": "Returns the refresh status of the Trusted Advisor checks that have the specified check identifiers",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrustedAdvisorCheckRefreshStatuses"
},
{
"resource_types": "",
"description": "Returns the results of the Trusted Advisor check that has the specified check identifier",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrustedAdvisorCheckResult"
},
{
"resource_types": "",
"description": "Returns the summaries of the results of the Trusted Advisor checks that have the specified check identifiers",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrustedAdvisorCheckSummaries"
},
{
"resource_types": "",
"description": "Returns information about all available Trusted Advisor checks, including name, ID, category, description, and metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrustedAdvisorChecks"
},
{
"resource_types": "",
"description": "Requests a refresh of the Trusted Advisor check that has the specified check ID",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RefreshTrustedAdvisorCheck"
},
{
"resource_types": "",
"description": "Resolves a case",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResolveCase"
}
]
},
{
"service_name": "Amazon Cloud Directory",
"privileges": [
{
"resource_types": "directory",
"description": "Adds a new Facet to an object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddFacetToObject"
},
{
"resource_types": "directory",
"description": "Copies input published schema into Directory with same name and version as that of published schema",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ApplySchema"
},
{
"resource_types": "directory",
"description": "Attaches an existing object to another existing object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachObject"
},
{
"resource_types": "directory",
"description": "Attaches a policy object to any other object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachPolicy"
},
{
"resource_types": "directory",
"description": "Attaches the specified object to the specified index",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachToIndex"
},
{
"resource_types": "directory",
"description": "Attaches a typed link b/w a source & target object reference",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachTypedLink"
},
{
"resource_types": "directory",
"description": "Performs all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchRead"
},
{
"resource_types": "directory",
"description": "Performs all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchWrite"
},
{
"resource_types": "publishedSchema",
"description": "Creates a Directory by copying the published schema into the directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDirectory"
},
{
"resource_types": "appliedSchema",
"description": "Creates a new Facet in a schema",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFacet"
},
{
"resource_types": "directory",
"description": "Creates an index object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateIndex"
},
{
"resource_types": "directory",
"description": "Creates an object in a Directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateObject"
},
{
"resource_types": "",
"description": "Creates a new schema in a development state",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSchema"
},
{
"resource_types": "appliedSchema",
"description": "Creates a new Typed Link facet in a schema",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTypedLinkFacet"
},
{
"resource_types": "directory",
"description": "Deletes a directory. Only disabled directories can be deleted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDirectory"
},
{
"resource_types": "developmentSchema",
"description": "Deletes a given Facet. All attributes and Rules associated with the facet will be deleted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFacet"
},
{
"resource_types": "directory",
"description": "Deletes an object and its associated attributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteObject"
},
{
"resource_types": "developmentSchema",
"description": "Deletes a given schema",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSchema"
},
{
"resource_types": "developmentSchema",
"description": "Deletes a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTypedLinkFacet"
},
{
"resource_types": "directory",
"description": "Detaches the specified object from the specified index",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachFromIndex"
},
{
"resource_types": "directory",
"description": "Detaches a given object from the parent object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachObject"
},
{
"resource_types": "directory",
"description": "Detaches a policy from an object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachPolicy"
},
{
"resource_types": "directory",
"description": "Detaches a given typed link b/w given source and target object reference",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachTypedLink"
},
{
"resource_types": "directory",
"description": "Disables the specified directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableDirectory"
},
{
"resource_types": "directory",
"description": "Enables the specified directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableDirectory"
},
{
"resource_types": "directory",
"description": "Retrieves metadata about a directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDirectory"
},
{
"resource_types": "appliedSchema",
"description": "Gets details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFacet"
},
{
"resource_types": "directory",
"description": "Retrieves attributes that are associated with a typed link",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLinkAttributes"
},
{
"resource_types": "directory",
"description": "Retrieves attributes within a facet that are associated with an object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetObjectAttributes"
},
{
"resource_types": "directory",
"description": "Retrieves metadata about an object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetObjectInformation"
},
{
"resource_types": "appliedSchema",
"description": "Retrieves a JSON representation of the schema",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSchemaAsJson"
},
{
"resource_types": "appliedSchema",
"description": "Returns identity attributes order information associated with a given typed link facet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTypedLinkFacetInformation"
},
{
"resource_types": "directory",
"description": "Lists schemas applied to a directory",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAppliedSchemaArns"
},
{
"resource_types": "directory",
"description": "Lists indices attached to an object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListAttachedIndices"
},
{
"resource_types": "",
"description": "Retrieves the ARNs of schemas in the development state",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDevelopmentSchemaArns"
},
{
"resource_types": "",
"description": "Lists directories created within an account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDirectories"
},
{
"resource_types": "appliedSchema",
"description": "Retrieves attributes attached to the facet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListFacetAttributes"
},
{
"resource_types": "appliedSchema",
"description": "Retrieves the names of facets that exist in a schema",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListFacetNames"
},
{
"resource_types": "directory",
"description": "Returns a paginated list of all incoming TypedLinks for a given object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListIncomingTypedLinks"
},
{
"resource_types": "directory",
"description": "Lists objects attached to the specified index",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListIndex"
},
{
"resource_types": "directory",
"description": "Lists all attributes associated with an object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListObjectAttributes"
},
{
"resource_types": "directory",
"description": "Returns a paginated list of child objects associated with a given object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListObjectChildren"
},
{
"resource_types": "directory",
"description": "Retrieves all available parent paths for any object type such as node, leaf node, policy node, and index node objects",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListObjectParentPaths"
},
{
"resource_types": "directory",
"description": "Lists parent objects associated with a given object in pagination fashion",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListObjectParents"
},
{
"resource_types": "directory",
"description": "Returns policies attached to an object in pagination fashion",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListObjectPolicies"
},
{
"resource_types": "directory",
"description": "Returns a paginated list of all outgoing TypedLinks for a given object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListOutgoingTypedLinks"
},
{
"resource_types": "directory",
"description": "Returns all of the ObjectIdentifiers to which a given policy is attached",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListPolicyAttachments"
},
{
"resource_types": "",
"description": "Retrieves published schema ARNs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPublishedSchemaArns"
},
{
"resource_types": "directory",
"description": "Returns tags for a resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "appliedSchema",
"description": "Returns a paginated list of attributes associated with typed link facet",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTypedLinkFacetAttributes"
},
{
"resource_types": "appliedSchema",
"description": "Returns a paginated list of typed link facet names that exist in a schema",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTypedLinkFacetNames"
},
{
"resource_types": "directory",
"description": "Lists all policies from the root of the Directory to the object specified",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "LookupPolicy"
},
{
"resource_types": "developmentSchema",
"description": "Publishes a development schema with a version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PublishSchema"
},
{
"resource_types": "",
"description": "Allows a schema to be updated using JSON upload. Only available for development schemas",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutSchemaFromJson"
},
{
"resource_types": "directory",
"description": "Removes the specified facet from the specified object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveFacetFromObject"
},
{
"resource_types": "directory",
"description": "Adds tags to a resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "directory",
"description": "Removes tags from a resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "appliedSchema",
"description": "Adds/Updates/Deletes existing Attributes, Rules, or ObjectType of a Facet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFacet"
},
{
"resource_types": "directory",
"description": "Updates a given typed link’s attributes. Attributes to be updated must not contribute to the typed link’s identity, as defined by its IdentityAttributeOrder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateLinkAttributes"
},
{
"resource_types": "directory",
"description": "Updates a given object's attributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateObjectAttributes"
},
{
"resource_types": "developmentSchema",
"description": "Updates the schema name with a new name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSchema"
},
{
"resource_types": "developmentSchema",
"description": "Adds/Updates/Deletes existing Attributes, Rules, identity attribute order of a TypedLink Facet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTypedLinkFacet"
}
]
},
{
"service_name": "AWS Key Management Service",
"privileges": [
{
"resource_types": "key",
"description": "Grants permission to cancel the scheduled deletion of a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelKeyDeletion"
},
{
"resource_types": "key",
"description": "Grants permission to create an alias for a customer master key (CMK). Aliases are optional display names that you can associate with CMKs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlias"
},
{
"resource_types": "key",
"description": "Grants permission to add a grant to a customer master key. You can use grants to add permissions without changing the key policy or IAM policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreateGrant"
},
{
"resource_types": "",
"description": "Grants permission to create a customer master key that can be used to protect data keys and other sensitive information",
"condition_keys": [
"kms:BypassPolicyLockoutSafetyCheck",
"kms:KeyOrigin"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateKey"
},
{
"resource_types": "key",
"description": "Grants permission to decrypt ciphertext that was encrypted under a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Decrypt"
},
{
"resource_types": "alias",
"description": "Grants permission to delete an alias, which is an optional friendly name for a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAlias"
},
{
"resource_types": "key",
"description": "Grants permission to delete cryptographic material that you imported into a customer master key. This action makes the key unusable",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteImportedKeyMaterial"
},
{
"resource_types": "key",
"description": "Grants permission to view detailed information about a customer master key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeKey"
},
{
"resource_types": "key",
"description": "Grants permission to disable a customer master key, which prevents it from being used in cryptographic operations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableKey"
},
{
"resource_types": "key",
"description": "Grants permission to disable automatic rotation of a customer managed customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableKeyRotation"
},
{
"resource_types": "key",
"description": "Grants permission to change the state of a customer master key (CMK) to enabled. This allows the CMK to be used in cryptographic operations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableKey"
},
{
"resource_types": "key",
"description": "Grants permission to enable automatic rotation of the cryptographic material in a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableKeyRotation"
},
{
"resource_types": "key",
"description": "Grants permission to use the specified customer master key to encrypt data and data keys",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Encrypt"
},
{
"resource_types": "key",
"description": "Grants permission to use the customer master key to generate data keys. You can use the data keys to encrypt data outside of AWS KMS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateDataKey"
},
{
"resource_types": "key",
"description": "Grants permission to use the customer master key to generate a data key. Unlike the GenerateDataKey operation, this operation returns an encrypted data key without a plaintext version of the data key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateDataKeyWithoutPlaintext"
},
{
"resource_types": "",
"description": "Grants permission to get a cryptographically secure random byte string from AWS KMS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateRandom"
},
{
"resource_types": "key",
"description": "Grants permission to view the key policy for the specified customer master key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetKeyPolicy"
},
{
"resource_types": "key",
"description": "Grants permission to determine whether automatic key rotation is enabled on the customer master key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetKeyRotationStatus"
},
{
"resource_types": "key",
"description": "Grants permission to get data that is required to import cryptographic material into a customer managed key, including a public key and import token",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetParametersForImport"
},
{
"resource_types": "key",
"description": "Grants permission to import cryptographic material into a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportKeyMaterial"
},
{
"resource_types": "",
"description": "Grants permission to view the aliases that are defined in the account. Aliases are optional display names that you can associate with customer master keys",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAliases"
},
{
"resource_types": "key",
"description": "Grants permission to view all grants for a customer master key",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGrants"
},
{
"resource_types": "key",
"description": "Grants permission to view the names of key policies for a customer master key",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListKeyPolicies"
},
{
"resource_types": "",
"description": "Grants permission to view the key ID and Amazon Resource Name (ARN) of all customer master keys in the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListKeys"
},
{
"resource_types": "key",
"description": "Grants permission to view all tags that are attached to a customer master key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListResourceTags"
},
{
"resource_types": "key",
"description": "Grants permission to view grants in which the specified principal is the retiring principal. Other principals might be able to retire the grant and this principal might be able to retire other grants",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRetirableGrants"
},
{
"resource_types": "key",
"description": "Grants permission to replace the key policy for the specified customer master key",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutKeyPolicy"
},
{
"resource_types": "key",
"description": "Grants permission to decrypt data as part of the process that decrypts and reencrypts the data within AWS KMS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReEncryptFrom"
},
{
"resource_types": "key",
"description": "Grants permission to encrypt data as part of the process that decrypts and reencrypts the data within AWS KMS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReEncryptTo"
},
{
"resource_types": "key",
"description": "Grants permission to retire a grant. The RetireGrant operation is typically called by the grant user after they complete the tasks that the grant allowed them to perform",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RetireGrant"
},
{
"resource_types": "key",
"description": "Grants permission to revoke a grant, which denies permission for all operations that depend on the grant",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RevokeGrant"
},
{
"resource_types": "key",
"description": "Grants permission to schedule deletion of a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ScheduleKeyDeletion"
},
{
"resource_types": "key",
"description": "Grants permission to create or update tags that are attached to a customer master key",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "key",
"description": "Grants permission to delete tags that are attached to a customer master key",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "alias",
"description": "Grants permission to associate an alias with a different customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAlias"
},
{
"resource_types": "key",
"description": "Grants permission to delete or change the description of a customer master key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateKeyDescription"
}
]
},
{
"service_name": "AWS SSO",
"privileges": [
{
"resource_types": "",
"description": "Adds member to the group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddMemberToGroup"
},
{
"resource_types": "",
"description": "Connect a directory to be used by AWS Single Sign-On",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateDirectory"
},
{
"resource_types": "",
"description": "Create an association between a directory user or group and a profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateProfile"
},
{
"resource_types": "",
"description": "Creates an alias for User Pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlias"
},
{
"resource_types": "",
"description": "Add an application instance to AWS Single Sign-On",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApplicationInstance"
},
{
"resource_types": "",
"description": "Add a new certificate for an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApplicationInstanceCertificate"
},
{
"resource_types": "",
"description": "Creats a group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGroup"
},
{
"resource_types": "",
"description": "Create a permission set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePermissionSet"
},
{
"resource_types": "",
"description": "Create a profile for an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProfile"
},
{
"resource_types": "",
"description": "Create a federation trust in a target account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrust"
},
{
"resource_types": "",
"description": "Creates a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "",
"description": "Delete the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApplicationInstance"
},
{
"resource_types": "",
"description": "Delete an inactive or expired certificate from the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApplicationInstanceCertificate"
},
{
"resource_types": "",
"description": "Deletes a group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroup"
},
{
"resource_types": "",
"description": "Delete a permission set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePermissionSet"
},
{
"resource_types": "",
"description": "Delete the permission policy associated with a permission set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePermissionsPolicy"
},
{
"resource_types": "",
"description": "Delete the profile for an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProfile"
},
{
"resource_types": "",
"description": "Deletes a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "",
"description": "Retrieve groups' information",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeGroups"
},
{
"resource_types": "",
"description": "Retrieve all the permissions policies associated with a permission set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePermissionsPolicies"
},
{
"resource_types": "",
"description": "Retrieves users' information",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeUsers"
},
{
"resource_types": "",
"description": "Deactivates user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableUser"
},
{
"resource_types": "",
"description": "Disassociate a directory to be used by AWS Single Sign-On",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateDirectory"
},
{
"resource_types": "",
"description": "Disassociate a directory user or group from a profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateProfile"
},
{
"resource_types": "",
"description": "Activates user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableUser"
},
{
"resource_types": "",
"description": "Retrieve details for an application instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetApplicationInstance"
},
{
"resource_types": "",
"description": "Retrieve application template details",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetApplicationTemplate"
},
{
"resource_types": "",
"description": "Retrieve details of a permission set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPermissionSet"
},
{
"resource_types": "",
"description": "Retrieve all permission policies associated with a permission set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"sso:DescribePermissionsPolicies"
],
"privilege": "GetPermissionsPolicy"
},
{
"resource_types": "",
"description": "Retrieve a profile for an application instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetProfile"
},
{
"resource_types": "",
"description": "Retrieve configuration for the current SSO instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSSOConfiguration"
},
{
"resource_types": "",
"description": "Check if AWS Single Sign-On is enabled",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSSOStatus"
},
{
"resource_types": "",
"description": "Retrieve the federation trust in a target account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTrust"
},
{
"resource_types": "",
"description": "Retrieve User Pool information",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUserPoolInfo"
},
{
"resource_types": "",
"description": "Update the application instance by uploading an application SAML metadata file provided by the service provider",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportApplicationInstanceServiceProviderMetadata"
},
{
"resource_types": "",
"description": "Retrieve all of the certificates for a given application instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListApplicationInstanceCertificates"
},
{
"resource_types": "",
"description": "Retrieve all application instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [
"sso:GetApplicationInstance"
],
"privilege": "ListApplicationInstances"
},
{
"resource_types": "",
"description": "Retrieve all supported application templates",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"sso:GetApplicationTemplate"
],
"privilege": "ListApplicationTemplates"
},
{
"resource_types": "",
"description": "Retrieve all supported applications",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListApplications"
},
{
"resource_types": "",
"description": "Retrieve details about the directory connected to AWS Single Sign-On",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListDirectoryAssociations"
},
{
"resource_types": "",
"description": "Lists groups for a user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroupsForUser"
},
{
"resource_types": "",
"description": "Retrives all members that are part of the group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMembersInGroup"
},
{
"resource_types": "",
"description": "Retrieve all permission sets",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListPermissionSets"
},
{
"resource_types": "",
"description": "Retrieve the directory user or group associated with the profile",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListProfileAssociations"
},
{
"resource_types": "",
"description": "Retrieve all profiles for an application instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"sso:GetProfile"
],
"privilege": "ListProfiles"
},
{
"resource_types": "",
"description": "Add a policy to a permission set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutPermissionsPolicy"
},
{
"resource_types": "",
"description": "Removes member that are part of the group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveMemberFromGroup"
},
{
"resource_types": "",
"description": "Search for groups within the associated directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SearchGroups"
},
{
"resource_types": "",
"description": "Search for users within the associated directory",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SearchUsers"
},
{
"resource_types": "",
"description": "Sets a temporary password for a user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetTemporaryPassword"
},
{
"resource_types": "",
"description": "Initialize AWS Single Sign-On",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartSSO"
},
{
"resource_types": "",
"description": "Set a certificate as the active one for this application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceActiveCertificate"
},
{
"resource_types": "",
"description": "Update display data of an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceDisplayData"
},
{
"resource_types": "",
"description": "Update federation response configuration for the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceResponseConfiguration"
},
{
"resource_types": "",
"description": "Update federation response schema configuration for the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceResponseSchemaConfiguration"
},
{
"resource_types": "",
"description": "Update security details for the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceSecurityConfiguration"
},
{
"resource_types": "",
"description": "Update service provider related configuration for the application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceServiceProviderConfiguration"
},
{
"resource_types": "",
"description": "Update the status of an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplicationInstanceStatus"
},
{
"resource_types": "",
"description": "Update the user attribute mappings for your connected directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDirectoryAssociation"
},
{
"resource_types": "",
"description": "Updates group information",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGroup"
},
{
"resource_types": "",
"description": "Update the profile for an application instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProfile"
},
{
"resource_types": "",
"description": "Update the configuration for the current SSO instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSSOConfiguration"
},
{
"resource_types": "",
"description": "Update the federation trust in a target account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTrust"
},
{
"resource_types": "",
"description": "Updates user information",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
}
]
},
{
"service_name": "AWS Cloud Map",
"privileges": []
},
{
"service_name": "AWS X-Ray",
"privileges": [
{
"resource_types": "",
"description": "Retrieves a list of traces specified by ID. Each trace is a collection of segment documents that originates from a single request. Use GetTraceSummaries to get a list of trace IDs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetTraces"
},
{
"resource_types": "",
"description": "Creates a group resource with a name and a filter expression",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGroup"
},
{
"resource_types": "",
"description": "Creates a rule to control sampling behavior for instrumented applications",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSamplingRule"
},
{
"resource_types": "",
"description": "Deletes a group resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroup"
},
{
"resource_types": "",
"description": "Deletes a sampling rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSamplingRule"
},
{
"resource_types": "",
"description": "Retrieves the current encryption configuration for X-Ray data",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "GetEncryptionConfig"
},
{
"resource_types": "",
"description": "Retrieves group resource details",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGroup"
},
{
"resource_types": "",
"description": "Retrieves all active group details",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGroups"
},
{
"resource_types": "",
"description": "Retrieves all sampling rules",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSamplingRules"
},
{
"resource_types": "",
"description": "Retrieves information about recent sampling results for all sampling rules",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSamplingStatisticSummaries"
},
{
"resource_types": "",
"description": "Requests a sampling quota for rules that the service is using to sample requests",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSamplingTargets"
},
{
"resource_types": "",
"description": "Retrieves a document that describes services that process incoming requests, and downstream services that they call as a result",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetServiceGraph"
},
{
"resource_types": "",
"description": "Retrieves a service graph for one or more specific trace IDs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTraceGraph"
},
{
"resource_types": "",
"description": "Retrieves IDs and metadata for traces available for a specified time frame using an optional filter. To get the full traces, pass the trace IDs to BatchGetTraces",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTraceSummaries"
},
{
"resource_types": "",
"description": "Updates the encryption configuration for X-Ray data",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutEncryptionConfig"
},
{
"resource_types": "",
"description": "Used by the AWS X-Ray daemon to send telemetry to the service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutTelemetryRecords"
},
{
"resource_types": "",
"description": "Uploads segment documents to AWS X-Ray. The X-Ray SDK generates segment documents and sends them to the X-Ray daemon, which uploads them in batches",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutTraceSegments"
},
{
"resource_types": "",
"description": "Updates a group resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGroup"
},
{
"resource_types": "",
"description": "Modifies a sampling rule's configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSamplingRule"
}
]
},
{
"service_name": "Amazon RDS",
"privileges": [
{
"resource_types": "cluster",
"description": "Associates an Identity and Access Management (IAM) role from an Aurora DB cluster",
"condition_keys": [
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:Vpc",
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddRoleToDBCluster"
},
{
"resource_types": "es",
"description": "Adds a source identifier to an existing RDS event notification subscription",
"condition_keys": [
"rds:es-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddSourceIdentifierToSubscription"
},
{
"resource_types": "db",
"description": "Adds metadata tags to an Amazon RDS resource",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToResource"
},
{
"resource_types": "db",
"description": "Applies a pending maintenance action to a resource",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ApplyPendingMaintenanceAction"
},
{
"resource_types": "secgrp",
"description": "Enables ingress to a DBSecurityGroup using one of two forms of authorization",
"condition_keys": [
"rds:secgrp-tag"
],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AuthorizeDBSecurityGroupIngress"
},
{
"resource_types": "cluster-snapshot",
"description": "Creates a snapshot of a DB cluster",
"condition_keys": [
"rds:cluster-snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyDBClusterSnapshot"
},
{
"resource_types": "pg",
"description": "Copies the specified DB parameter group",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyDBParameterGroup"
},
{
"resource_types": "snapshot",
"description": "Copies the specified DB snapshot",
"condition_keys": [
"rds:snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyDBSnapshot"
},
{
"resource_types": "og",
"description": "Copies the specified option group",
"condition_keys": [
"rds:og-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyOptionGroup"
},
{
"resource_types": "cluster",
"description": "Creates a new Amazon Aurora DB cluster",
"condition_keys": [
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:Vpc",
"rds:cluster-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBCluster"
},
{
"resource_types": "cluster-pg",
"description": "Create a new DB cluster parameter group",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBClusterParameterGroup"
},
{
"resource_types": "cluster",
"description": "Creates a snapshot of a DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBClusterSnapshot"
},
{
"resource_types": "db",
"description": "Creates a new DB instance",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:StorageSize",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBInstance"
},
{
"resource_types": "db",
"description": "Creates a DB instance for a DB instance running MySQL, MariaDB, or PostgreSQL that acts as a Read Replica of a source DB instance",
"condition_keys": [
"Piops",
"rds:DatabaseClass",
"rds:db-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBInstanceReadReplica"
},
{
"resource_types": "pg",
"description": "Creates a new DB parameter group",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBParameterGroup"
},
{
"resource_types": "secgrp",
"description": "Creates a new DB security group. DB security groups control access to a DB instance",
"condition_keys": [
"rds:secgrp-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBSecurityGroup"
},
{
"resource_types": "db",
"description": "Creates a DBSnapshot",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBSnapshot"
},
{
"resource_types": "subgrp",
"description": "Creates a new DB subnet group",
"condition_keys": [
"rds:subgrp-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDBSubnetGroup"
},
{
"resource_types": "es",
"description": "Creates an RDS event notification subscription",
"condition_keys": [
"rds:es-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateEventSubscription"
},
{
"resource_types": "og",
"description": "Creates a new option group",
"condition_keys": [
"rds:og-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateOptionGroup"
},
{
"resource_types": "cluster",
"description": "The DeleteDBCluster action deletes a previously provisioned DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBCluster"
},
{
"resource_types": "cluster-pg",
"description": "Deletes a specified DB cluster parameter group",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBClusterParameterGroup"
},
{
"resource_types": "cluster-snapshot",
"description": "Deletes a DB cluster snapshot",
"condition_keys": [
"rds:cluster-snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBClusterSnapshot"
},
{
"resource_types": "db",
"description": "The DeleteDBInstance action deletes a previously provisioned DB instance",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBInstance"
},
{
"resource_types": "pg",
"description": "Deletes a specified DBParameterGroup",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBParameterGroup"
},
{
"resource_types": "secgrp",
"description": "Deletes a DB security group",
"condition_keys": [
"rds:secgrp-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBSecurityGroup"
},
{
"resource_types": "snapshot",
"description": "Deletes a DBSnapshot",
"condition_keys": [
"rds:snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBSnapshot"
},
{
"resource_types": "subgrp",
"description": "Deletes a DB subnet group",
"condition_keys": [
"rds:subgrp-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDBSubnetGroup"
},
{
"resource_types": "es",
"description": "Deletes an RDS event notification subscription",
"condition_keys": [
"rds:es-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEventSubscription"
},
{
"resource_types": "og",
"description": "Deletes an existing option group",
"condition_keys": [
"rds:og-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteOptionGroup"
},
{
"resource_types": "",
"description": "Lists all of the attributes for a customer account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAccountAttributes"
},
{
"resource_types": "",
"description": "Lists the set of CA certificates provided by Amazon RDS for this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeCertificates"
},
{
"resource_types": "cluster-pg",
"description": "Returns a list of DBClusterParameterGroup descriptions",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBClusterParameterGroups"
},
{
"resource_types": "cluster-pg",
"description": "Returns the detailed parameter list for a particular DB cluster parameter group",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBClusterParameters"
},
{
"resource_types": "cluster-snapshot",
"description": "Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot",
"condition_keys": [
"rds:cluster-snapshot-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBClusterSnapshotAttributes"
},
{
"resource_types": "cluster",
"description": "Returns information about provisioned Aurora DB clusters",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBClusters"
},
{
"resource_types": "pg",
"description": "Returns a list of the available DB engines",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBEngineVersions"
},
{
"resource_types": "",
"description": "Returns information about provisioned RDS instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBInstances"
},
{
"resource_types": "db",
"description": "Returns a list of DB log files for the DB instance",
"condition_keys": [
"rds:db-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBLogFiles"
},
{
"resource_types": "pg",
"description": "Returns a list of DBParameterGroup descriptions",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBParameterGroups"
},
{
"resource_types": "pg",
"description": "Returns the detailed parameter list for a particular DB parameter group",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBParameters"
},
{
"resource_types": "secgrp",
"description": "Returns a list of DBSecurityGroup descriptions",
"condition_keys": [
"rds:secgrp-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBSecurityGroups"
},
{
"resource_types": "snapshot",
"description": "Returns a list of DB snapshot attribute names and values for a manual DB snapshot",
"condition_keys": [
"rds:snapshot-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBSnapshotAttributes"
},
{
"resource_types": "db",
"description": "Returns information about DB snapshots",
"condition_keys": [
"rds:db-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBSnapshots"
},
{
"resource_types": "subgrp",
"description": "Returns a list of DBSubnetGroup descriptions",
"condition_keys": [
"rds:subgrp-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDBSubnetGroups"
},
{
"resource_types": "",
"description": "Returns the default engine and system parameter information for the cluster database engine",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEngineDefaultClusterParameters"
},
{
"resource_types": "",
"description": "Returns the default engine and system parameter information for the specified database engine",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEngineDefaultParameters"
},
{
"resource_types": "",
"description": "Displays a list of categories for all event source types, or, if specified, for a specified source type",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEventCategories"
},
{
"resource_types": "es",
"description": "Lists all the subscription descriptions for a customer account",
"condition_keys": [
"rds:es-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEventSubscriptions"
},
{
"resource_types": "es",
"description": "Returns events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days",
"condition_keys": [
"rds:es-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEvents"
},
{
"resource_types": "og",
"description": "Describes all available options",
"condition_keys": [
"rds:og-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeOptionGroupOptions"
},
{
"resource_types": "og",
"description": "Describes the available option groups",
"condition_keys": [
"rds:og-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeOptionGroups"
},
{
"resource_types": "",
"description": "Returns a list of orderable DB instance options for the specified engine",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeOrderableDBInstanceOptions"
},
{
"resource_types": "db",
"description": "Returns a list of resources (for example, DB instances) that have at least one pending maintenance action",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:StorageSize",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePendingMaintenanceActions"
},
{
"resource_types": "ri",
"description": "Returns information about reserved DB instances for this account, or about a specified reserved DB instance",
"condition_keys": [
"rds:DatabaseClass",
"rds:MultiAz",
"rds:ri-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedDBInstances"
},
{
"resource_types": "db",
"description": "Lists available reserved DB instance offerings",
"condition_keys": [
"rds:db-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedDBInstancesOfferings"
},
{
"resource_types": "db",
"description": "Lists available modifications you can make to your DB instance",
"condition_keys": [
"rds:db-tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeValidDBInstanceModifications"
},
{
"resource_types": "",
"description": "Downloads the contents of the specified database log file",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DownloadCompleteDBLogFile"
},
{
"resource_types": "db",
"description": "Downloads all or a portion of the specified log file, up to 1 MB in size",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DownloadDBLogFilePortion"
},
{
"resource_types": "cluster",
"description": "Forces a failover for a DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "FailoverDBCluster"
},
{
"resource_types": "db",
"description": "Lists all tags on an Amazon RDS resource",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "cluster",
"description": "Modify current cluster capacity for an Amazon Aurora Severless DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyCurrentDBClusterCapacity"
},
{
"resource_types": "cluster",
"description": "Modify a setting for an Amazon Aurora DB cluster",
"condition_keys": [
"rds:Vpc",
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBCluster"
},
{
"resource_types": "cluster-pg",
"description": "Modifies the parameters of a DB cluster parameter group",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBClusterParameterGroup"
},
{
"resource_types": "cluster-snapshot",
"description": "Adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot",
"condition_keys": [
"rds:cluster-snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBClusterSnapshotAttribute"
},
{
"resource_types": "db",
"description": "Modify settings for a DB instance",
"condition_keys": [
"rds:DatabaseClass",
"rds:MultiAz",
"rds:Piops",
"rds:StorageSize",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBInstance"
},
{
"resource_types": "pg",
"description": "Modifies the parameters of a DB parameter group",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBParameterGroup"
},
{
"resource_types": "snapshot",
"description": "Adds an attribute and values to, or removes an attribute and values from, a manual DB snapshot",
"condition_keys": [
"rds:snapshot-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBSnapshotAttribute"
},
{
"resource_types": "subgrp",
"description": "Modifies an existing DB subnet group",
"condition_keys": [
"rds:subgrp-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyDBSubnetGroup"
},
{
"resource_types": "es",
"description": "Modifies an existing RDS event notification subscription",
"condition_keys": [
"rds:es-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyEventSubscription"
},
{
"resource_types": "og",
"description": "Modifies an existing option group",
"condition_keys": [
"rds:og-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyOptionGroup"
},
{
"resource_types": "db",
"description": "Promotes a Read Replica DB instance to a standalone DB instance",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PromoteReadReplica"
},
{
"resource_types": "",
"description": "Purchases a reserved DB instance offering",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseReservedDBInstancesOffering"
},
{
"resource_types": "db",
"description": "Rebooting a DB instance restarts the database engine service",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootDBInstance"
},
{
"resource_types": "es",
"description": "Removes a source identifier from an existing RDS event notification subscription",
"condition_keys": [
"rds:es-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveSourceIdentifierFromSubscription"
},
{
"resource_types": "db",
"description": "Removes metadata tags from an Amazon RDS resource",
"condition_keys": [
"rds:db-tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromResource"
},
{
"resource_types": "cluster-pg",
"description": "Modifies the parameters of a DB cluster parameter group to the default value",
"condition_keys": [
"rds:cluster-pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetDBClusterParameterGroup"
},
{
"resource_types": "pg",
"description": "Modifies the parameters of a DB parameter group to the engine/system default value",
"condition_keys": [
"rds:pg-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetDBParameterGroup"
},
{
"resource_types": "cluster",
"description": "Creates a new DB cluster from a DB cluster snapshot",
"condition_keys": [
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:Vpc",
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreDBClusterFromSnapshot"
},
{
"resource_types": "cluster",
"description": "Restores a DB cluster to an arbitrary point in time",
"condition_keys": [
"rds:Vpc",
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreDBClusterToPointInTime"
},
{
"resource_types": "db",
"description": "Creates a new DB instance from a DB snapshot",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreDBInstanceFromDBSnapshot"
},
{
"resource_types": "db",
"description": "Restores a DB instance to an arbitrary point in time",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreDBInstanceToPointInTime"
},
{
"resource_types": "secgrp",
"description": "Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups",
"condition_keys": [
"rds:secgrp-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RevokeDBSecurityGroupIngress"
},
{
"resource_types": "cluster",
"description": "Starts the DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDBCluster"
},
{
"resource_types": "db",
"description": "Starts the DB instance",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:StorageSize",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDBInstance"
},
{
"resource_types": "cluster",
"description": "Stops the DB cluster",
"condition_keys": [
"rds:cluster-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopDBCluster"
},
{
"resource_types": "db",
"description": "Stops the DB instance",
"condition_keys": [
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:MultiAz",
"rds:Piops",
"rds:StorageSize",
"rds:Vpc",
"rds:db-tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopDBInstance"
}
]
},
{
"service_name": "AWS Security Token Service",
"privileges": [
{
"resource_types": "role",
"description": "Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssumeRole"
},
{
"resource_types": "role",
"description": "Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssumeRoleWithSAML"
},
{
"resource_types": "role",
"description": "Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssumeRoleWithWebIdentity"
},
{
"resource_types": "",
"description": "Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DecodeAuthorizationMessage"
},
{
"resource_types": "",
"description": "Returns details about the IAM identity whose credentials are used to call the API",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCallerIdentity"
},
{
"resource_types": "user",
"description": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFederationToken"
}
]
},
{
"service_name": "Amazon WorkDocs",
"privileges": [
{
"resource_types": "",
"description": "Aborts the upload of the specified document version that was previously initiated by InitiateDocumentVersionUpload",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AbortDocumentVersionUpload"
},
{
"resource_types": "",
"description": "Activates the specified user. Only active users can access Amazon WorkDocs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ActivateUser"
},
{
"resource_types": "",
"description": "Creates a set of permissions for the specified folder or document",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddResourcePermissions"
},
{
"resource_types": "",
"description": "Creates a folder with the specified name and parent folder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFolder"
},
{
"resource_types": "",
"description": "Configure WorkDocs to use Amazon SNS notifications",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNotificationSubscription"
},
{
"resource_types": "",
"description": "Creates a user in a Simple AD or Microsoft AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "",
"description": "Deactivates the specified user, which revokes the user's access to Amazon WorkDocs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeactivateUser"
},
{
"resource_types": "",
"description": "Permanently deletes the specified document and its associated metadata",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDocument"
},
{
"resource_types": "",
"description": "Permanently deletes the specified folder and its contents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFolder"
},
{
"resource_types": "",
"description": "Deletes the contents of the specified folder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFolderContents"
},
{
"resource_types": "",
"description": "Deletes the specified subscription from the specified organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNotificationSubscription"
},
{
"resource_types": "",
"description": "Deletes the specified user from a Simple AD or Microsoft AD directory",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "",
"description": "Retrieves the document versions for the specified document",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDocumentVersions"
},
{
"resource_types": "",
"description": "Describes the contents of the specified folder, including its documents and sub-folders",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFolderContents"
},
{
"resource_types": "",
"description": "Lists the specified notification subscriptions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNotificationSubscriptions"
},
{
"resource_types": "",
"description": "Describes the permissions of a specified resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeResourcePermissions"
},
{
"resource_types": "",
"description": "Describes the specified users. You can describe all users or filter the results (for example, by status or organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeUsers"
},
{
"resource_types": "",
"description": "Retrieves the specified document object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDocument"
},
{
"resource_types": "",
"description": "Retrieves the path information (the hierarchy from the root folder) for the requested document",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDocumentPath"
},
{
"resource_types": "",
"description": "Retrieves version metadata for the specified document",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDocumentVersion"
},
{
"resource_types": "",
"description": "Retrieves the metadata of the specified folder",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFolder"
},
{
"resource_types": "",
"description": "Retrieves the path information (the hierarchy from the root folder) for the specified folder",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFolderPath"
},
{
"resource_types": "",
"description": "Creates a new document object and version object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InitiateDocumentVersionUpload"
},
{
"resource_types": "",
"description": "Removes all the permissions from the specified resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveAllResourcePermissions"
},
{
"resource_types": "",
"description": "Removes the permission for the specified principal from the specified resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveResourcePermission"
},
{
"resource_types": "",
"description": "Updates the specified attributes of the specified document",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDocument"
},
{
"resource_types": "",
"description": "Changes the status of the document version to ACTIVE",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDocumentVersion"
},
{
"resource_types": "",
"description": "Updates the specified attributes of the specified folder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFolder"
},
{
"resource_types": "",
"description": "Updates the specified attributes of the specified user, and grants or revokes administrative privileges to the Amazon WorkDocs site",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
}
]
},
{
"service_name": "AWS Migration Hub",
"privileges": [
{
"resource_types": "migrationTask",
"description": "Associate a given AWS artifact to a MigrationTask",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateCreatedArtifact"
},
{
"resource_types": "migrationTask",
"description": "Associate a given ADS resource to a MigrationTask",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateDiscoveredResource"
},
{
"resource_types": "progressUpdateStream",
"description": "Create a ProgressUpdateStream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProgressUpdateStream"
},
{
"resource_types": "progressUpdateStream",
"description": "Delete a ProgressUpdateStream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProgressUpdateStream"
},
{
"resource_types": "",
"description": "Get an Application Discovery Service Application's state",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeApplicationState"
},
{
"resource_types": "migrationTask",
"description": "Describe a MigrationTask",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeMigrationTask"
},
{
"resource_types": "migrationTask",
"description": "Disassociate a given AWS artifact from a MigrationTask",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateCreatedArtifact"
},
{
"resource_types": "migrationTask",
"description": "Disassociate a given ADS resource from a MigrationTask",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateDiscoveredResource"
},
{
"resource_types": "migrationTask",
"description": "Import a MigrationTask",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportMigrationTask"
},
{
"resource_types": "migrationTask",
"description": "List associated created artifacts for a MigrationTask",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCreatedArtifacts"
},
{
"resource_types": "migrationTask",
"description": "List associated ADS resources from MigrationTask",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDiscoveredResources"
},
{
"resource_types": "",
"description": "List MigrationTasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMigrationTasks"
},
{
"resource_types": "",
"description": "List ProgressUpdateStreams",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProgressUpdateStreams"
},
{
"resource_types": "",
"description": "Update an Application Discovery Service Application's state",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "NotifyApplicationState"
},
{
"resource_types": "migrationTask",
"description": "Notify latest MigrationTask state",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "NotifyMigrationTaskState"
},
{
"resource_types": "migrationTask",
"description": "Put ResourceAttributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutResourceAttributes"
}
]
},
{
"service_name": "Amazon Elasticsearch Service",
"privileges": [
{
"resource_types": "domain",
"description": "Grants permission to attach resource tags to an Amazon ES domain",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "domain",
"description": "Grants permission to create an Amazon ES domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateElasticsearchDomain"
},
{
"resource_types": "domain",
"description": "Grants permission to delete an Amazon ES domain and all of its data",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteElasticsearchDomain"
},
{
"resource_types": "",
"description": "Grants permission to delete the service-linked role required for Amazon ES domains that use VPC access",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteElasticsearchServiceRole"
},
{
"resource_types": "domain",
"description": "Grants permission to view a description of the domain configuration for the specified Amazon ES domain, including the domain ID, domain service endpoint, and domain ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeElasticsearchDomain"
},
{
"resource_types": "domain",
"description": "Grants permission to view a description of the configuration options and status of an Amazon ES domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeElasticsearchDomainConfig"
},
{
"resource_types": "domain",
"description": "Grants permission to view a description of the domain configuration for up to five specified Amazon ES domains",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeElasticsearchDomains"
},
{
"resource_types": "",
"description": "Grants permission to view the instance count, storage, and master node limits for a given Elasticsearch version and instance type",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeElasticsearchInstanceTypeLimits"
},
{
"resource_types": "",
"description": "Grants permission to fetch reserved instance offerings for ES",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedElasticsearchInstanceOfferings"
},
{
"resource_types": "",
"description": "Grants permission to fetch ES reserved instances already purchased by customer",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedElasticsearchInstances"
},
{
"resource_types": "domain",
"description": "Grants permission to fetch list of compatible elastic search versions to which Amazon ES domain can be upgraded",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetCompatibleElasticsearchVersions"
},
{
"resource_types": "domain",
"description": "Grants permission to fetch upgrade history for given ES domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUpgradeHistory"
},
{
"resource_types": "domain",
"description": "Grants permission to fetch upgrade status for given ES domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUpgradeStatus"
},
{
"resource_types": "",
"description": "Grants permission to display the names of all Amazon ES domains that the current user owns",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDomainNames"
},
{
"resource_types": "",
"description": "Grants permission to list all Elasticsearch instance types that are supported for a given Elasticsearch version",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListElasticsearchInstanceTypes"
},
{
"resource_types": "",
"description": "Grants permission to list all supported Elasticsearch versions on Amazon ES",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListElasticsearchVersions"
},
{
"resource_types": "domain",
"description": "Grants permission to display all of the tags for an Amazon ES domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "",
"description": "Grants permission to purchase ES reserved instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseReservedElasticsearchInstance"
},
{
"resource_types": "domain",
"description": "Grants permission to remove tags from Amazon ES domains",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "domain",
"description": "Grants permission to modify the configuration of an Amazon ES domain, such as the instance type or number of instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateElasticsearchDomainConfig"
},
{
"resource_types": "domain",
"description": "Grants permission to initiate upgrade of elastic search domain to given version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpgradeElasticsearchDomain"
}
]
},
{
"service_name": "AWS CodeStar",
"privileges": [
{
"resource_types": "project",
"description": "Adds a user to the team for an AWS CodeStar project",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AssociateTeamMember"
},
{
"resource_types": "",
"description": "Creates a project with minimal structure, customer policies, and no resources",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreateProject"
},
{
"resource_types": "",
"description": "Creates a profile for a user that includes user preferences, display name, and email",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUserProfile"
},
{
"resource_types": "project",
"description": "Deletes a project, including project resources. Does not delete users associated with the project, but does delete the IAM roles that allowed access to the project",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteProject"
},
{
"resource_types": "",
"description": "Deletes a user profile in AWS CodeStar, including all personal preference data associated with that profile, such as display name and email address. It does not delete the history of that user, for example the history of commits made by that user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUserProfile"
},
{
"resource_types": "project",
"description": "Describes a project and its resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProject"
},
{
"resource_types": "",
"description": "Describes a user in AWS CodeStar and the user attributes across all projects",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUserProfile"
},
{
"resource_types": "project",
"description": "Removes a user from a project. Removing a user from a project also removes the IAM policies from that user that allowed access to the project and its resources",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DisassociateTeamMember"
},
{
"resource_types": "",
"description": "Lists all projects in CodeStar associated with your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProjects"
},
{
"resource_types": "project",
"description": "Lists all resources associated with a project in CodeStar",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResources"
},
{
"resource_types": "project",
"description": "Lists all team members associated with a project",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTeamMembers"
},
{
"resource_types": "",
"description": "Lists user profiles in AWS CodeStar",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUserProfiles"
},
{
"resource_types": "project",
"description": "Updates a project in CodeStar",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProject"
},
{
"resource_types": "project",
"description": "Updates team member attributes within a CodeStar project",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "UpdateTeamMember"
},
{
"resource_types": "",
"description": "Updates a profile for a user that includes user preferences, display name, and email",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUserProfile"
}
]
},
{
"service_name": "AWS Certificate Manager",
"privileges": [
{
"resource_types": "certificate",
"description": "Adds one or more tags to a certificate",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToCertificate"
},
{
"resource_types": "certificate",
"description": "Deletes a certificate and its associated private key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCertificate"
},
{
"resource_types": "certificate",
"description": "Returns a list of the fields contained in the specified certificate",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCertificate"
},
{
"resource_types": "certificate",
"description": "Exports a private certificate issued by a private certificate authority (CA) for use anywhere",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ExportCertificate"
},
{
"resource_types": "certificate",
"description": "Retrieves a certificate and certificate chain for the certificate specified by an ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCertificate"
},
{
"resource_types": "certificate",
"description": "Imports a 3rd party SSL/TLS certificate into AWS Certificate Manager (ACM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportCertificate"
},
{
"resource_types": "",
"description": "Retrieves a list of the certificate ARNs and the domain name for each ARN",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCertificates"
},
{
"resource_types": "",
"description": "Lists the tags that have been applied to the certificate",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForCertificate"
},
{
"resource_types": "certificate",
"description": "Remove one or more tags from a certificate. A tag consists of a key-value pair",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromCertificate"
},
{
"resource_types": "",
"description": "Requests a public or private certificate",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RequestCertificate"
},
{
"resource_types": "certificate",
"description": "Resends an email to request domain ownership validation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResendValidationEmail"
},
{
"resource_types": "certificate",
"description": "Updates a certificate. Use to specify whether to opt in to or out of certificate transparency logging",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCertificateOptions"
}
]
},
{
"service_name": "Amazon Elastic Transcoder",
"privileges": [
{
"resource_types": "job",
"description": "Cancel a job that Elastic Transcoder has not begun to process",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelJob"
},
{
"resource_types": "pipeline",
"description": "Create a job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJob"
},
{
"resource_types": "pipeline",
"description": "Create a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePipeline"
},
{
"resource_types": "preset",
"description": "Create a preset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePreset"
},
{
"resource_types": "pipeline",
"description": "Delete a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePipeline"
},
{
"resource_types": "preset",
"description": "Delete a preset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePreset"
},
{
"resource_types": "pipeline",
"description": "Get a list of the jobs that you assigned to a pipeline",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobsByPipeline"
},
{
"resource_types": "",
"description": "Get information about all of the jobs associated with the current AWS account that have a specified status",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobsByStatus"
},
{
"resource_types": "",
"description": "Get a list of the pipelines associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPipelines"
},
{
"resource_types": "",
"description": "Get a list of all presets associated with the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPresets"
},
{
"resource_types": "job",
"description": "Get detailed information about a job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ReadJob"
},
{
"resource_types": "pipeline",
"description": "Get detailed information about a pipeline",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ReadPipeline"
},
{
"resource_types": "preset",
"description": "Get detailed information about a preset",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ReadPreset"
},
{
"resource_types": "",
"description": "Test the settings for a pipeline to ensure that Elastic Transcoder can create and process jobs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TestRole"
},
{
"resource_types": "pipeline",
"description": "Update settings for a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePipeline"
},
{
"resource_types": "pipeline",
"description": "Update only Amazon Simple Notification Service (Amazon SNS) notifications for a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePipelineNotifications"
},
{
"resource_types": "pipeline",
"description": "Pause or reactivate a pipeline, so the pipeline stops or restarts processing jobs, update the status for the pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePipelineStatus"
}
]
},
{
"service_name": "AWS Snowball",
"privileges": [
{
"resource_types": "",
"description": "Cancels a cluster job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelCluster"
},
{
"resource_types": "",
"description": "Cancels the specified job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelJob"
},
{
"resource_types": "",
"description": "Creates an address for a Snowball to be shipped to",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAddress"
},
{
"resource_types": "",
"description": "Creates an empty cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCluster"
},
{
"resource_types": "",
"description": "Creates a job to import or export data between Amazon S3 and your on-premises data center",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJob"
},
{
"resource_types": "",
"description": "Takes an AddressId and returns specific details about that address in the form of an Address object",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAddress"
},
{
"resource_types": "",
"description": "Returns a specified number of ADDRESS objects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAddresses"
},
{
"resource_types": "",
"description": "Returns information about a specific cluster including shipping information, cluster status, and other important metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCluster"
},
{
"resource_types": "",
"description": "Returns information about a specific job including shipping information, job status, and other important metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeJob"
},
{
"resource_types": "",
"description": "Returns a link to an Amazon S3 presigned URL for the manifest file associated with the specified JobId value",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJobManifest"
},
{
"resource_types": "",
"description": "Returns the UnlockCode code value for the specified job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJobUnlockCode"
},
{
"resource_types": "",
"description": "Returns information about the Snowball service limit for your account, and also the number of Snowballs your account has in use",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSnowballUsage"
},
{
"resource_types": "",
"description": "Returns an array of JobListEntry objects of the specified length",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListClusterJobs"
},
{
"resource_types": "",
"description": "Returns an array of ClusterListEntry objects of the specified length",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListClusters"
},
{
"resource_types": "",
"description": "Returns an array of JobListEntry objects of the specified length",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "",
"description": "While a cluster's ClusterState value is in the AwaitingQuorum state, you can update some of the information associated with a cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCluster"
},
{
"resource_types": "",
"description": "While a job's JobState value is New, you can update some of the information associated with a job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateJob"
}
]
},
{
"service_name": "Amazon Elastic Container Service",
"privileges": [
{
"resource_types": "",
"description": "Creates a new Amazon ECS cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCluster"
},
{
"resource_types": "",
"description": "Runs and maintains a desired number of tasks from a specified task definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateService"
},
{
"resource_types": "container-instance",
"description": "Deletes one or more custom attributes from an Amazon ECS resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAttributes"
},
{
"resource_types": "cluster",
"description": "Deletes the specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCluster"
},
{
"resource_types": "",
"description": "Deletes a specified service within a cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteService"
},
{
"resource_types": "cluster",
"description": "Deregisters an Amazon ECS container instance from the specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterContainerInstance"
},
{
"resource_types": "",
"description": "Deregisters the specified task definition by family and revision",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterTaskDefinition"
},
{
"resource_types": "cluster",
"description": "Describes one or more of your clusters",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusters"
},
{
"resource_types": "container-instance",
"description": "Describes Amazon Elastic Container Service container instances",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeContainerInstances"
},
{
"resource_types": "",
"description": "Describes the specified services running in your cluster",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeServices"
},
{
"resource_types": "",
"description": "Describes a task definition. You can specify a family and revision to find information about a specific task definition, or you can simply specify the family to find the latest ACTIVE revision in that family",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTaskDefinition"
},
{
"resource_types": "task",
"description": "Describes a specified task or tasks",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTasks"
},
{
"resource_types": "",
"description": "Returns an endpoint for the Amazon ECS agent to poll for updates",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DiscoverPollEndpoint"
},
{
"resource_types": "cluster",
"description": "Lists the attributes for Amazon ECS resources within a specified target type and cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAttributes"
},
{
"resource_types": "",
"description": "Returns a list of existing clusters",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListClusters"
},
{
"resource_types": "cluster",
"description": "Returns a list of container instances in a specified cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListContainerInstances"
},
{
"resource_types": "",
"description": "Lists the services that are running in a specified cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListServices"
},
{
"resource_types": "cluster",
"description": "List tags for the specified resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Returns a list of task definition families that are registered to your account (which may include task definition families that no longer have any ACTIVE task definitions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTaskDefinitionFamilies"
},
{
"resource_types": "",
"description": "Returns a list of task definitions that are registered to your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTaskDefinitions"
},
{
"resource_types": "container-instance",
"description": "Returns a list of tasks for a specified cluster",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTasks"
},
{
"resource_types": "container-instance",
"description": "Grants permission to an agent to connect with the Amazon ECS service to report status and get commands",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Poll"
},
{
"resource_types": "container-instance",
"description": "Create or update an attribute on an Amazon ECS resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAttributes"
},
{
"resource_types": "cluster",
"description": "Registers an EC2 instance into the specified cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterContainerInstance"
},
{
"resource_types": "",
"description": "Registers a new task definition from the supplied family and containerDefinitions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterTaskDefinition"
},
{
"resource_types": "task-definition",
"description": "Start a task using random placement and the default Amazon ECS scheduler",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RunTask"
},
{
"resource_types": "task-definition",
"description": "Starts a new task from the specified task definition on the specified container instance or instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartTask"
},
{
"resource_types": "task",
"description": "Stops a running task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopTask"
},
{
"resource_types": "cluster",
"description": "Sent to acknowledge that a container changed states",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubmitContainerStateChange"
},
{
"resource_types": "cluster",
"description": "Sent to acknowledge that a task changed states",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubmitTaskStateChange"
},
{
"resource_types": "cluster",
"description": "Tags the specified resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "cluster",
"description": "Untags the specified resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "container-instance",
"description": "Updates the Amazon ECS container agent on a specified container instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateContainerAgent"
},
{
"resource_types": "container-instance",
"description": "Enables the user to modify the status of an Amazon ECS container instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateContainerInstancesState"
},
{
"resource_types": "",
"description": "Modifies the desired count, deployment configuration, or task definition used in a service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateService"
}
]
},
{
"service_name": "AWS Private Marketplace",
"privileges": [
{
"resource_types": "",
"description": "Adds new approved products to the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateProductsWithPrivateMarketplace"
},
{
"resource_types": "",
"description": "Creates a Private Marketplace for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePrivateMarketplace"
},
{
"resource_types": "",
"description": "Creates a Private Marketplace Profile that customizes the white label experience on the AWS Marketplace website for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePrivateMarketplaceProfile"
},
{
"resource_types": "",
"description": "Describes the status of requested products in the Private Marketplace for administrative purposes. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePrivateMarketplaceProducts"
},
{
"resource_types": "",
"description": "Describes details about the Private Marketplace Profile for administrative purposes. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePrivateMarketplaceProfile"
},
{
"resource_types": "",
"description": "Describes the status of the Private Marketplace for administrative purposes. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePrivateMarketplaceStatus"
},
{
"resource_types": "",
"description": "Removes approved products from the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateProductsFromPrivateMarketplace"
},
{
"resource_types": "",
"description": "Queryable list for the products and status of products in the Private Marketplace for administrative purposes. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPrivateMarketplaceProducts"
},
{
"resource_types": "",
"description": "Starts the Private Marketplace, enabling the customized AWS Marketplace experience, and enabling restrictions on the procurement of products based on what is available in the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartPrivateMarketplace"
},
{
"resource_types": "",
"description": "Stops the Private Marketplace, disabling the customized AWS Marketplace experience and removing the Private Marketplace procurement restrictions on products. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopPrivateMarketplace"
},
{
"resource_types": "",
"description": "Updates the Private Marketplace Profile that customizes the white label experience on the AWS Marketplace website for the individual account, or for the entire AWS Organization if one exists. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePrivateMarketplaceProfile"
}
]
},
{
"service_name": "AWS Import Export Disk Service",
"privileges": [
{
"resource_types": "",
"description": "This action cancels a specified job. Only the job owner can cancel it. The action fails if the job has already started or is complete",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelJob"
},
{
"resource_types": "",
"description": "This action initiates the process of scheduling an upload or download of your data",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJob"
},
{
"resource_types": "",
"description": "This action generates a pre-paid shipping label that you will use to ship your device to AWS for processing",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetShippingLabel"
},
{
"resource_types": "",
"description": "This action returns information about a job, including where the job is in the processing pipeline, the status of the results, and the signature value associated with the job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetStatus"
},
{
"resource_types": "",
"description": "This action returns the jobs associated with the requester",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "",
"description": "You use this action to change the parameters specified in the original manifest file by supplying a new manifest file",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateJob"
}
]
},
{
"service_name": "Amazon AppStream 2.0",
"privileges": [
{
"resource_types": "fleet",
"description": "Grants permission to associate the specified fleet with the specified stack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateFleet"
},
{
"resource_types": "",
"description": "Grants permission to associate the specified users with the specified stacks",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchAssociateUserStack"
},
{
"resource_types": "",
"description": "Grants permission to disassociate the specified users from the specified stacks",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchDisassociateUserStack"
},
{
"resource_types": "image",
"description": "Grants permission to copy the specified image within the same region or to a new region within the same AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyImage"
},
{
"resource_types": "",
"description": "Grants permission to create a Directory Config object in AppStream 2.0. This object includes the information required to join streaming instances to an Active Directory domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDirectoryConfig"
},
{
"resource_types": "fleet",
"description": "Grants permission to create a fleet. A fleet consists of streaming instances that run a specified image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFleet"
},
{
"resource_types": "image-builder",
"description": "Grants permission to create an image builder. An image builder is a virtual machine that is used to create an image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateImageBuilder"
},
{
"resource_types": "image-builder",
"description": "Grants permission to create a URL to start an image builder streaming session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateImageBuilderStreamingURL"
},
{
"resource_types": "stack",
"description": "Grants permission to create a stack to start streaming applications to users. A stack consists of an associated fleet, user access policies, and storage configurations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateStack"
},
{
"resource_types": "fleet",
"description": "Grants permission to create a temporary URL to start an AppStream 2.0 streaming session for a user. A streaming URL enables application streaming to be tested without user setup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateStreamingURL"
},
{
"resource_types": "",
"description": "Grants permission to create a new user in the user pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "",
"description": "Grants permission to delete the specified Directory Config object from AppStream 2.0. This object includes the information required to join streaming instances to an Active Directory domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDirectoryConfig"
},
{
"resource_types": "fleet",
"description": "Grants permission to delete the specified fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFleet"
},
{
"resource_types": "image",
"description": "Grants permission to delete the specified image. An image cannot be deleted when it is in use",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteImage"
},
{
"resource_types": "image-builder",
"description": "Grants permission to delete the specified image builder and release capacity",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteImageBuilder"
},
{
"resource_types": "image",
"description": "Grants permission to delete permissions for the specified private image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteImagePermissions"
},
{
"resource_types": "stack",
"description": "Grants permission to delete the specified stack. After the stack is deleted, the application streaming environment provided by the stack is no longer available to users. Also, any reservations made for application streaming sessions for the stack are released",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteStack"
},
{
"resource_types": "",
"description": "Grants permission to delete a user from the user pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "",
"description": "Grants permission to retrieve a list that describes one or more specified Directory Config objects for AppStream 2.0, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. This object includes the information required to join streaming instances to an Active Directory domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDirectoryConfigs"
},
{
"resource_types": "fleet",
"description": "Grants permission to retrieve a list that describes one or more specified fleets, if the fleet names are provided. Otherwise, all fleets in the account are described",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFleets"
},
{
"resource_types": "image-builder",
"description": "Grants permission to retrieve a list that describes one or more specified image builders, if the image builder names are provided. Otherwise, all image builders in the account are described",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeImageBuilders"
},
{
"resource_types": "image",
"description": "Grants permission to retrieve a list that describes the permissions for shared AWS account IDs on a private image that you own",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeImagePermissions"
},
{
"resource_types": "image",
"description": "Grants permission to retrieve a list that describes one or more specified images, if the image names are provided. Otherwise, all images in the account are described",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeImages"
},
{
"resource_types": "",
"description": "Grants permission to retrieve a list that describes the streaming sessions for the specified stack and fleet. If a user ID is provided for the stack and fleet, only the streaming sessions for that user are described",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSessions"
},
{
"resource_types": "stack",
"description": "Grants permission to retrieve a list that describes one or more specified stacks, if the stack names are provided. Otherwise, all stacks in the account are described",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStacks"
},
{
"resource_types": "",
"description": "Grants permission to retrieve a list that describes the UserStackAssociation objects",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUserStackAssociations"
},
{
"resource_types": "",
"description": "Grants permission to retrieve a list that describes users in the user pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUsers"
},
{
"resource_types": "",
"description": "Grants permission to disable the specified user in the user pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableUser"
},
{
"resource_types": "fleet",
"description": "Grants permission to disassociate the specified fleet from the specified stack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateFleet"
},
{
"resource_types": "",
"description": "Grants permission to enable a user in the user pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableUser"
},
{
"resource_types": "",
"description": "Grants permission to immediately stop the specified streaming session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ExpireSession"
},
{
"resource_types": "stack",
"description": "Grants permission to retrieve the name of the fleet associated with the specified stack",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListAssociatedFleets"
},
{
"resource_types": "fleet",
"description": "Grants permission to retrieve the name of the stack with which the specified fleet is associated",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListAssociatedStacks"
},
{
"resource_types": "",
"description": "Grants permission to retrieve a list of all tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, and stacks",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "fleet",
"description": "Grants permission to start the specified fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartFleet"
},
{
"resource_types": "image-builder",
"description": "Grants permission to start the specified image builder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartImageBuilder"
},
{
"resource_types": "fleet",
"description": "Grants permission to stop the specified fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopFleet"
},
{
"resource_types": "image-builder",
"description": "Grants permission to stop the specified image builder",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopImageBuilder"
},
{
"resource_types": "stack",
"description": "Grants permission to federated users to sign in by using their existing credentials and stream applications from the specified stack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Stream"
},
{
"resource_types": "",
"description": "Grants permission to add or overwrite one or more tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, and stacks",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "",
"description": "Grants permission to disassociate one or more tags from the specified AppStream 2.0 resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "",
"description": "Grants permission to update the specified Directory Config object in AppStream 2.0. This object includes the information required to join streaming instances to an Active Directory domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDirectoryConfig"
},
{
"resource_types": "fleet",
"description": "Grants permission to update the specified fleet. All attributes except the fleet name can be updated when the fleet is in the STOPPED state",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFleet"
},
{
"resource_types": "image",
"description": "Grants permission to add or update permissions for the specified private image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateImagePermissions"
},
{
"resource_types": "stack",
"description": "Grants permission to update the specified fields for the specified stack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateStack"
}
]
},
{
"service_name": "Identity And Access Management",
"privileges": [
{
"resource_types": "oidc-provider",
"description": "Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddClientIDToOpenIDConnectProvider"
},
{
"resource_types": "instance-profile",
"description": "Adds the specified IAM role to the specified instance profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddRoleToInstanceProfile"
},
{
"resource_types": "group",
"description": "Adds the specified user to the specified group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddUserToGroup"
},
{
"resource_types": "group",
"description": "Attaches the specified managed policy to the specified IAM group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AttachGroupPolicy"
},
{
"resource_types": "role",
"description": "Attaches the specified managed policy to the specified IAM role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AttachRolePolicy"
},
{
"resource_types": "user",
"description": "Attaches the specified managed policy to the specified user",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AttachUserPolicy"
},
{
"resource_types": "user",
"description": "Changes the password of the IAM user who is calling this action",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ChangePassword"
},
{
"resource_types": "user",
"description": "Creates a new AWS secret access key and corresponding AWS access key ID for the specified user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAccessKey"
},
{
"resource_types": "",
"description": "Creates an alias for your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAccountAlias"
},
{
"resource_types": "group",
"description": "Creates a new group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGroup"
},
{
"resource_types": "instance-profile",
"description": "Creates a new instance profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInstanceProfile"
},
{
"resource_types": "user",
"description": "Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLoginProfile"
},
{
"resource_types": "oidc-provider",
"description": "Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateOpenIDConnectProvider"
},
{
"resource_types": "policy",
"description": "Creates a new managed policy for your AWS account",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreatePolicy"
},
{
"resource_types": "policy",
"description": "Creates a new version of the specified managed policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "CreatePolicyVersion"
},
{
"resource_types": "role",
"description": "Creates a new role for your AWS account",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateRole"
},
{
"resource_types": "saml-provider",
"description": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSAMLProvider"
},
{
"resource_types": "user",
"description": "Creates a new IAM user for your AWS account",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "mfa",
"description": "Creates a new virtual MFA device for the AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVirtualMFADevice"
},
{
"resource_types": "user",
"description": "Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeactivateMFADevice"
},
{
"resource_types": "user",
"description": "Deletes the access key pair associated with the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAccessKey"
},
{
"resource_types": "",
"description": "Deletes the specified AWS account alias. For information about using an AWS account alias",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAccountAlias"
},
{
"resource_types": "",
"description": "Deletes the password policy for the AWS account",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteAccountPasswordPolicy"
},
{
"resource_types": "group",
"description": "Deletes the specified IAM group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroup"
},
{
"resource_types": "group",
"description": "Deletes the specified inline policy that is embedded in the specified IAM group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteGroupPolicy"
},
{
"resource_types": "instance-profile",
"description": "Deletes the specified instance profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInstanceProfile"
},
{
"resource_types": "user",
"description": "Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLoginProfile"
},
{
"resource_types": "oidc-provider",
"description": "Deletes an OpenID Connect identity provider (IdP) resource object in IAM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteOpenIDConnectProvider"
},
{
"resource_types": "policy",
"description": "Deletes the specified managed policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeletePolicy"
},
{
"resource_types": "policy",
"description": "Deletes the specified version from the specified managed policy",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeletePolicyVersion"
},
{
"resource_types": "role",
"description": "Deletes the specified role",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteRole"
},
{
"resource_types": "role",
"description": "Deletes the permissions boundary from a role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteRolePermissionsBoundary"
},
{
"resource_types": "role",
"description": "Deletes the specified inline policy that is embedded in the specified IAM role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteRolePolicy"
},
{
"resource_types": "saml-provider",
"description": "Deletes a SAML provider resource in IAM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSAMLProvider"
},
{
"resource_types": "user",
"description": "Deletes the specified SSH public key",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSSHPublicKey"
},
{
"resource_types": "server-certificate",
"description": "Deletes the specified server certificate",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServerCertificate"
},
{
"resource_types": "role",
"description": "Deletes an IAM role that is linked to a specific AWS service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServiceLinkedRole"
},
{
"resource_types": "user",
"description": "Deletes the specified service-specific credential for an IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServiceSpecificCredential"
},
{
"resource_types": "user",
"description": "Deletes a signing certificate associated with the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSigningCertificate"
},
{
"resource_types": "user",
"description": "Deletes the specified IAM user",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "user",
"description": "Deletes the permissions boundary from the user",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteUserPermissionsBoundary"
},
{
"resource_types": "user",
"description": "Deletes the specified inline policy that is embedded in the specified IAM user",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeleteUserPolicy"
},
{
"resource_types": "mfa",
"description": "Deletes a virtual MFA device",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVirtualMFADevice"
},
{
"resource_types": "group",
"description": "Removes the specified managed policy from the specified IAM group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DetachGroupPolicy"
},
{
"resource_types": "role",
"description": "Removes the specified managed policy from the specified role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DetachRolePolicy"
},
{
"resource_types": "user",
"description": "Removes the specified managed policy from the specified user",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DetachUserPolicy"
},
{
"resource_types": "user",
"description": "Enables the specified MFA device and associates it with the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableMFADevice"
},
{
"resource_types": "",
"description": "Generates a credential report for the AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GenerateCredentialReport"
},
{
"resource_types": "user",
"description": "Retrieves information about when the specified access key was last used",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccessKeyLastUsed"
},
{
"resource_types": "",
"description": "Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountAuthorizationDetails"
},
{
"resource_types": "",
"description": "Retrieves the password policy for the AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountPasswordPolicy"
},
{
"resource_types": "",
"description": "Retrieves information about IAM entity usage and IAM quotas in the AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetAccountSummary"
},
{
"resource_types": "",
"description": "Gets a list of all of the context keys referenced in the input policies",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetContextKeysForCustomPolicy"
},
{
"resource_types": "group",
"description": "Gets a list of all of the context keys referenced in all of the IAM policies attached to the specified IAM entity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetContextKeysForPrincipalPolicy"
},
{
"resource_types": "",
"description": "Retrieves a credential report for the AWS account. For more information about the credential report",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCredentialReport"
},
{
"resource_types": "group",
"description": "Returns a list of IAM users that are in the specified IAM group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGroup"
},
{
"resource_types": "group",
"description": "Retrieves the specified inline policy document that is embedded in the specified IAM group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetGroupPolicy"
},
{
"resource_types": "instance-profile",
"description": "Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInstanceProfile"
},
{
"resource_types": "user",
"description": "Retrieves the user name and password-creation date for the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetLoginProfile"
},
{
"resource_types": "oidc-provider",
"description": "Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetOpenIDConnectProvider"
},
{
"resource_types": "policy",
"description": "Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPolicy"
},
{
"resource_types": "policy",
"description": "Retrieves information about the specified version of the specified managed policy, including the policy document",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPolicyVersion"
},
{
"resource_types": "role",
"description": "Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRole"
},
{
"resource_types": "role",
"description": "Retrieves the specified inline policy document that is embedded with the specified IAM role",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRolePolicy"
},
{
"resource_types": "saml-provider",
"description": "Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created or updated",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSAMLProvider"
},
{
"resource_types": "user",
"description": "Retrieves the specified SSH public key, including metadata about the key",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSSHPublicKey"
},
{
"resource_types": "server-certificate",
"description": "Retrieves information about the specified server certificate stored in IAM",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetServerCertificate"
},
{
"resource_types": "role",
"description": "Retrieves an IAM service linked role deletion status",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetServiceLinkedRoleDeletionStatus"
},
{
"resource_types": "user",
"description": "Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUser"
},
{
"resource_types": "user",
"description": "Retrieves the specified inline policy document that is embedded in the specified IAM user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUserPolicy"
},
{
"resource_types": "user",
"description": "Returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccessKeys"
},
{
"resource_types": "",
"description": "Lists the account alias associated with the AWS account (Note: you can have only one",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccountAliases"
},
{
"resource_types": "group",
"description": "Lists all managed policies that are attached to the specified IAM group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAttachedGroupPolicies"
},
{
"resource_types": "role",
"description": "Lists all managed policies that are attached to the specified IAM role",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAttachedRolePolicies"
},
{
"resource_types": "user",
"description": "Lists all managed policies that are attached to the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAttachedUserPolicies"
},
{
"resource_types": "policy",
"description": "Lists all IAM users, groups, and roles that the specified managed policy is attached to",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEntitiesForPolicy"
},
{
"resource_types": "group",
"description": "Lists the names of the inline policies that are embedded in the specified IAM group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroupPolicies"
},
{
"resource_types": "",
"description": "Lists the IAM groups that have the specified path prefix",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroups"
},
{
"resource_types": "user",
"description": "Lists the IAM groups that the specified IAM user belongs to",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroupsForUser"
},
{
"resource_types": "instance-profile",
"description": "Lists the instance profiles that have the specified path prefix",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInstanceProfiles"
},
{
"resource_types": "role",
"description": "Lists the instance profiles that have the specified associated IAM role",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInstanceProfilesForRole"
},
{
"resource_types": "user",
"description": "Lists the MFA devices for an IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMFADevices"
},
{
"resource_types": "",
"description": "Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListOpenIDConnectProviders"
},
{
"resource_types": "",
"description": "Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPolicies"
},
{
"resource_types": "policy",
"description": "Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPolicyVersions"
},
{
"resource_types": "role",
"description": "Lists the names of the inline policies that are embedded in the specified IAM role",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRolePolicies"
},
{
"resource_types": "role",
"description": "Lists the tags that are attached to the specified role",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRoleTags"
},
{
"resource_types": "",
"description": "Lists the IAM roles that have the specified path prefix",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRoles"
},
{
"resource_types": "",
"description": "Lists the SAML provider resource objects defined in IAM in the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSAMLProviders"
},
{
"resource_types": "user",
"description": "Returns information about the SSH public keys associated with the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSSHPublicKeys"
},
{
"resource_types": "",
"description": "Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the action returns an empty list",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListServerCertificates"
},
{
"resource_types": "user",
"description": "List service-specific credentials associated with the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListServiceSpecificCredentials"
},
{
"resource_types": "user",
"description": "Returns information about the signing certificates associated with the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSigningCertificates"
},
{
"resource_types": "user",
"description": "Lists the names of the inline policies embedded in the specified IAM user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUserPolicies"
},
{
"resource_types": "user",
"description": "Lists the tags that are attached to the specified user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUserTags"
},
{
"resource_types": "",
"description": "Lists the IAM users that have the specified path prefix",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsers"
},
{
"resource_types": "",
"description": "Lists the virtual MFA devices defined in the AWS account by assignment status",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListVirtualMFADevices"
},
{
"resource_types": "group",
"description": "Adds or updates an inline policy document that is embedded in the specified IAM group",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutGroupPolicy"
},
{
"resource_types": "role",
"description": "Put a policy to a role as permissions boundary",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutRolePermissionsBoundary"
},
{
"resource_types": "role",
"description": "Adds or updates an inline policy document that is embedded in the specified IAM role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutRolePolicy"
},
{
"resource_types": "user",
"description": "Put a policy to a user as permissions boundary",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutUserPermissionsBoundary"
},
{
"resource_types": "user",
"description": "Adds or updates an inline policy document that is embedded in the specified IAM user",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutUserPolicy"
},
{
"resource_types": "oidc-provider",
"description": "Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveClientIDFromOpenIDConnectProvider"
},
{
"resource_types": "instance-profile",
"description": "Removes the specified IAM role from the specified EC2 instance profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveRoleFromInstanceProfile"
},
{
"resource_types": "group",
"description": "Removes the specified user from the specified group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveUserFromGroup"
},
{
"resource_types": "user",
"description": "Resets the password for an existing service-specific credential for an IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetServiceSpecificCredential"
},
{
"resource_types": "user",
"description": "Synchronizes the specified MFA device with its IAM resource object on the AWS servers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResyncMFADevice"
},
{
"resource_types": "policy",
"description": "Sets the specified version of the specified policy as the policy's default (operative) version",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "SetDefaultPolicyVersion"
},
{
"resource_types": "",
"description": "Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API actions and AWS resources to determine the policies' effective permissions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SimulateCustomPolicy"
},
{
"resource_types": "group",
"description": "Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SimulatePrincipalPolicy"
},
{
"resource_types": "role",
"description": "Adds one or more tags to an IAM role",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagRole"
},
{
"resource_types": "user",
"description": "Adds one or more tags to an IAM user",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagUser"
},
{
"resource_types": "role",
"description": "Removes the specified tags from the role",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagRole"
},
{
"resource_types": "user",
"description": "Removes the specified tags from the user",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagUser"
},
{
"resource_types": "user",
"description": "Changes the status of the specified access key from Active to Inactive, or vice versa",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccessKey"
},
{
"resource_types": "",
"description": "Updates the password policy settings for the AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccountPasswordPolicy"
},
{
"resource_types": "role",
"description": "Updates the policy that grants an IAM entity permission to assume a role",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "UpdateAssumeRolePolicy"
},
{
"resource_types": "group",
"description": "Updates the name and/or the path of the specified IAM group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGroup"
},
{
"resource_types": "user",
"description": "Changes the password for the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateLoginProfile"
},
{
"resource_types": "oidc-provider",
"description": "Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateOpenIDConnectProviderThumbprint"
},
{
"resource_types": "role",
"description": "Updates the description or maximum session duration setting of a role",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRole"
},
{
"resource_types": "role",
"description": "Modifies only the description of a role. This operation performs the same function as the Description parameter in the UpdateRole operation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRoleDescription"
},
{
"resource_types": "saml-provider",
"description": "Updates the metadata document for an existing SAML provider resource object",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSAMLProvider"
},
{
"resource_types": "user",
"description": "Sets the status of an IAM user's SSH public key to active or inactive",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSSHPublicKey"
},
{
"resource_types": "server-certificate",
"description": "Updates the name and/or the path of the specified server certificate stored in IAM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateServerCertificate"
},
{
"resource_types": "user",
"description": "Sets the status of a service-specific credential to active or inactive for an IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateServiceSpecificCredential"
},
{
"resource_types": "user",
"description": "Changes the status of the specified user signing certificate from active to disabled, or vice versa",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSigningCertificate"
},
{
"resource_types": "user",
"description": "Updates the name and/or the path of the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
},
{
"resource_types": "user",
"description": "Uploads an SSH public key and associates it with the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadSSHPublicKey"
},
{
"resource_types": "server-certificate",
"description": "Uploads a server certificate entity for the AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadServerCertificate"
},
{
"resource_types": "user",
"description": "Uploads an X.509 signing certificate and associates it with the specified IAM user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadSigningCertificate"
}
]
},
{
"service_name": "AWS Auto Scaling",
"privileges": [
{
"resource_types": "",
"description": "Creates a scaling plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateScalingPlan"
},
{
"resource_types": "",
"description": "Deletes the specified scaling plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteScalingPlan"
},
{
"resource_types": "",
"description": "Describes the scalable resources in the specified scaling plan",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScalingPlanResources"
},
{
"resource_types": "",
"description": "Describes the specified scaling plans or all of your scaling plans",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScalingPlans"
},
{
"resource_types": "",
"description": "Retrieves the forecast data for a scalable resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetScalingPlanResourceForecastData"
},
{
"resource_types": "",
"description": "Updates a scaling plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateScalingPlan"
}
]
},
{
"service_name": "Amazon CloudSearch",
"privileges": [
{
"resource_types": "domain",
"description": "Attaches resource tags to an Amazon CloudSearch domain",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "domain",
"description": "Indexes the search suggestions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BuildSuggesters"
},
{
"resource_types": "domain",
"description": "Creates a new search domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDomain"
},
{
"resource_types": "domain",
"description": "Configures an analysis scheme that can be applied to a text or text-array field to define language-specific text processing options",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DefineAnalysisScheme"
},
{
"resource_types": "domain",
"description": "Configures an Expression for the search domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DefineExpression"
},
{
"resource_types": "domain",
"description": "Configures an IndexField for the search domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DefineIndexField"
},
{
"resource_types": "domain",
"description": "Configures a suggester for a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DefineSuggester"
},
{
"resource_types": "domain",
"description": "Deletes an analysis scheme",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAnalysisScheme"
},
{
"resource_types": "domain",
"description": "Permanently deletes a search domain and all of its data",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomain"
},
{
"resource_types": "domain",
"description": "Removes an Expression from the search domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteExpression"
},
{
"resource_types": "domain",
"description": "Removes an IndexField from the search domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIndexField"
},
{
"resource_types": "domain",
"description": "Deletes a suggester",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSuggester"
},
{
"resource_types": "domain",
"description": "Gets the analysis schemes configured for a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAnalysisSchemes"
},
{
"resource_types": "domain",
"description": "Gets the availability options configured for a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAvailabilityOptions"
},
{
"resource_types": "domain",
"description": "Gets information about the search domains owned by this account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDomains"
},
{
"resource_types": "domain",
"description": "Gets the expressions configured for the search domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeExpressions"
},
{
"resource_types": "domain",
"description": "Gets information about the index fields configured for the search domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeIndexFields"
},
{
"resource_types": "domain",
"description": "Gets the scaling parameters configured for a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScalingParameters"
},
{
"resource_types": "domain",
"description": "Gets information about the access policies that control access to the domain's document and search endpoints",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeServiceAccessPolicies"
},
{
"resource_types": "domain",
"description": "Gets the suggesters configured for a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSuggesters"
},
{
"resource_types": "domain",
"description": "Tells the search domain to start indexing its documents using the latest indexing options",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "IndexDocuments"
},
{
"resource_types": "domain",
"description": "Lists all search domains owned by an account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDomainNames"
},
{
"resource_types": "domain",
"description": "Displays all of the resource tags for an Amazon CloudSearch domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "domain",
"description": "Removes the specified resource tags from an Amazon ES domain",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "domain",
"description": "Configures the availability options for a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAvailabilityOptions"
},
{
"resource_types": "domain",
"description": "Configures scaling parameters for a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateScalingParameters"
},
{
"resource_types": "domain",
"description": "Configures the access rules that control access to the domain's document and search endpoints",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "UpdateServiceAccessPolicies"
},
{
"resource_types": "domain",
"description": "Allows access to the document service operations",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "document"
},
{
"resource_types": "domain",
"description": "Allows access to the search operations",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "search"
},
{
"resource_types": "domain",
"description": "Allows access to the suggest operations",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "suggest"
}
]
},
{
"service_name": "AWS Device Farm",
"privileges": [
{
"resource_types": "",
"description": "Creates a device pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDevicePool"
},
{
"resource_types": "",
"description": "Creates a new project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProject"
},
{
"resource_types": "",
"description": "Specifies and starts a remote access session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRemoteAccessSession"
},
{
"resource_types": "",
"description": "Creates a new project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUpload"
},
{
"resource_types": "",
"description": "Deletes a device pool given the pool ARN. Does not allow deletion of curated pools owned by the system",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDevicePool"
},
{
"resource_types": "",
"description": "Deletes an AWS Device Farm project, given the project ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProject"
},
{
"resource_types": "",
"description": "Deletes a completed remote access session and its results",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRemoteAccessSession"
},
{
"resource_types": "",
"description": "Deletes the run, given the run ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRun"
},
{
"resource_types": "",
"description": "Deletes an upload given the upload ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUpload"
},
{
"resource_types": "",
"description": "Returns the number of unmetered iOS and/or unmetered Android devices that have been purchased by the account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountSettings"
},
{
"resource_types": "",
"description": "Gets information about a unique device type",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDevice"
},
{
"resource_types": "",
"description": "Gets information about a device pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDevicePool"
},
{
"resource_types": "",
"description": "Gets information about compatibility with a device pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDevicePoolCompatibility"
},
{
"resource_types": "",
"description": "Gets information about a job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJob"
},
{
"resource_types": "",
"description": "Gets the current status and future status of all offerings purchased by an AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetOfferingStatus"
},
{
"resource_types": "",
"description": "Gets information about a project",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetProject"
},
{
"resource_types": "",
"description": "Returns a link to a currently running remote access session",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRemoteAccessSession"
},
{
"resource_types": "",
"description": "Gets information about a run",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRun"
},
{
"resource_types": "",
"description": "Gets information about a suite",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSuite"
},
{
"resource_types": "",
"description": "Gets information about a test",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTest"
},
{
"resource_types": "",
"description": "Gets information about an upload",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUpload"
},
{
"resource_types": "",
"description": "Installs an application to the device in a remote access session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InstallToRemoteAccessSession"
},
{
"resource_types": "",
"description": "Gets information about artifacts",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListArtifacts"
},
{
"resource_types": "",
"description": "Gets information about device pools",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDevicePools"
},
{
"resource_types": "",
"description": "Gets information about unique device types",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDevices"
},
{
"resource_types": "",
"description": "Gets information about jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "",
"description": "Returns a list of all historical purchases, renewals, and system renewal transactions for an AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListOfferingTransactions"
},
{
"resource_types": "",
"description": "Returns a list of products or offerings that the user can manage through the API",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListOfferings"
},
{
"resource_types": "",
"description": "Gets information about projects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProjects"
},
{
"resource_types": "",
"description": "Returns a list of all currently running remote access sessions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRemoteAccessSessions"
},
{
"resource_types": "",
"description": "Gets information about runs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRuns"
},
{
"resource_types": "",
"description": "Gets information about samples",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSamples"
},
{
"resource_types": "",
"description": "Gets information about suites",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSuites"
},
{
"resource_types": "",
"description": "Gets information about tests",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTests"
},
{
"resource_types": "",
"description": "Gets information about unique problems",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUniqueProblems"
},
{
"resource_types": "",
"description": "Gets information about uploads",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUploads"
},
{
"resource_types": "",
"description": "Immediately purchases offerings for an AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseOffering"
},
{
"resource_types": "",
"description": "Explicitly sets the quantity of devices to renew for an offering, starting from the effectiveDate of the next period",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RenewOffering"
},
{
"resource_types": "",
"description": "Schedules a run",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ScheduleRun"
},
{
"resource_types": "",
"description": "Ends a specified remote access session",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopRemoteAccessSession"
},
{
"resource_types": "",
"description": "Initiates a stop request for the current test run",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopRun"
},
{
"resource_types": "",
"description": "Modifies the name, description, and rules in a device pool given the attributes and the pool ARN",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDevicePool"
},
{
"resource_types": "",
"description": "Modifies the specified project name, given the project ARN and a new name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProject"
}
]
},
{
"service_name": "Data Pipeline",
"privileges": [
{
"resource_types": "",
"description": "Validates the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ActivatePipeline"
},
{
"resource_types": "",
"description": "Adds or modifies tags for the specified pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "",
"description": "Creates a new, empty pipeline",
"condition_keys": [
"datapipeline:Tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePipeline"
},
{
"resource_types": "",
"description": "Deactivates the specified running pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeactivatePipeline"
},
{
"resource_types": "",
"description": "Deletes a pipeline, its pipeline definition, and its run history",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePipeline"
},
{
"resource_types": "",
"description": "Gets the object definitions for a set of objects associated with the pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeObjects"
},
{
"resource_types": "",
"description": "Retrieves metadata about one or more pipelines",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePipelines"
},
{
"resource_types": "",
"description": "Task runners call EvaluateExpression to evaluate a string in the context of the specified object",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "EvaluateExpression"
},
{
"resource_types": "",
"description": "Description for GetAccountLimits",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "GetAccountLimits"
},
{
"resource_types": "",
"description": "Gets the definition of the specified pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPipelineDefinition"
},
{
"resource_types": "",
"description": "Lists the pipeline identifiers for all active pipelines that you have permission to access",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPipelines"
},
{
"resource_types": "",
"description": "Task runners call PollForTask to receive a task to perform from AWS Data Pipeline",
"condition_keys": [
"datapipeline:workerGroup"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PollForTask"
},
{
"resource_types": "",
"description": "Description for PutAccountLimits",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAccountLimits"
},
{
"resource_types": "",
"description": "Adds tasks, schedules, and preconditions to the specified pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutPipelineDefinition"
},
{
"resource_types": "",
"description": "Queries the specified pipeline for the names of objects that match the specified set of conditions",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "QueryObjects"
},
{
"resource_types": "",
"description": "Removes existing tags from the specified pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "",
"description": "Task runners call ReportTaskProgress when assigned a task to acknowledge that it has the task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReportTaskProgress"
},
{
"resource_types": "",
"description": "Task runners call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReportTaskRunnerHeartbeat"
},
{
"resource_types": "",
"description": "Requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetStatus"
},
{
"resource_types": "",
"description": "Task runners call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetTaskStatus"
},
{
"resource_types": "",
"description": "Validates the specified pipeline definition to ensure that it is well formed and can be run without error",
"condition_keys": [
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ValidatePipelineDefinition"
}
]
},
{
"service_name": "Amazon Polly",
"privileges": [
{
"resource_types": "lexicon",
"description": "Deletes the specified pronunciation lexicon stored in an AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLexicon"
},
{
"resource_types": "",
"description": "Returns the list of voices that are available for use when requesting speech synthesis",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVoices"
},
{
"resource_types": "lexicon",
"description": "Returns the content of the specified pronunciation lexicon stored in an AWS Region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLexicon"
},
{
"resource_types": "",
"description": "Enables the user to get information about specific speech synthesis task",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSpeechSynthesisTask"
},
{
"resource_types": "",
"description": "Returns a list of pronunciation lexicons stored in an AWS Region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLexicons"
},
{
"resource_types": "",
"description": "Enables the user to list requested speech synthesis tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSpeechSynthesisTasks"
},
{
"resource_types": "lexicon",
"description": "Stores a pronunciation lexicon in an AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutLexicon"
},
{
"resource_types": "lexicon",
"description": "Enables the user to synthesize long inputs to provided S3 location",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:PutObject"
],
"privilege": "StartSpeechSynthesisTask"
},
{
"resource_types": "lexicon",
"description": "Synthesizes UTF-8 input, plain text or SSML, to a stream of bytes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SynthesizeSpeech"
}
]
},
{
"service_name": "AWS CodePipeline",
"privileges": [
{
"resource_types": "",
"description": "Returns information about a specified job and whether that job has been received by the job worker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcknowledgeJob"
},
{
"resource_types": "",
"description": "Confirms a job worker has received the specified job. Only used for partner actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcknowledgeThirdPartyJob"
},
{
"resource_types": "actiontype",
"description": "Create a custom action you can use in the pipelines associated with your AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCustomActionType"
},
{
"resource_types": "pipeline",
"description": "Create a uniquely named pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePipeline"
},
{
"resource_types": "actiontype",
"description": "Delete a custom action",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCustomActionType"
},
{
"resource_types": "pipeline",
"description": "Delete a specified pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePipeline"
},
{
"resource_types": "webhook",
"description": "Delete a specified webhook",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteWebhook"
},
{
"resource_types": "webhook",
"description": "Remove the registration of a webhook with the third party specified in its configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterWebhookWithThirdParty"
},
{
"resource_types": "stage",
"description": "Prevent revisions from transitioning to the next stage in a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableStageTransition"
},
{
"resource_types": "stage",
"description": "Enable revisions to transition to the next stage in a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableStageTransition"
},
{
"resource_types": "",
"description": "Returns information about a job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJobDetails"
},
{
"resource_types": "pipeline",
"description": "Retrieve information about a pipeline structure",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPipeline"
},
{
"resource_types": "pipeline",
"description": "Returns information about an execution of a pipeline, including details about artifacts, the pipeline execution ID, and the name, version, and status of the pipeline",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPipelineExecution"
},
{
"resource_types": "pipeline",
"description": "Retrieve information about the current state of the stages and actions of a pipeline",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPipelineState"
},
{
"resource_types": "",
"description": "Requests the details of a job for a third party action. Only used for partner actions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetThirdPartyJobDetails"
},
{
"resource_types": "actiontype",
"description": "Retrieve a summary of all the action types available for pipelines in your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListActionTypes"
},
{
"resource_types": "pipeline",
"description": "Gets a summary of the most recent executions for a pipeline",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPipelineExecutions"
},
{
"resource_types": "pipeline",
"description": "Get a summary of all the pipelines associated with your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPipelines"
},
{
"resource_types": "webhook",
"description": "Get all the webhooks associated with your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListWebhooks"
},
{
"resource_types": "actiontype",
"description": "Returns information about any jobs for AWS CodePipeline to act upon",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PollForJobs"
},
{
"resource_types": "",
"description": "Determines whether there are any third party jobs for a job worker to act on. Only used for partner actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PollForThirdPartyJobs"
},
{
"resource_types": "action",
"description": "Edit actions within a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutActionRevision"
},
{
"resource_types": "",
"description": "Provides the response to a manual approval request to AWS CodePipeline. Valid responses include Approved and Rejected",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutApprovalResult"
},
{
"resource_types": "",
"description": "Represents the failure of a job as returned to the pipeline by a job worker. Only used for custom actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutJobFailureResult"
},
{
"resource_types": "",
"description": "Represents the success of a job as returned to the pipeline by a job worker. Only used for custom actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutJobSuccessResult"
},
{
"resource_types": "",
"description": "Represents the failure of a third party job as returned to the pipeline by a job worker. Only used for partner actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutThirdPartyJobFailureResult"
},
{
"resource_types": "",
"description": "Represents the success of a third party job as returned to the pipeline by a job worker. Only used for partner actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutThirdPartyJobSuccessResult"
},
{
"resource_types": "pipeline",
"description": "Create or update a webhook",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutWebhook"
},
{
"resource_types": "webhook",
"description": "Register a webhook with the third party specified in its configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterWebhookWithThirdParty"
},
{
"resource_types": "stage",
"description": "Resumes the pipeline execution by retrying the last failed actions in a stage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RetryStageExecution"
},
{
"resource_types": "pipeline",
"description": "Run the most recent revision through the pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartPipelineExecution"
},
{
"resource_types": "pipeline",
"description": "Update a pipeline with changes to the structure of the pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePipeline"
}
]
},
{
"service_name": "AWS Batch",
"privileges": [
{
"resource_types": "",
"description": "Cancels jobs in an AWS Batch job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelJob"
},
{
"resource_types": "",
"description": "Creates an AWS Batch compute environment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateComputeEnvironment"
},
{
"resource_types": "",
"description": "Creates an AWS Batch job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJobQueue"
},
{
"resource_types": "",
"description": "Deletes an AWS Batch compute environment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteComputeEnvironment"
},
{
"resource_types": "",
"description": "Deletes the specified job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteJobQueue"
},
{
"resource_types": "job-definition",
"description": "Deregisters an AWS Batch job definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterJobDefinition"
},
{
"resource_types": "",
"description": "Describes one or more of your compute environments",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeComputeEnvironments"
},
{
"resource_types": "",
"description": "Describes a list of job definitions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeJobDefinitions"
},
{
"resource_types": "",
"description": "Describes one or more of your job queues",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeJobQueues"
},
{
"resource_types": "",
"description": "Describes a list of AWS Batch jobs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeJobs"
},
{
"resource_types": "",
"description": "Returns a list of task jobs for a specified job queue",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "job-definition",
"description": "Registers an AWS Batch job definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterJobDefinition"
},
{
"resource_types": "job-definition",
"description": "Submits an AWS Batch job from a job definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubmitJob"
},
{
"resource_types": "",
"description": "Terminates jobs in a job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateJob"
},
{
"resource_types": "",
"description": "Updates an AWS Batch compute environment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateComputeEnvironment"
},
{
"resource_types": "",
"description": "Updates a job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateJobQueue"
}
]
},
{
"service_name": "AWS IoT Events",
"privileges": [
{
"resource_types": "input",
"description": "Sends a set of messages to the AWS IoT Events system",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchPutMessage"
},
{
"resource_types": "",
"description": "Creates a detector model",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDetectorModel"
},
{
"resource_types": "",
"description": "Creates an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInput"
},
{
"resource_types": "detectorModel",
"description": "Deletes a detector model",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDetectorModel"
},
{
"resource_types": "input",
"description": "Deletes an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInput"
},
{
"resource_types": "detectorModel",
"description": "Returns information about the specified detector (instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDetector"
},
{
"resource_types": "detectorModel",
"description": "Describes a detector model",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDetectorModel"
},
{
"resource_types": "input",
"description": "Describes an input",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeInput"
},
{
"resource_types": "",
"description": "Retrieves the current settings of the AWS IoT Events logging options",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLoggingOptions"
},
{
"resource_types": "detectorModel",
"description": "Lists all the versions of a detector model. Only the metadata associated with each detector model version is returned",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDetectorModelVersions"
},
{
"resource_types": "",
"description": "Lists the detector models you have created. Only the metadata associated with each detector model is returned",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDetectorModels"
},
{
"resource_types": "detectorModel",
"description": "Lists detectors (the instances of a detector model",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDetectors"
},
{
"resource_types": "",
"description": "Sets or updates the AWS IoT Events logging options",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutLoggingOptions"
},
{
"resource_types": "detectorModel",
"description": "Updates a detector model",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDetectorModel"
},
{
"resource_types": "input",
"description": "Updates an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateInput"
}
]
},
{
"service_name": "AWS Server Migration Service",
"privileges": [
{
"resource_types": "",
"description": "Create an application configuration to migrate on-premise application onto AWS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApp"
},
{
"resource_types": "",
"description": "Create a job to migrate on-premise server onto AWS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReplicationJob"
},
{
"resource_types": "",
"description": "Delete an existing application configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApp"
},
{
"resource_types": "",
"description": "Delete launch configuration for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAppLaunchConfiguration"
},
{
"resource_types": "",
"description": "Delete replication configuration for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAppReplicationConfiguration"
},
{
"resource_types": "",
"description": "Delete an existing job to migrate on-premise server onto AWS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReplicationJob"
},
{
"resource_types": "",
"description": "Delete the complete list of on-premise servers gathered into AWS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteServerCatalog"
},
{
"resource_types": "",
"description": "Disassociate a connector that has been associated",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateConnectors"
},
{
"resource_types": "",
"description": "Generate a changeSet for the CloudFormation stack of an application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateChangeSet"
},
{
"resource_types": "",
"description": "Generate a CloudFormation template for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateTemplate"
},
{
"resource_types": "",
"description": "Get the configuration and statuses for an existing application",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetApp"
},
{
"resource_types": "",
"description": "Get launch configuration for an existing application",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAppLaunchConfiguration"
},
{
"resource_types": "",
"description": "Get replication configuration for an existing application",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAppReplicationConfiguration"
},
{
"resource_types": "",
"description": "Get all connectors that have been associated",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetConnectors"
},
{
"resource_types": "",
"description": "Get all existing jobs to migrate on-premise servers onto AWS",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReplicationJobs"
},
{
"resource_types": "",
"description": "Get all runs for an existing job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReplicationRuns"
},
{
"resource_types": "",
"description": "Get all servers that have been imported",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetServers"
},
{
"resource_types": "",
"description": "Gathers a complete list of on-premise servers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportServerCatalog"
},
{
"resource_types": "",
"description": "Create and launch a CloudFormation stack for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "LaunchApp"
},
{
"resource_types": "",
"description": "Get a list of summaries for existing applications",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListApps"
},
{
"resource_types": "",
"description": "Create or update launch configuration for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAppLaunchConfiguration"
},
{
"resource_types": "",
"description": "Create or update replication configuration for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutAppReplicationConfiguration"
},
{
"resource_types": "",
"description": "Create and start replication jobs for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartAppReplication"
},
{
"resource_types": "",
"description": "Start a replication run for an existing replication job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartOnDemandReplicationRun"
},
{
"resource_types": "",
"description": "Stop and delete replication jobs for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopAppReplication"
},
{
"resource_types": "",
"description": "Terminate the CloudFormation stack for an existing application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateApp"
},
{
"resource_types": "",
"description": "Update an existing application configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApp"
},
{
"resource_types": "",
"description": "Update an existing job to migrate on-premise server onto AWS",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateReplicationJob"
}
]
},
{
"service_name": "Manage Amazon API Gateway",
"privileges": [
{
"resource_types": "apigateway-general",
"description": "Used to delete resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DELETE"
},
{
"resource_types": "apigateway-general",
"description": "Used to get information about resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GET"
},
{
"resource_types": "apigateway-general",
"description": "Used to update resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PATCH"
},
{
"resource_types": "apigateway-general",
"description": "Used to create child resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "POST"
},
{
"resource_types": "apigateway-general",
"description": "Used to update resources (and, although not recommended, can be used to create child resources",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PUT"
}
]
},
{
"service_name": "AWS CodeCommit",
"privileges": [
{
"resource_types": "repository",
"description": "Returns information about one or more pull requests in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetPullRequests"
},
{
"resource_types": "repository",
"description": "Get information about multiple repositories",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetRepositories"
},
{
"resource_types": "repository",
"description": "Required to cancel the uploading of an archive to a pipeline",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "CancelUploadArchive"
},
{
"resource_types": "repository",
"description": "Create a branch in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBranch"
},
{
"resource_types": "repository",
"description": "Creates a pull request in the specified repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePullRequest"
},
{
"resource_types": "repository",
"description": "Create a new AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRepository"
},
{
"resource_types": "repository",
"description": "Delete a branch in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBranch"
},
{
"resource_types": "repository",
"description": "Deletes the content of a comment made on a change, file, or commit in a repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCommentContent"
},
{
"resource_types": "repository",
"description": "Deletes a specified file from a specified branch",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFile"
},
{
"resource_types": "repository",
"description": "Delete an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRepository"
},
{
"resource_types": "repository",
"description": "Returns information about one or more pull request events",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePullRequestEvents"
},
{
"resource_types": "repository",
"description": "View the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBlob"
},
{
"resource_types": "repository",
"description": "Get details about a branch in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBranch"
},
{
"resource_types": "repository",
"description": "Returns the content of a comment made on a change, file, or commit in a repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetComment"
},
{
"resource_types": "repository",
"description": "Returns information about comments made on the comparison between two commits",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCommentsForComparedCommit"
},
{
"resource_types": "repository",
"description": "Returns comments made on a pull request",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCommentsForPullRequest"
},
{
"resource_types": "repository",
"description": "Returns information about a commit, including commit message and committer information",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCommit"
},
{
"resource_types": "repository",
"description": "Returns information about the history of commits in a repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCommitHistory"
},
{
"resource_types": "repository",
"description": "Returns information about the difference between commits in the context of a potential merge",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCommitsFromMergeBase"
},
{
"resource_types": "repository",
"description": "Enables the user to view information about the differences in a valid commit specifier (such as a branch, tag, HEAD, commit ID or other fully qualified reference). Results can be limited to a specified path",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDifferences"
},
{
"resource_types": "repository",
"description": "Returns the base-64 encoded contents of a specified file and its metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFile"
},
{
"resource_types": "repository",
"description": "Returns the contents of a specified folder in a repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFolder"
},
{
"resource_types": "repository",
"description": "Returns information about merge conflicts between the before and after commit IDs for a pull request in a repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMergeConflicts"
},
{
"resource_types": "repository",
"description": "Resolve blobs, trees, and commits to their identifier",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetObjectIdentifier"
},
{
"resource_types": "repository",
"description": "Gets information about a pull request in a specified repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPullRequest"
},
{
"resource_types": "repository",
"description": "Get details about references in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReferences"
},
{
"resource_types": "repository",
"description": "Get information about a single AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRepository"
},
{
"resource_types": "repository",
"description": "Gets information about triggers configured for a repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRepositoryTriggers"
},
{
"resource_types": "repository",
"description": "View the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTree"
},
{
"resource_types": "repository",
"description": "Required to determine the status of an archive upload: whether it is in progress, complete, cancelled, or if an error occurred",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUploadArchiveStatus"
},
{
"resource_types": "repository",
"description": "Pull information from an AWS CodeCommit repository to a local repo",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GitPull"
},
{
"resource_types": "repository",
"description": "Push information from a local repo to an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GitPush"
},
{
"resource_types": "repository",
"description": "Get a list of branches in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBranches"
},
{
"resource_types": "repository",
"description": "Returns a list of pull requests for a specified repository. The return list can be refined by pull request status or pull request author ARN",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPullRequests"
},
{
"resource_types": "",
"description": "Gets information about one or more repositories",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRepositories"
},
{
"resource_types": "repository",
"description": "Closes a pull request and attempts to merge the source commit of a pull request into the specified destination branch for that pull request at the specified commit using the fast-forward merge option",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "MergePullRequestByFastForward"
},
{
"resource_types": "repository",
"description": "Posts a comment on the comparison between two commits",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PostCommentForComparedCommit"
},
{
"resource_types": "repository",
"description": "Posts a comment on a pull request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PostCommentForPullRequest"
},
{
"resource_types": "repository",
"description": "Posts a comment in reply to an existing comment on a comparison between commits or a pull request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PostCommentReply"
},
{
"resource_types": "repository",
"description": "Enables the user to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutFile"
},
{
"resource_types": "repository",
"description": "Replaces all triggers for a repository. This can be used to create or delete triggers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutRepositoryTriggers"
},
{
"resource_types": "repository",
"description": "Tests the functionality of repository triggers by sending information to the trigger target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TestRepositoryTriggers"
},
{
"resource_types": "repository",
"description": "Replaces the contents of a comment",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateComment"
},
{
"resource_types": "repository",
"description": "Change the default branch in an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDefaultBranch"
},
{
"resource_types": "repository",
"description": "Replaces the contents of the description of a pull request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePullRequestDescription"
},
{
"resource_types": "repository",
"description": "Updates the status of a pull request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePullRequestStatus"
},
{
"resource_types": "repository",
"description": "Replaces the title of a pull request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePullRequestTitle"
},
{
"resource_types": "repository",
"description": "Change the description of an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRepositoryDescription"
},
{
"resource_types": "repository",
"description": "Change the name of an AWS CodeCommit repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRepositoryName"
},
{
"resource_types": "repository",
"description": "Allows the service role for AWS CodePipeline to upload repository changes into a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UploadArchive"
}
]
},
{
"service_name": "AWS Backup",
"privileges": [
{
"resource_types": "backupVault",
"description": "Creates a new backup plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBackupPlan"
},
{
"resource_types": "",
"description": "Creates a new resource assignment in a backup plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBackupSelection"
},
{
"resource_types": "backupVault",
"description": "Creates a new backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBackupVault"
},
{
"resource_types": "",
"description": "Deletes a backup plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackupPlan"
},
{
"resource_types": "",
"description": "Deletes a resource assignment from a backup plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackupSelection"
},
{
"resource_types": "backupVault",
"description": "Deletes a backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackupVault"
},
{
"resource_types": "backupVault",
"description": "Deletes backup vault access policy",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackupVaultAccessPolicy"
},
{
"resource_types": "backupVault",
"description": "Remove notifications from backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBackupVaultNotifications"
},
{
"resource_types": "backupVault",
"description": "Deletes a recovery point from a backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRecoveryPoint"
},
{
"resource_types": "",
"description": "Describes a backup job",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeBackupJob"
},
{
"resource_types": "backupVault",
"description": "Creates a new backup vault with the specified name",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBackupVault"
},
{
"resource_types": "",
"description": "Describes a protected resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeProtectedResource"
},
{
"resource_types": "backupVault",
"description": "Describes a recovery point",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRecoveryPoint"
},
{
"resource_types": "backupVault",
"description": "Describes a restore job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRestoreJob"
},
{
"resource_types": "",
"description": "Exports a backup plan as a JSON",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ExportBackupPlanTemplate"
},
{
"resource_types": "",
"description": "Gets a backup plan",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupPlan"
},
{
"resource_types": "",
"description": "Transforms a JSON to a backup plan",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupPlanFromJSON"
},
{
"resource_types": "",
"description": "Transforms a template to a backup plan",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupPlanFromTemplate"
},
{
"resource_types": "backupVault",
"description": "Gets a backup plan resource assignment",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupSelection"
},
{
"resource_types": "backupVault",
"description": "Gets backup vault access policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupVaultAccessPolicy"
},
{
"resource_types": "backupVault",
"description": "Gets backup vault notifications",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBackupVaultNotifications"
},
{
"resource_types": "backupVault",
"description": "Gets recovery point restore metadata",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetRecoveryPointRestoreMetadata"
},
{
"resource_types": "",
"description": "Gets supported resource types",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSupportedResourceTypes"
},
{
"resource_types": "",
"description": "Lists backup jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupJobs"
},
{
"resource_types": "",
"description": "Lists backup plan templates provided by AWS Backup",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupPlanTemplates"
},
{
"resource_types": "",
"description": "Lists backup plan versions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupPlanVersions"
},
{
"resource_types": "",
"description": "Lists backup plans",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupPlans"
},
{
"resource_types": "",
"description": "Lists resource assignments for a specific backup plan",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupSelections"
},
{
"resource_types": "",
"description": "Lists backup vaults",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBackupVaults"
},
{
"resource_types": "",
"description": "Lists protected resources by AWS Backup",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProtectedResources"
},
{
"resource_types": "backupVault",
"description": "Lists recovery points inside a backup vault",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRecoveryPointsByBackupVault"
},
{
"resource_types": "",
"description": "Lists recovery points for a resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRecoveryPointsByResource"
},
{
"resource_types": "backupVault",
"description": "Lists restore jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRestoreJobs"
},
{
"resource_types": "",
"description": "Lists tags for a resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "backupVault",
"description": "Adds an access policy to the backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutBackupVaultAccessPolicy"
},
{
"resource_types": "backupVault",
"description": "Adds an SNS topic to the backup vault",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutBackupVaultNotifications"
},
{
"resource_types": "backupVault",
"description": "Starts a new backup job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartBackupJob"
},
{
"resource_types": "backupVault",
"description": "Starts a new restore job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartRestoreJob"
},
{
"resource_types": "backupVault",
"description": "Stops a backup job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopBackupJob"
},
{
"resource_types": "",
"description": "Tags a resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "",
"description": "Untags a resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "",
"description": "Updates a backup plan",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateBackupPlan"
},
{
"resource_types": "backupVault",
"description": "Updates the lifecycle of the recovery point",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRecoveryPointLifecycle"
}
]
},
{
"service_name": "Comprehend Medical",
"privileges": [
{
"resource_types": "",
"description": "Inspects the specified text for the specified type of entities and returns information about them",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectEntities"
},
{
"resource_types": "",
"description": "Inspects the specified text for PHI entities and returns information about them",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectPHI"
}
]
},
{
"service_name": "Amazon Kinesis Analytics",
"privileges": [
{
"resource_types": "application",
"description": "Adds input to the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddApplicationInput"
},
{
"resource_types": "application",
"description": "Adds output to the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddApplicationOutput"
},
{
"resource_types": "application",
"description": "Adds reference data source to the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddApplicationReferenceDataSource"
},
{
"resource_types": "",
"description": "Creates an application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApplication"
},
{
"resource_types": "application",
"description": "Deletes the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApplication"
},
{
"resource_types": "application",
"description": "Deletes the specified output of the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApplicationOutput"
},
{
"resource_types": "application",
"description": "Deletes the specified reference data source of the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApplicationReferenceDataSource"
},
{
"resource_types": "application",
"description": "Describes the specified application",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeApplication"
},
{
"resource_types": "",
"description": "Discovers the input schema for the application",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DiscoverInputSchema"
},
{
"resource_types": "",
"description": "List applications for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListApplications"
},
{
"resource_types": "application",
"description": "Starts the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartApplication"
},
{
"resource_types": "application",
"description": "Stops the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopApplication"
},
{
"resource_types": "application",
"description": "Updates the application",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateApplication"
}
]
},
{
"service_name": "Amazon EC2",
"privileges": [
{
"resource_types": "",
"description": "Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptReservedInstancesExchangeQuote"
},
{
"resource_types": "",
"description": "Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptVpcEndpointConnections"
},
{
"resource_types": "vpc",
"description": "Accept a VPC peering connection request",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptVpcPeeringConnection"
},
{
"resource_types": "",
"description": "Acquires an Elastic IP address",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocateAddress"
},
{
"resource_types": "",
"description": "Allocates a Dedicated Host to your account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AllocateHosts"
},
{
"resource_types": "",
"description": "Assigns one or more IPv6 addresses to the specified network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssignIpv6Addresses"
},
{
"resource_types": "",
"description": "Assigns one or more secondary private IP addresses to the specified network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssignPrivateIpAddresses"
},
{
"resource_types": "",
"description": "Associates an Elastic IP address with an instance or a network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateAddress"
},
{
"resource_types": "",
"description": "Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateDhcpOptions"
},
{
"resource_types": "instance",
"description": "Associates an IAM instance profile with a running or stopped instance",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [
"iam:PassRole"
],
"privilege": "AssociateIamInstanceProfile"
},
{
"resource_types": "",
"description": "Associates a subnet with a route table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateRouteTable"
},
{
"resource_types": "",
"description": "Associates a CIDR block with your subnet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateSubnetCidrBlock"
},
{
"resource_types": "",
"description": "Associates a CIDR block with your VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateVpcCidrBlock"
},
{
"resource_types": "instance",
"description": "Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachClassicLinkVpc"
},
{
"resource_types": "",
"description": "Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachInternetGateway"
},
{
"resource_types": "",
"description": "Attaches a network interface to an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachNetworkInterface"
},
{
"resource_types": "instance",
"description": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachVolume"
},
{
"resource_types": "",
"description": "Attaches a virtual private gateway to a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachVpnGateway"
},
{
"resource_types": "security-group",
"description": "EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AuthorizeSecurityGroupEgress"
},
{
"resource_types": "security-group",
"description": "Adds one or more ingress rules to a security group",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AuthorizeSecurityGroupIngress"
},
{
"resource_types": "",
"description": "Bundles an Amazon instance store-backed Windows instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BundleInstance"
},
{
"resource_types": "",
"description": "Cancels a bundling operation for an instance store-backed Windows instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelBundleTask"
},
{
"resource_types": "",
"description": "Cancels an active conversion task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelConversionTask"
},
{
"resource_types": "",
"description": "Cancels an active export task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelExportTask"
},
{
"resource_types": "",
"description": "Cancels an in-process import virtual machine or import snapshot task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelImportTask"
},
{
"resource_types": "",
"description": "Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelReservedInstancesListing"
},
{
"resource_types": "",
"description": "Cancels the specified Spot fleet requests",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelSpotFleetRequests"
},
{
"resource_types": "",
"description": "Cancels one or more Spot instance requests",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelSpotInstanceRequests"
},
{
"resource_types": "",
"description": "Determines whether a product code is associated with an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ConfirmProductInstance"
},
{
"resource_types": "",
"description": "Initiates the copy of an Amazon FPGA Image (AFI) from the specified source region to the current region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyFpgaImage"
},
{
"resource_types": "",
"description": "Initiates the copy of an AMI from the specified source region to the current region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopyImage"
},
{
"resource_types": "",
"description": "Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CopySnapshot"
},
{
"resource_types": "",
"description": "Provides information to AWS about your VPN customer gateway device",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCustomerGateway"
},
{
"resource_types": "",
"description": "Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDefaultSubnet"
},
{
"resource_types": "",
"description": "Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDefaultVpc"
},
{
"resource_types": "",
"description": "Creates a set of DHCP options for your VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDhcpOptions"
},
{
"resource_types": "",
"description": "Creates an egress-only Internet gateway for your VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEgressOnlyInternetGateway"
},
{
"resource_types": "",
"description": "Launches an EC2 Fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFleet"
},
{
"resource_types": "",
"description": "Creates one or more flow logs to capture IP traffic for a specific network interface, subnet, or VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFlowLogs"
},
{
"resource_types": "",
"description": "Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFpgaImage"
},
{
"resource_types": "",
"description": "Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateImage"
},
{
"resource_types": "",
"description": "Exports a running or stopped instance to an S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInstanceExportTask"
},
{
"resource_types": "",
"description": "Creates an Internet gateway for use with a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInternetGateway"
},
{
"resource_types": "",
"description": "Creates a 2048-bit RSA key pair with the specified name",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateKeyPair"
},
{
"resource_types": "",
"description": "Creates a new launch template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLaunchTemplate"
},
{
"resource_types": "launch-template",
"description": "Creates a new version for the specified launch template",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLaunchTemplateVersion"
},
{
"resource_types": "",
"description": "Creates a NAT gateway in the specified subnet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNatGateway"
},
{
"resource_types": "",
"description": "Creates a network ACL in a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNetworkAcl"
},
{
"resource_types": "",
"description": "Creates an entry (a rule) in a network ACL with the specified rule number",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNetworkAclEntry"
},
{
"resource_types": "",
"description": "Creates a network interface in the specified subnet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNetworkInterface"
},
{
"resource_types": "network-interface",
"description": "Creates a permission for a network interface that grants certain operations to another authorized user",
"condition_keys": [
"ec2:AuthorizedUser",
"ec2:AvailabilityZone",
"ec2:Permission",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Subnet",
"ec2:Vpc",
"ec2:AuthorizedService"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNetworkInterfacePermission"
},
{
"resource_types": "",
"description": "Creates a placement group that you launch cluster instances into",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePlacementGroup"
},
{
"resource_types": "",
"description": "Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReservedInstancesListing"
},
{
"resource_types": "route-table",
"description": "Creates a route in a route table within a VPC",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRoute"
},
{
"resource_types": "",
"description": "Creates a route table for the specified VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateRouteTable"
},
{
"resource_types": "",
"description": "Creates a security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSecurityGroup"
},
{
"resource_types": "snapshot",
"description": "Creates a snapshot of an EBS volume and stores it in Amazon S3",
"condition_keys": [
"aws:TagKeys",
"aws:RequestTag/tag-key",
"ec2:ParentVolume",
"ec2:Region"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSnapshot"
},
{
"resource_types": "",
"description": "Creates a data feed for Spot instances, enabling you to view Spot instance usage logs. You can create one data feed per AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSpotDatafeedSubscription"
},
{
"resource_types": "",
"description": "Creates a subnet in an existing VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateSubnet"
},
{
"resource_types": "dhcp-options",
"description": "Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources",
"condition_keys": [
"aws:RequestTag/tag-key",
"aws:TagKeys",
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateTags"
},
{
"resource_types": "volume",
"description": "Creates an EBS volume that can be attached to an instance in the same Availability Zone",
"condition_keys": [
"aws:RequestTag/tag-key",
"aws:TagKeys",
"ec2:AvailabilityZone",
"ec2:Encrypted",
"ec2:ParentSnapshot",
"ec2:Region",
"ec2:VolumeIops",
"ec2:VolumeSize",
"ec2:VolumeType"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVolume"
},
{
"resource_types": "",
"description": "Creates a VPC with the specified CIDR block",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpc"
},
{
"resource_types": "",
"description": "Creates a VPC endpoint for a specified AWS service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"route53:AssociateVPCWithHostedZone"
],
"privilege": "CreateVpcEndpoint"
},
{
"resource_types": "",
"description": "Creates a connection notification for a specified VPC endpoint or VPC endpoint service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpcEndpointConnectionNotification"
},
{
"resource_types": "",
"description": "Creates a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpcEndpointServiceConfiguration"
},
{
"resource_types": "vpc",
"description": "Requests a VPC peering connection between two VPCs: a requester VPC that you own and a peer VPC with which to create the connection",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpcPeeringConnection"
},
{
"resource_types": "",
"description": "Creates a VPN connection between an existing virtual private gateway and a VPN customer gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpnConnection"
},
{
"resource_types": "",
"description": "Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpnConnectionRoute"
},
{
"resource_types": "",
"description": "Creates a virtual private gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateVpnGateway"
},
{
"resource_types": "customer-gateway",
"description": "Deletes the specified customer gateway",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCustomerGateway"
},
{
"resource_types": "dhcp-options",
"description": "Deletes the specified set of DHCP options",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDhcpOptions"
},
{
"resource_types": "",
"description": "Deletes the specified egress-only Internet gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEgressOnlyInternetGateway"
},
{
"resource_types": "",
"description": "Deletes the specified EC2 Fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFleets"
},
{
"resource_types": "",
"description": "Deletes one or more flow logs",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFlowLogs"
},
{
"resource_types": "",
"description": "Deletes the specified Amazon FPGA Image (AFI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFpgaImage"
},
{
"resource_types": "internet-gateway",
"description": "Deletes the specified Internet gateway",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInternetGateway"
},
{
"resource_types": "",
"description": "Deletes the specified key pair, by removing the public key from Amazon EC2",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteKeyPair"
},
{
"resource_types": "launch-template",
"description": "Deletes the specified launch template and all associated versions",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLaunchTemplate"
},
{
"resource_types": "launch-template",
"description": "Deletes the specified versions for the specified launch template",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLaunchTemplateVersions"
},
{
"resource_types": "",
"description": "Deletes the specified NAT gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNatGateway"
},
{
"resource_types": "network-acl",
"description": "Deletes the specified network ACL",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNetworkAcl"
},
{
"resource_types": "network-acl",
"description": "Deletes the specified ingress or egress entry (rule) from the specified network ACL",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNetworkAclEntry"
},
{
"resource_types": "",
"description": "Deletes the specified network interface. You must detach the network interface before you can delete it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNetworkInterface"
},
{
"resource_types": "",
"description": "Deletes a permission associated with a network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNetworkInterfacePermission"
},
{
"resource_types": "",
"description": "Deletes the specified placement group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePlacementGroup"
},
{
"resource_types": "route-table",
"description": "Deletes the specified route from the specified route table",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRoute"
},
{
"resource_types": "route-table",
"description": "Deletes the specified route table",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteRouteTable"
},
{
"resource_types": "security-group",
"description": "Deletes a security group",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSecurityGroup"
},
{
"resource_types": "snapshot",
"description": "Deletes the specified snapshot",
"condition_keys": [
"ec2:Owner",
"ec2:ParentVolume",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:SnapshotTime",
"ec2:VolumeSize"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSnapshot"
},
{
"resource_types": "",
"description": "Deletes the data feed for Spot instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSpotDatafeedSubscription"
},
{
"resource_types": "",
"description": "Deletes the specified subnet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteSubnet"
},
{
"resource_types": "dhcp-options",
"description": "Deletes the specified set of tags from the specified set of resources",
"condition_keys": [
"aws:RequestTag/tag-key",
"aws:TagKeys",
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "volume",
"description": "Deletes the specified EBS volume",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:Encrypted",
"ec2:ParentSnapshot",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:VolumeIops",
"ec2:VolumeSize",
"ec2:VolumeType"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVolume"
},
{
"resource_types": "",
"description": "Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpc"
},
{
"resource_types": "",
"description": "Deletes one or more VPC endpoint connection notifications",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpcEndpointConnectionNotifications"
},
{
"resource_types": "",
"description": "Deletes one or more VPC endpoint service configurations in your account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpcEndpointServiceConfigurations"
},
{
"resource_types": "",
"description": "Deletes one or more specified VPC endpoints",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpcEndpoints"
},
{
"resource_types": "vpc-peering-connection",
"description": "Description for DeleteVpcPeeringConnection",
"condition_keys": [
"ec2:AccepterVpc",
"ec2:Region",
"ec2:RequesterVpc",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpcPeeringConnection"
},
{
"resource_types": "",
"description": "Deletes a VPC peering connection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpnConnection"
},
{
"resource_types": "",
"description": "Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpnConnectionRoute"
},
{
"resource_types": "",
"description": "Deletes the specified virtual private gateway",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVpnGateway"
},
{
"resource_types": "",
"description": "Deregisters the specified AMI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeregisterImage"
},
{
"resource_types": "",
"description": "Describes attributes of your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAccountAttributes"
},
{
"resource_types": "",
"description": "Describes one or more of your Elastic IP addresses",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAddresses"
},
{
"resource_types": "",
"description": "Describes the longer ID format settings for all resource types in a specific region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAggregateIdFormat"
},
{
"resource_types": "",
"description": "escribes one or more of the Availability Zones that are available to you",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAvailabilityZones"
},
{
"resource_types": "",
"description": "Describes one or more of your bundling tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeBundleTasks"
},
{
"resource_types": "",
"description": "Describes one or more of your linked EC2-Classic instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeClassicLinkInstances"
},
{
"resource_types": "",
"description": "Describes one or more of your conversion tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeConversionTasks"
},
{
"resource_types": "",
"description": "Describes one or more of your VPN customer gateways",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeCustomerGateways"
},
{
"resource_types": "",
"description": "Describes one or more of your DHCP options sets",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeDhcpOptions"
},
{
"resource_types": "",
"description": "Describes one or more of your egress-only Internet gateways",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEgressOnlyInternetGateways"
},
{
"resource_types": "",
"description": "Describes the Elastic GPUs associated with your instances",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeElasticGpus"
},
{
"resource_types": "",
"description": "Describes one or more of your export tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeExportTasks"
},
{
"resource_types": "",
"description": "Describes the events for the specified EC2 Fleet during the specified time",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFleetHistory"
},
{
"resource_types": "",
"description": "Describes the running instances for the specified EC2 Fleet",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFleetInstances"
},
{
"resource_types": "",
"description": "Describes one or more of your EC2 Fleet",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFleets"
},
{
"resource_types": "",
"description": "Describes one or more flow logs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFlowLogs"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified Amazon FPGA Images (AFI",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFpgaImageAttribute"
},
{
"resource_types": "",
"description": "Describes one or more of the Amazon FPGA Images (AFIs) available to you",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeFpgaImages"
},
{
"resource_types": "",
"description": "Describes the Dedicated Host Reservations that are available to purchase",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeHostReservationOfferings"
},
{
"resource_types": "",
"description": "Describes Dedicated Host Reservations which are associated with Dedicated Hosts in your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeHostReservations"
},
{
"resource_types": "",
"description": "Describes one or more of your Dedicated Hosts",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeHosts"
},
{
"resource_types": "",
"description": "Describes your IAM instance profile associations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeIamInstanceProfileAssociations"
},
{
"resource_types": "",
"description": "Describes the ID format settings for your resources on a per-region basis, for example, to view which resource types are enabled for longer IDs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeIdFormat"
},
{
"resource_types": "",
"description": "Describes the ID format settings for resources for the specified IAM user, IAM role, or root user",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeIdentityIdFormat"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified AMI",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeImageAttribute"
},
{
"resource_types": "",
"description": "Describes one or more of the images (AMIs, AKIs, and ARIs) available to you",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeImages"
},
{
"resource_types": "",
"description": "Displays details about an import virtual machine or import snapshot tasks that are already created",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeImportImageTasks"
},
{
"resource_types": "",
"description": "Describes your import snapshot tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeImportSnapshotTasks"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified instance",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInstanceAttribute"
},
{
"resource_types": "",
"description": "Describes the credit option for CPU usage of one or more of your instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInstanceCreditSpecifications"
},
{
"resource_types": "",
"description": "Describes the status of one or more instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInstanceStatus"
},
{
"resource_types": "",
"description": "Describes one or more of your instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInstances"
},
{
"resource_types": "",
"description": "Describes one or more of your Internet gateways",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeInternetGateways"
},
{
"resource_types": "",
"description": "Describes one or more of your key pairs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeKeyPairs"
},
{
"resource_types": "",
"description": "Describes one or more of your launch template versions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLaunchTemplateVersions"
},
{
"resource_types": "",
"description": "Describes one or more of your launch templates",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLaunchTemplates"
},
{
"resource_types": "",
"description": "Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeMovingAddresses"
},
{
"resource_types": "",
"description": "Describes one or more of the your NAT gateways",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNatGateways"
},
{
"resource_types": "",
"description": "Describes one or more of your network ACLs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNetworkAcls"
},
{
"resource_types": "",
"description": "Describes a network interface attribute. You can specify only one attribute at a time",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNetworkInterfaceAttribute"
},
{
"resource_types": "",
"description": "Describes the permissions associated with a network interface",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNetworkInterfacePermissions"
},
{
"resource_types": "",
"description": "Describes one or more of your network interfaces",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNetworkInterfaces"
},
{
"resource_types": "",
"description": "Describes one or more of your placement groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePlacementGroups"
},
{
"resource_types": "",
"description": "Describes available AWS services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePrefixLists"
},
{
"resource_types": "",
"description": "Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePrincipalIdFormat"
},
{
"resource_types": "",
"description": "Describes one or more regions that are currently available to you",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeRegions"
},
{
"resource_types": "",
"description": "Describes one or more of the Reserved Instances that you purchased",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedInstances"
},
{
"resource_types": "",
"description": "Describes your account's Reserved Instance listings in the Reserved Instance Marketplace",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedInstancesListings"
},
{
"resource_types": "",
"description": "Describes the modifications made to your Reserved Instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedInstancesModifications"
},
{
"resource_types": "",
"description": "Describes Reserved Instance offerings that are available for purchase",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeReservedInstancesOfferings"
},
{
"resource_types": "",
"description": "Describes one or more of your route tables",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeRouteTables"
},
{
"resource_types": "",
"description": "Finds available schedules that meet the specified criteria",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScheduledInstanceAvailability"
},
{
"resource_types": "",
"description": "Describes one or more of your Scheduled Instances",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeScheduledInstances"
},
{
"resource_types": "",
"description": "EC2-VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSecurityGroupReferences"
},
{
"resource_types": "",
"description": "Describes one or more of your security groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSecurityGroups"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified snapshot",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSnapshotAttribute"
},
{
"resource_types": "",
"description": "Describes one or more of the EBS snapshots available to you",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSnapshots"
},
{
"resource_types": "",
"description": "Describes the data feed for Spot instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotDatafeedSubscription"
},
{
"resource_types": "",
"description": "Describes the running instances for the specified Spot fleet",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotFleetInstances"
},
{
"resource_types": "",
"description": "Describes the events for the specified Spot fleet request during the specified time",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotFleetRequestHistory"
},
{
"resource_types": "",
"description": "Describes your Spot fleet requests",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotFleetRequests"
},
{
"resource_types": "",
"description": "Describes the Spot instance requests that belong to your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotInstanceRequests"
},
{
"resource_types": "",
"description": "Describes the Spot price history",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSpotPriceHistory"
},
{
"resource_types": "",
"description": "EC2-VPC only] Describes the stale security group rules for security groups in a specified VPC",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeStaleSecurityGroups"
},
{
"resource_types": "",
"description": "Describes one or more of your subnets",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeSubnets"
},
{
"resource_types": "",
"description": "Describes one or more of the tags for your EC2 resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified volume",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVolumeAttribute"
},
{
"resource_types": "",
"description": "Describes the status of the specified volumes",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVolumeStatus"
},
{
"resource_types": "",
"description": "Describes the specified EBS volumes",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVolumes"
},
{
"resource_types": "",
"description": "Reports the current modification status of EBS volumes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeVolumesModifications"
},
{
"resource_types": "",
"description": "Describes the specified attribute of the specified VPC",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcAttribute"
},
{
"resource_types": "",
"description": "Describes the ClassicLink status of one or more VPCs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcClassicLink"
},
{
"resource_types": "",
"description": "Describes the ClassicLink DNS support status of one or more VPCs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcClassicLinkDnsSupport"
},
{
"resource_types": "",
"description": "Describes the connection notifications for VPC endpoints and VPC endpoint services",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpointConnectionNotifications"
},
{
"resource_types": "",
"description": "Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpointConnections"
},
{
"resource_types": "",
"description": "Describes the VPC endpoint service configurations in your account (your services",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpointServiceConfigurations"
},
{
"resource_types": "",
"description": "Describes the principals (service consumers) that are permitted to discover your VPC endpoint service",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpointServicePermissions"
},
{
"resource_types": "",
"description": "Describes all supported AWS services that can be specified when creating a VPC endpoint",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpointServices"
},
{
"resource_types": "",
"description": "Describes one or more of your VPC endpoints",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcEndpoints"
},
{
"resource_types": "",
"description": "Describes one or more of your VPC peering connections",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcPeeringConnections"
},
{
"resource_types": "",
"description": "Describes one or more of your VPCs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpcs"
},
{
"resource_types": "",
"description": "Describes one or more of your VPN connections",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeVpnConnections"
},
{
"resource_types": "",
"description": "Describes one or more of your virtual private gateways",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeVpnGateways"
},
{
"resource_types": "instance",
"description": "Unlinks (detaches) a linked EC2-Classic instance from a VPC",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachClassicLinkVpc"
},
{
"resource_types": "",
"description": "Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachInternetGateway"
},
{
"resource_types": "",
"description": "Detaches a network interface from an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachNetworkInterface"
},
{
"resource_types": "instance",
"description": "Detaches an EBS volume from an instance",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachVolume"
},
{
"resource_types": "",
"description": "Detaches a virtual private gateway from a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachVpnGateway"
},
{
"resource_types": "",
"description": "Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableVgwRoutePropagation"
},
{
"resource_types": "vpc",
"description": "Disables ClassicLink for a VPC",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableVpcClassicLink"
},
{
"resource_types": "",
"description": "Disables ClassicLink DNS support for a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableVpcClassicLinkDnsSupport"
},
{
"resource_types": "",
"description": "Disassociates an Elastic IP address from the instance or network interface it's associated with",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateAddress"
},
{
"resource_types": "instance",
"description": "Disassociates an IAM instance profile from a running or stopped instance",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateIamInstanceProfile"
},
{
"resource_types": "",
"description": "Disassociates a subnet from a route table",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateRouteTable"
},
{
"resource_types": "",
"description": "Disassociates a CIDR block from a subnet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateSubnetCidrBlock"
},
{
"resource_types": "",
"description": "Disassociates a CIDR block from a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateVpcCidrBlock"
},
{
"resource_types": "",
"description": "Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableVgwRoutePropagation"
},
{
"resource_types": "",
"description": "Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableVolumeIO"
},
{
"resource_types": "vpc",
"description": "Enables a VPC for ClassicLink",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableVpcClassicLink"
},
{
"resource_types": "",
"description": "Enables a VPC to support DNS hostname resolution for ClassicLink",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableVpcClassicLinkDnsSupport"
},
{
"resource_types": "",
"description": "Gets the console output for the specified instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetConsoleOutput"
},
{
"resource_types": "instance",
"description": "Retrieve a JPG-format screenshot of a running instance to help with troubleshooting",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetConsoleScreenshot"
},
{
"resource_types": "",
"description": "Preview a reservation purchase with configurations that match those of your Dedicated Host",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetHostReservationPurchasePreview"
},
{
"resource_types": "",
"description": "Retrieves the configuration data of the specified instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLaunchTemplateData"
},
{
"resource_types": "",
"description": "Retrieves the encrypted administrator password for an instance running Windows",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPasswordData"
},
{
"resource_types": "",
"description": "Returns details about the values and term of your specified Convertible Reserved Instances",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReservedInstancesExchangeQuote"
},
{
"resource_types": "",
"description": "Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportImage"
},
{
"resource_types": "",
"description": "Creates an import instance task using metadata from the specified disk image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportInstance"
},
{
"resource_types": "",
"description": "Imports the public key from an RSA key pair that you created with a third-party tool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportKeyPair"
},
{
"resource_types": "",
"description": "Imports a disk into an EBS snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportSnapshot"
},
{
"resource_types": "",
"description": "Creates an import volume task using metadata from the specified disk image",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportVolume"
},
{
"resource_types": "",
"description": "Modifies the specified EC2 Fleet",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyFleet"
},
{
"resource_types": "",
"description": "Modifies the specified attribute of the specified Amazon FPGA Image (AFI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyFpgaImageAttribute"
},
{
"resource_types": "",
"description": "Modify the auto-placement setting of a Dedicated Host",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyHosts"
},
{
"resource_types": "",
"description": "Modifies the ID format for the specified resource on a per-region basis",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyIdFormat"
},
{
"resource_types": "",
"description": "Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyIdentityIdFormat"
},
{
"resource_types": "",
"description": "Modifies the specified attribute of the specified AMI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyImageAttribute"
},
{
"resource_types": "",
"description": "Modifies the specified attribute of the specified instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyInstanceAttribute"
},
{
"resource_types": "",
"description": "Modifies the credit option for CPU usage on an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyInstanceCreditSpecification"
},
{
"resource_types": "",
"description": "Set the instance affinity value for a specific stopped instance and modify the instance tenancy setting",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyInstancePlacement"
},
{
"resource_types": "launch-template",
"description": "Modifies the specified launch template",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyLaunchTemplate"
},
{
"resource_types": "",
"description": "Modifies the specified network interface attribute. You can specify only one attribute at a time",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyNetworkInterfaceAttribute"
},
{
"resource_types": "",
"description": "Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Standard Reserved Instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyReservedInstances"
},
{
"resource_types": "snapshot",
"description": "Adds or removes permission settings for the specified snapshot",
"condition_keys": [
"ec2:Owner",
"ec2:ParentVolume",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:SnapshotTime",
"ec2:VolumeSize"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifySnapshotAttribute"
},
{
"resource_types": "",
"description": "Modifies the specified Spot fleet request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifySpotFleetRequest"
},
{
"resource_types": "",
"description": "Modifies a subnet attribute",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifySubnetAttribute"
},
{
"resource_types": "",
"description": "You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVolume"
},
{
"resource_types": "",
"description": "Modifies a volume attribute",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVolumeAttribute"
},
{
"resource_types": "",
"description": "Modifies the specified attribute of the specified VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcAttribute"
},
{
"resource_types": "",
"description": "Modifies attributes of a specified VPC endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcEndpoint"
},
{
"resource_types": "",
"description": "Modifies a connection notification for VPC endpoint or VPC endpoint service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcEndpointConnectionNotification"
},
{
"resource_types": "",
"description": "Modifies the attributes of your VPC endpoint service configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcEndpointServiceConfiguration"
},
{
"resource_types": "",
"description": "Modifies the permissions for your VPC endpoint service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcEndpointServicePermissions"
},
{
"resource_types": "",
"description": "Modifies the VPC peering connection options on one side of a VPC peering connection",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcPeeringConnectionOptions"
},
{
"resource_types": "",
"description": "Modifies the instance tenancy attribute of the specified VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyVpcTenancy"
},
{
"resource_types": "",
"description": "Enables detailed monitoring for a running instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "MonitorInstances"
},
{
"resource_types": "",
"description": "Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "MoveAddressToVpc"
},
{
"resource_types": "",
"description": "Purchase a reservation with configurations that match those of your Dedicated Host",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseHostReservation"
},
{
"resource_types": "",
"description": "Purchases a Reserved Instance for use with your account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseReservedInstancesOffering"
},
{
"resource_types": "",
"description": "Purchases one or more Scheduled Instances with the specified schedule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseScheduledInstances"
},
{
"resource_types": "instance",
"description": "Requests a reboot of one or more instances",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootInstances"
},
{
"resource_types": "",
"description": "Registers an AMI",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterImage"
},
{
"resource_types": "",
"description": "Rejects one or more VPC endpoint connection requests to your VPC endpoint service",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RejectVpcEndpointConnections"
},
{
"resource_types": "vpc-peering-connection",
"description": "Rejects a VPC peering connection request",
"condition_keys": [
"ec2:AccepterVpc",
"ec2:Region",
"ec2:RequesterVpc",
"ec2:ResourceTag/tag-key"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RejectVpcPeeringConnection"
},
{
"resource_types": "",
"description": "Releases the specified Elastic IP address",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReleaseAddress"
},
{
"resource_types": "",
"description": "When you no longer want to use an On-Demand Dedicated Host it can be released",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReleaseHosts"
},
{
"resource_types": "instance",
"description": "Replaces an IAM instance profile for the specified instance",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [
"iam:PassRole"
],
"privilege": "ReplaceIamInstanceProfileAssociation"
},
{
"resource_types": "",
"description": "Changes which network ACL a subnet is associated with",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReplaceNetworkAclAssociation"
},
{
"resource_types": "",
"description": "Replaces an entry (rule) in a network ACL",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReplaceNetworkAclEntry"
},
{
"resource_types": "route-table",
"description": "Replaces an existing route within a route table in a VPC",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReplaceRoute"
},
{
"resource_types": "",
"description": "Changes the route table associated with a given subnet in a VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReplaceRouteTableAssociation"
},
{
"resource_types": "",
"description": "Submits feedback about the status of an instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReportInstanceStatus"
},
{
"resource_types": "",
"description": "Creates a Spot fleet request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RequestSpotFleet"
},
{
"resource_types": "",
"description": "Creates a Spot instance request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RequestSpotInstances"
},
{
"resource_types": "",
"description": "Resets an attribute of an Amazon FPGA Image (AFI) to its default value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetFpgaImageAttribute"
},
{
"resource_types": "",
"description": "Resets an attribute of an AMI to its default value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetImageAttribute"
},
{
"resource_types": "",
"description": "Resets an attribute of an instance to its default value",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetInstanceAttribute"
},
{
"resource_types": "",
"description": "Resets a network interface attribute. You can specify only one attribute at a time",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetNetworkInterfaceAttribute"
},
{
"resource_types": "",
"description": "Resets permission settings for the specified snapshot",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetSnapshotAttribute"
},
{
"resource_types": "",
"description": "Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RestoreAddressToClassic"
},
{
"resource_types": "security-group",
"description": "EC2-VPC only] Removes one or more egress rules from a security group for EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RevokeSecurityGroupEgress"
},
{
"resource_types": "security-group",
"description": "Removes one or more ingress rules from a security group",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RevokeSecurityGroupIngress"
},
{
"resource_types": "image",
"description": "Launches the specified number of instances using an AMI for which you have permissions",
"condition_keys": [
"ec2:ImageType",
"ec2:IsLaunchTemplateResource",
"ec2:LaunchTemplate",
"ec2:Owner",
"ec2:Public",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RunInstances"
},
{
"resource_types": "",
"description": "Launches the specified Scheduled Instances",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RunScheduledInstances"
},
{
"resource_types": "instance",
"description": "Starts an Amazon EBS-backed AMI that you've previously stopped",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartInstances"
},
{
"resource_types": "instance",
"description": "Stops an Amazon EBS-backed instance",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopInstances"
},
{
"resource_types": "instance",
"description": "Shuts down one or more instances",
"condition_keys": [
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateInstances"
},
{
"resource_types": "",
"description": "Unassigns one or more IPv6 addresses from the specified network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnassignIpv6Addresses"
},
{
"resource_types": "",
"description": "Unassigns one or more secondary private IP addresses from a network interface",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnassignPrivateIpAddresses"
},
{
"resource_types": "",
"description": "Disables detailed monitoring for a running instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnmonitorInstances"
},
{
"resource_types": "security-group",
"description": "EC2-VPC only] Update descriptions for one or more egress rules of a security group. This action doesn't apply to security groups for use in EC2-Classic",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSecurityGroupRuleDescriptionsEgress"
},
{
"resource_types": "security-group",
"description": "Update descriptions for one or more ingress rules of a security group",
"condition_keys": [
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:Vpc"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSecurityGroupRuleDescriptionsIngress"
}
]
},
{
"service_name": "Amazon Sumerian",
"privileges": [
{
"resource_types": "",
"description": "Grant login access to the Sumerian console",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Login"
},
{
"resource_types": "project",
"description": "Grant access to view a project release",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ViewRelease"
}
]
},
{
"service_name": "AWS CloudTrail",
"privileges": [
{
"resource_types": "trail",
"description": "Adds one or more tags to a trail, up to a limit of 10",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "trail",
"description": "Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:PutObject"
],
"privilege": "CreateTrail"
},
{
"resource_types": "trail",
"description": "Deletes a trail",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTrail"
},
{
"resource_types": "",
"description": "Retrieves settings for the trail associated with the current region for your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeTrails"
},
{
"resource_types": "trail",
"description": "Returns a JSON-formatted list of information about the specified trail",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTrailStatus"
},
{
"resource_types": "",
"description": "Returns all public keys whose private keys were used to sign the digest files within the specified time range",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListPublicKeys"
},
{
"resource_types": "trail",
"description": "Lists the tags for the trail in the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "",
"description": "Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "LookupEvents"
},
{
"resource_types": "trail",
"description": "Removes the specified tags from a trail",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTags"
},
{
"resource_types": "trail",
"description": "Starts the recording of AWS API calls and log file delivery for a trail",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartLogging"
},
{
"resource_types": "trail",
"description": "Suspends the recording of AWS API calls and log file delivery for the specified trail",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopLogging"
},
{
"resource_types": "trail",
"description": "Updates the settings that specify delivery of log files",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTrail"
}
]
},
{
"service_name": "AWS Marketplace Metering Service",
"privileges": [
{
"resource_types": "",
"description": "Called from a SaaS application listed on the AWS Marketplace to post metering records for a set of customers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchMeterUsage"
},
{
"resource_types": "",
"description": "Emits metering records",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "MeterUsage"
},
{
"resource_types": "",
"description": "Allows you to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterUsage"
},
{
"resource_types": "",
"description": "Resolves a registration token to obtain a CustomerIdentifier and product code",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResolveCustomer"
}
]
},
{
"service_name": "AWS CodeBuild",
"privileges": [
{
"resource_types": "project",
"description": "Deletes one or more builds",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchDeleteBuilds"
},
{
"resource_types": "project",
"description": "Gets information about one or more builds",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetBuilds"
},
{
"resource_types": "project",
"description": "Gets information about one or more build projects",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetProjects"
},
{
"resource_types": "project",
"description": "Creates a build project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProject"
},
{
"resource_types": "project",
"description": "Deletes a build project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProject"
},
{
"resource_types": "",
"description": "Gets a list of build IDs, with each build ID representing a single build",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBuilds"
},
{
"resource_types": "project",
"description": "Gets a list of build IDs for the specified build project, with each build ID representing a single build",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBuildsForProject"
},
{
"resource_types": "",
"description": "Lists connected third-party OAuth providers. Only used in the AWS CodeBuild console",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListConnectedOAuthAccounts"
},
{
"resource_types": "",
"description": "Gets information about Docker images that are managed by AWS CodeBuild",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListCuratedEnvironmentImages"
},
{
"resource_types": "",
"description": "Gets a list of build project names, with each build project name representing a single build project",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProjects"
},
{
"resource_types": "",
"description": "Lists source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListRepositories"
},
{
"resource_types": "",
"description": "Saves an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PersistOAuthToken"
},
{
"resource_types": "project",
"description": "Starts running a build",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartBuild"
},
{
"resource_types": "project",
"description": "Attempts to stop running a build",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopBuild"
},
{
"resource_types": "project",
"description": "Changes the settings of an existing build project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProject"
}
]
},
{
"service_name": "DataSync",
"privileges": [
{
"resource_types": "taskexecution",
"description": "Cancels execution of a sync task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelTaskExecution"
},
{
"resource_types": "",
"description": "Activates an agent that you have deployed on your host",
"condition_keys": [
"aws:RequestTag/${TagKey",
"aws:TagKeys"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAgent"
},
{
"resource_types": "",
"description": "Creates an endpoint for an Amazon EFS file system",
"condition_keys": [
"aws:RequestTag/${TagKey",
"aws:TagKeys"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLocationEfs"
},
{
"resource_types": "",
"description": "Creates an endpoint for a NFS file system",
"condition_keys": [
"aws:RequestTag/${TagKey",
"aws:TagKeys"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLocationNfs"
},
{
"resource_types": "",
"description": "Creates an endpoint for an Amazon S3 bucket",
"condition_keys": [
"aws:RequestTag/${TagKey",
"aws:TagKeys"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLocationS3"
},
{
"resource_types": "",
"description": "Creates a sync task",
"condition_keys": [
"aws:RequestTag/${TagKey",
"aws:TagKeys"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTask"
},
{
"resource_types": "agent",
"description": "Deletes an agent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAgent"
},
{
"resource_types": "location",
"description": "Deletes the configuration of a location used by AWS DataSync",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLocation"
},
{
"resource_types": "task",
"description": "Deletes a sync task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTask"
},
{
"resource_types": "agent",
"description": "Returns metadata such as name, network interfaces, and the status (that is, whether the agent is running or not) about a sync agent",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAgent"
},
{
"resource_types": "location",
"description": "Returns metadata, such as the path information about an Amazon EFS sync location",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLocationEfs"
},
{
"resource_types": "location",
"description": "Returns metadata, such as the path information, about a NFS sync location",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLocationNfs"
},
{
"resource_types": "location",
"description": "Returns metadata, such as bucket name, about an Amazon S3 bucket sync location",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLocationS3"
},
{
"resource_types": "task",
"description": "Returns metadata about a sync task",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTask"
},
{
"resource_types": "taskexecution",
"description": "Returns detailed metadata about a sync task that is being executed",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTaskExecution"
},
{
"resource_types": "",
"description": "Returns a list of agents owned by an AWS account in a region specified in the request",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAgents"
},
{
"resource_types": "",
"description": "Returns a lists of source and destination sync locations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLocations"
},
{
"resource_types": "agent",
"description": "This operation lists the tags that have been added to the specified resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Returns a list of executed sync tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTaskExecutions"
},
{
"resource_types": "",
"description": "Returns a list of all the sync tasks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTasks"
},
{
"resource_types": "task",
"description": "Starts a specific invocation of a sync task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartTaskExecution"
},
{
"resource_types": "agent",
"description": "Applies a key-value pair to an AWS resource",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "agent",
"description": "This operation removes one or more tags from the specified resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "agent",
"description": "Updates the name of an agent",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAgent"
},
{
"resource_types": "task",
"description": "Updates the metadata associated with a sync task",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTask"
}
]
},
{
"service_name": "Amazon WorkSpaces Application Manager",
"privileges": [
{
"resource_types": "",
"description": "Description for AuthenticatePackager",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AuthenticatePackager"
}
]
},
{
"service_name": "Amazon Athena",
"privileges": [
{
"resource_types": "",
"description": "Grants permissions to get information about one or more named queries",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetNamedQuery"
},
{
"resource_types": "",
"description": "Grants permissions to get information about one or more query executions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchGetQueryExecution"
},
{
"resource_types": "",
"description": "Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StopQueryExecution otherwise",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelQueryExecution"
},
{
"resource_types": "",
"description": "Grants permissions to create a named query",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNamedQuery"
},
{
"resource_types": "",
"description": "Grants permissions to create a workgroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateWorkGroup"
},
{
"resource_types": "",
"description": "Grants permissions to delete a named query specified",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNamedQuery"
},
{
"resource_types": "",
"description": "Grants permissions to delete a workgroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteWorkGroup"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCatalogs"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified database and table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetExecutionEngine"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetExecutionEngines"
},
{
"resource_types": "",
"description": "Grants permissions to get information about the specified named query",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetNamedQuery"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified database and table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetNamespace"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to databases and tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetNamespaces"
},
{
"resource_types": "",
"description": "Grants permissions to get information about the specified query execution",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryExecution"
},
{
"resource_types": "",
"description": "Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use ListQueryExecutions otherwise",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryExecutions"
},
{
"resource_types": "",
"description": "Grants permissions to get the query results",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryResults"
},
{
"resource_types": "",
"description": "Grants permissions to get the query results stream",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueryResultsStream"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to the specified table",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTable"
},
{
"resource_types": "",
"description": "Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0. Grants permissions to enable access to tables",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTables"
},
{
"resource_types": "",
"description": "Grants permissions to get a workgroup",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetWorkGroup"
},
{
"resource_types": "",
"description": "Grants permissions to return a list of named queries in Amazon Athena for the specified AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListNamedQueries"
},
{
"resource_types": "",
"description": "Grants permissions to return a list of query executions for the specified AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListQueryExecutions"
},
{
"resource_types": "",
"description": "Grants permissions to return a list of workgroups for the specified AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListWorkGroups"
},
{
"resource_types": "",
"description": "Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StartQueryExecution otherwise",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RunQuery"
},
{
"resource_types": "",
"description": "Grants permissions to start a query execution using an SQL query provided as a string",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartQueryExecution"
},
{
"resource_types": "",
"description": "Grants permissions to stop the specified query execution",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopQueryExecution"
},
{
"resource_types": "",
"description": "Grants permissions to update a workgroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateWorkGroup"
}
]
},
{
"service_name": "AWS Organizations",
"privileges": [
{
"resource_types": "handshake",
"description": "Grants permission to send a response to the originator of a handshake agreeing to the action proposed by the handshake request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptHandshake"
},
{
"resource_types": "policy",
"description": "Grants permission to attach a policy to a root, an organizational unit, or an individual account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachPolicy"
},
{
"resource_types": "handshake",
"description": "Grants permission to cancel a handshake",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelHandshake"
},
{
"resource_types": "",
"description": "Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAccount"
},
{
"resource_types": "",
"description": "Grants permission to create an organization. The account with the credentials that calls the CreateOrganization operation automatically becomes the master account of the new organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateOrganization"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to create an organizational unit (OU) within a root or parent OU",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateOrganizationalUnit"
},
{
"resource_types": "",
"description": "Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePolicy"
},
{
"resource_types": "handshake",
"description": "Grants permission to decline a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeclineHandshake"
},
{
"resource_types": "",
"description": "Grants permission to delete the organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteOrganization"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to delete an organizational unit from a root or another OU",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteOrganizationalUnit"
},
{
"resource_types": "policy",
"description": "Grants permission to delete a policy from your organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePolicy"
},
{
"resource_types": "account",
"description": "Grants permission to retrieve Organizations-related details about the specified account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAccount"
},
{
"resource_types": "",
"description": "Grants permission to retrieve the current status of an asynchronous request to create an account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCreateAccountStatus"
},
{
"resource_types": "handshake",
"description": "Grants permission to retrieve details about a previously requested handshake",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHandshake"
},
{
"resource_types": "",
"description": "Grants permission to retrieves details about the organization that the calling credentials belong to",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOrganization"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to retrieve details about an organizational unit (OU",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOrganizationalUnit"
},
{
"resource_types": "policy",
"description": "Grants permission to retrieves details about a policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePolicy"
},
{
"resource_types": "policy",
"description": "Grants permission to detach a policy from a target root, organizational unit, or account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachPolicy"
},
{
"resource_types": "",
"description": "Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations",
"condition_keys": [
"organizations:ServicePrincipal"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableAWSServiceAccess"
},
{
"resource_types": "root",
"description": "Grants permission to disable an organization policy type in a root",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisablePolicyType"
},
{
"resource_types": "",
"description": "Grants permission to enable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations",
"condition_keys": [
"organizations:ServicePrincipal"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableAWSServiceAccess"
},
{
"resource_types": "",
"description": "Grants permission to start the process to enable all features in an organization, upgrading it from supporting only Consolidated Billing features",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableAllFeatures"
},
{
"resource_types": "root",
"description": "Grants permission to enable a policy type in a root",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnablePolicyType"
},
{
"resource_types": "account",
"description": "Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InviteAccountToOrganization"
},
{
"resource_types": "",
"description": "Grants permission to remove a member account from its parent organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "LeaveOrganization"
},
{
"resource_types": "",
"description": "Grants permission to retrieve the list of the AWS services for which you enabled integration with your organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAWSServiceAccessForOrganization"
},
{
"resource_types": "",
"description": "Grants permission to list all of the the accounts in the organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccounts"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to list the accounts in an organization that are contained by a root or organizational unit (OU",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccountsForParent"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to list all of the OUs or accounts that are contained in a parent OU or root",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListChildren"
},
{
"resource_types": "",
"description": "Grants permission to list the asynchronous account creation requests that are currently being tracked for the organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCreateAccountStatus"
},
{
"resource_types": "",
"description": "Grants permission to list all of the handshakes that are associated with an account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHandshakesForAccount"
},
{
"resource_types": "",
"description": "Grants permission to list the handshakes that are associated with the organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHandshakesForOrganization"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListOrganizationalUnitsForParent"
},
{
"resource_types": "account",
"description": "Grants permission to list the root or organizational units (OUs) that serve as the immediate parent of a child OU or account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListParents"
},
{
"resource_types": "",
"description": "Grants permission to list all of the policies in an organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPolicies"
},
{
"resource_types": "account",
"description": "Grants permission to list all of the policies that are directly attached to a root, organizational unit (OU), or account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPoliciesForTarget"
},
{
"resource_types": "",
"description": "Grants permission to list all of the roots that are defined in the organization",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRoots"
},
{
"resource_types": "policy",
"description": "Grants permission to list all the roots, OUs, and accounts to which a policy is attached",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTargetsForPolicy"
},
{
"resource_types": "account",
"description": "Grants permission to move an account from its current root or OU to another parent root or OU",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "MoveAccount"
},
{
"resource_types": "account",
"description": "Grants permission to removes the specified account from the organization",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveAccountFromOrganization"
},
{
"resource_types": "organizationalunit",
"description": "Grants permission to rename an organizational unit (OU",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateOrganizationalUnit"
},
{
"resource_types": "policy",
"description": "Grants permission to update an existing policy with a new name, description, or content",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePolicy"
}
]
},
{
"service_name": "Amazon SES",
"privileges": [
{
"resource_types": "",
"description": "Creates a receipt rule set by cloning an existing one",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CloneReceiptRuleSet"
},
{
"resource_types": "",
"description": "Creates a new configuration set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConfigurationSet"
},
{
"resource_types": "",
"description": "Creates a configuration set event destination",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConfigurationSetEventDestination"
},
{
"resource_types": "",
"description": "Creates an association between a configuration set and a custom domain for open and click event tracking",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConfigurationSetTrackingOptions"
},
{
"resource_types": "",
"description": "Creates a new custom verification email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCustomVerificationEmailTemplate"
},
{
"resource_types": "",
"description": "Creates a new IP address filter",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReceiptFilter"
},
{
"resource_types": "",
"description": "Creates a receipt rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReceiptRule"
},
{
"resource_types": "",
"description": "Creates an empty receipt rule set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReceiptRuleSet"
},
{
"resource_types": "",
"description": "Creates an email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTemplate"
},
{
"resource_types": "",
"description": "Deletes the configuration set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigurationSet"
},
{
"resource_types": "",
"description": "Deletes a configuration set event destination",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigurationSetEventDestination"
},
{
"resource_types": "",
"description": "Deletes an association between a configuration set and a custom domain for open and click event tracking",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteConfigurationSetTrackingOptions"
},
{
"resource_types": "",
"description": "Deletes an existing custom verification email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCustomVerificationEmailTemplate"
},
{
"resource_types": "",
"description": "Deletes the specified identity (an email address or a domain) from the list of verified identities",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIdentity"
},
{
"resource_types": "",
"description": "Deletes the specified identity (an email address or a domain) from the list of verified identities",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteIdentityPolicy"
},
{
"resource_types": "",
"description": "Deletes the specified IP address filter",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReceiptFilter"
},
{
"resource_types": "",
"description": "Deletes the specified receipt rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReceiptRule"
},
{
"resource_types": "",
"description": "Deletes the specified receipt rule set and all of the receipt rules it contains",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReceiptRuleSet"
},
{
"resource_types": "",
"description": "Deletes an email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTemplate"
},
{
"resource_types": "",
"description": "Deletes the specified email address from the list of verified addresses",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteVerifiedEmailAddress"
},
{
"resource_types": "",
"description": "Returns the metadata and receipt rules for the receipt rule set that is currently active",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeActiveReceiptRuleSet"
},
{
"resource_types": "",
"description": "Returns the details of the specified configuration set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConfigurationSet"
},
{
"resource_types": "",
"description": "Returns the details of the specified receipt rule",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReceiptRule"
},
{
"resource_types": "",
"description": "Returns the details of the specified receipt rule set",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReceiptRuleSet"
},
{
"resource_types": "",
"description": "Returns the email sending status of the Amazon SES account for the current region",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountSendingEnabled"
},
{
"resource_types": "",
"description": "Returns the custom email verification template for the template name you specify",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCustomVerificationEmailTemplate"
},
{
"resource_types": "",
"description": "Returns the current status of Easy DKIM signing for an entity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityDkimAttributes"
},
{
"resource_types": "",
"description": "Returns the custom MAIL FROM attributes for a list of identities (email addresses and/or domains",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityMailFromDomainAttributes"
},
{
"resource_types": "",
"description": "Given a list of verified identities (email addresses and/or domains), returns a structure describing identity notification attributes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityNotificationAttributes"
},
{
"resource_types": "",
"description": "Returns the requested sending authorization policies for the given identity (an email address or a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityPolicies"
},
{
"resource_types": "",
"description": "Given a list of identities (email addresses and/or domains), returns the verification status and (for domain identities) the verification token for each identity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityVerificationAttributes"
},
{
"resource_types": "",
"description": "Returns the user's current sending limits",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSendQuota"
},
{
"resource_types": "",
"description": "Returns the user's sending statistics. The result is a list of data points, representing the last two weeks of sending activity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSendStatistics"
},
{
"resource_types": "",
"description": "Returns the template object (which includes the Subject line, HTML part and text part) for the template you specify",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTemplate"
},
{
"resource_types": "",
"description": "Returns a list of the configuration sets associated with your Amazon SES account in the current AWS Region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListConfigurationSets"
},
{
"resource_types": "",
"description": "Lists the existing custom verification email templates for your account in the current AWS Region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCustomVerificationEmailTemplates"
},
{
"resource_types": "",
"description": "Returns a list containing all of the identities (email addresses and domains) for your AWS account, regardless of verification status",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListIdentities"
},
{
"resource_types": "",
"description": "Returns a list of sending authorization policies that are attached to the given identity (an email address or a domain",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListIdentityPolicies"
},
{
"resource_types": "",
"description": "Lists the IP address filters associated with your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListReceiptFilters"
},
{
"resource_types": "",
"description": "Lists the receipt rule sets that exist under your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListReceiptRuleSets"
},
{
"resource_types": "",
"description": "Lists the email templates present in your Amazon SES account in the current AWS Region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTemplates"
},
{
"resource_types": "",
"description": "Returns a list containing all of the email addresses that have been verified",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListVerifiedEmailAddresses"
},
{
"resource_types": "",
"description": "Adds or updates a sending authorization policy for the specified identity (an email address or a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutIdentityPolicy"
},
{
"resource_types": "",
"description": "Reorders the receipt rules within a receipt rule set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ReorderReceiptRuleSet"
},
{
"resource_types": "",
"description": "Generates and sends a bounce message to the sender of an email you received through Amazon SES",
"condition_keys": [
"ses:FromAddress"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendBounce"
},
{
"resource_types": "",
"description": "Composes an email message to multiple destinations",
"condition_keys": [
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendBulkTemplatedEmail"
},
{
"resource_types": "",
"description": "Adds an email address to the list of identities for your Amazon SES account in the current AWS Region and attempts to verify it",
"condition_keys": [
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendCustomVerificationEmail"
},
{
"resource_types": "",
"description": "Composes an email message based on input data, and then immediately queues the message for sending",
"condition_keys": [
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendEmail"
},
{
"resource_types": "",
"description": "Sends an email message, with header and content specified by the client",
"condition_keys": [
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendRawEmail"
},
{
"resource_types": "",
"description": "Composes an email message using an email template and immediately queues it for sending",
"condition_keys": [
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendTemplatedEmail"
},
{
"resource_types": "",
"description": "Sets the specified receipt rule set as the active receipt rule set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetActiveReceiptRuleSet"
},
{
"resource_types": "",
"description": "Enables or disables Easy DKIM signing of email sent from an identity",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityDkimEnabled"
},
{
"resource_types": "",
"description": "Given an identity (an email address or a domain), enables or disables whether Amazon SES forwards bounce and complaint notifications as email",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityFeedbackForwardingEnabled"
},
{
"resource_types": "",
"description": "Given an identity (an email address or a domain), sets whether Amazon SES includes the original email headers in the Amazon Simple Notification Service (Amazon SNS) notifications of a specified type",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityHeadersInNotificationsEnabled"
},
{
"resource_types": "",
"description": "Enables or disables the custom MAIL FROM domain setup for a verified identity (an email address or a domain",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityMailFromDomain"
},
{
"resource_types": "",
"description": "Given an identity (an email address or a domain), sets the Amazon Simple Notification Service (Amazon SNS) topic to which Amazon SES will publish bounce, complaint, and/or delivery notifications for emails sent with that identity as the Source",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityNotificationTopic"
},
{
"resource_types": "",
"description": "Sets the position of the specified receipt rule in the receipt rule set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetReceiptRulePosition"
},
{
"resource_types": "",
"description": "Creates a preview of the MIME content of an email when provided with a template and a set of replacement data",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TestRenderTemplate"
},
{
"resource_types": "",
"description": "Enables or disables email sending across your entire Amazon SES account in the current AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccountSendingEnabled"
},
{
"resource_types": "",
"description": "Updates the event destination of a configuration set",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConfigurationSetEventDestination"
},
{
"resource_types": "",
"description": "Enables or disables the publishing of reputation metrics for emails sent using a specific configuration set in a given AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConfigurationSetReputationMetricsEnabled"
},
{
"resource_types": "",
"description": "Enables or disables email sending for messages sent using a specific configuration set in a given AWS Region",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConfigurationSetSendingEnabled"
},
{
"resource_types": "",
"description": "Modifies an association between a configuration set and a custom domain for open and click event tracking",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConfigurationSetTrackingOptions"
},
{
"resource_types": "",
"description": "Updates an existing custom verification email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCustomVerificationEmailTemplate"
},
{
"resource_types": "",
"description": "Updates a receipt rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateReceiptRule"
},
{
"resource_types": "",
"description": "Updates an email template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateTemplate"
},
{
"resource_types": "",
"description": "Returns a set of DKIM tokens for a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyDomainDkim"
},
{
"resource_types": "",
"description": "Verifies a domain",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyDomainIdentity"
},
{
"resource_types": "",
"description": "Verifies an email address. This action causes a confirmation email message to be sent to the specified address",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyEmailAddress"
},
{
"resource_types": "",
"description": "Verifies an email address. This action causes a confirmation email message to be sent to the specified address. This action is throttled at one request per second",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyEmailIdentity"
}
]
},
{
"service_name": "Amazon MQ",
"privileges": [
{
"resource_types": "",
"description": "Grants permission to create a broker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateBroker"
},
{
"resource_types": "",
"description": "Grants permission to create a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and engine version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateConfiguration"
},
{
"resource_types": "",
"description": "Grants permission to create tags",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTags"
},
{
"resource_types": "",
"description": "Grants permission to create an ActiveMQ user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "",
"description": "Grants permission to delete a broker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteBroker"
},
{
"resource_types": "",
"description": "Grants permission to delete tags",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "",
"description": "Grants permission to delete an ActiveMQ user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "",
"description": "Grants permission to return information about the specified broker",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBroker"
},
{
"resource_types": "",
"description": "Grants permission to return information about the specified configuration",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConfiguration"
},
{
"resource_types": "",
"description": "Grants permission to return the specified configuration revision for the specified configuration",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeConfigurationRevision"
},
{
"resource_types": "",
"description": "Grants permission to return information about an ActiveMQ user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUser"
},
{
"resource_types": "",
"description": "Grants permission to return a list of all brokers",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBrokers"
},
{
"resource_types": "",
"description": "Grants permission to return a list of all existing revisions for the specified configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListConfigurationRevisions"
},
{
"resource_types": "",
"description": "Grants permission to return a list of all configurations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListConfigurations"
},
{
"resource_types": "",
"description": "Grants permission to return a list of tags",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "",
"description": "Grants permission to return a list of all ActiveMQ users",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsers"
},
{
"resource_types": "",
"description": "Grants permission to reboot a broker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RebootBroker"
},
{
"resource_types": "",
"description": "Grants permission to add a pending configuration change to a broker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateBroker"
},
{
"resource_types": "",
"description": "Grants permission to update the specified configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateConfiguration"
},
{
"resource_types": "",
"description": "Grants permission to update the information for an ActiveMQ user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
}
]
},
{
"service_name": "Amazon Message Delivery Service",
"privileges": []
},
{
"service_name": "AWS Step Functions",
"privileges": [
{
"resource_types": "",
"description": "Creates an activity. Activities must poll Step Functions using the GetActivityTask and respond using SendTask* API calls",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateActivity"
},
{
"resource_types": "",
"description": "Creates a state machine",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateStateMachine"
},
{
"resource_types": "activity",
"description": "Deletes an activity",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteActivity"
},
{
"resource_types": "statemachine",
"description": "Deletes a state machine",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteStateMachine"
},
{
"resource_types": "activity",
"description": "Describes an activity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeActivity"
},
{
"resource_types": "execution",
"description": "Describes an execution",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeExecution"
},
{
"resource_types": "statemachine",
"description": "Describes a state machine",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStateMachine"
},
{
"resource_types": "execution",
"description": "Describes state machine for an execution",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeStateMachineForExecution"
},
{
"resource_types": "activity",
"description": "Used by workers to retrieve a task (with the specified activity ARN) which has been scheduled for execution by a running state machine",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GetActivityTask"
},
{
"resource_types": "execution",
"description": "Returns the history of the specified execution as a list of events. By default, the results are returned in ascending order of the timeStamp of the events",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetExecutionHistory"
},
{
"resource_types": "",
"description": "Lists the existing activities. The results may be split into multiple pages",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListActivities"
},
{
"resource_types": "statemachine",
"description": "Lists the executions of a state machine that meet the filtering criteria. The results may be split into multiple pages",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListExecutions"
},
{
"resource_types": "",
"description": "Lists the existing state machines. The results may be split into multiple pages",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListStateMachines"
},
{
"resource_types": "",
"description": "Used by workers to report that the task identified by the taskToken failed",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendTaskFailure"
},
{
"resource_types": "",
"description": "Used by workers to report to the service that the task represented by the specified taskToken is still making progress",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendTaskHeartbeat"
},
{
"resource_types": "",
"description": "Used by workers to report that the task identified by the taskToken completed successfully",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SendTaskSuccess"
},
{
"resource_types": "statemachine",
"description": "Starts a state machine execution",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartExecution"
},
{
"resource_types": "",
"description": "Stops an execution",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopExecution"
},
{
"resource_types": "statemachine",
"description": "Updates a state machine",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateStateMachine"
}
]
},
{
"service_name": "AWS Code Signing for Amazon FreeRTOS",
"privileges": [
{
"resource_types": "signing-profile",
"description": "Cancels a signing profile",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelSigningProfile"
},
{
"resource_types": "signing-job",
"description": "Describe a signing job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSigningJob"
},
{
"resource_types": "",
"description": "Retrieves a signing platform",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSigningPlatform"
},
{
"resource_types": "signing-profile",
"description": "Retreives a signing profile",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSigningProfile"
},
{
"resource_types": "",
"description": "List signing jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSigningJobs"
},
{
"resource_types": "",
"description": "List all signing platforms",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSigningPlatforms"
},
{
"resource_types": "",
"description": "List all signing profile associated with the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSigningProfiles"
},
{
"resource_types": "",
"description": "Creates a new signing profile if not exists",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutSigningProfile"
},
{
"resource_types": "signing-profile",
"description": "Starts a code signing request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartSigningJob"
}
]
},
{
"service_name": "Amazon SageMaker",
"privileges": [
{
"resource_types": "compilation-job",
"description": "Adds or overwrites one or more tags for the specified Amazon SageMaker resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTags"
},
{
"resource_types": "algorithm",
"description": "Create an algorithm",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlgorithm"
},
{
"resource_types": "code-repository",
"description": "Create a code repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCodeRepository"
},
{
"resource_types": "compilation-job",
"description": "Create a compilation job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCompilationJob"
},
{
"resource_types": "endpoint",
"description": "Creates an endpoint using the endpoint configuration specified in the request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEndpoint"
},
{
"resource_types": "endpoint-config",
"description": "Creates an endpoint configuration that can be deployed using Amazon SageMaker hosting services",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEndpointConfig"
},
{
"resource_types": "hyper-parameter-tuning-job",
"description": "Creates hyper parameter tuning job that can be deployed using Amazon SageMaker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHyperParameterTuningJob"
},
{
"resource_types": "labeling-job",
"description": "Create a labeling job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLabelingJob"
},
{
"resource_types": "model",
"description": "Creates a model in Amazon SageMaker. In the request, you specify a name for the model and describe one or more containers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateModel"
},
{
"resource_types": "model-package",
"description": "Create a model package",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateModelPackage"
},
{
"resource_types": "notebook-instance",
"description": "Creates an Amazon SageMaker notebook instance. A notebook instance is an Amazon EC2 instance running on a Jupyter Notebook",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNotebookInstance"
},
{
"resource_types": "notebook-instance-lifecycle-config",
"description": "Creates an notebook instance lifecycle configuration that can be deployed using Amazon SageMaker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateNotebookInstanceLifecycleConfig"
},
{
"resource_types": "notebook-instance",
"description": "Returns a URL that you can use from your browser to connect to the Notebook Instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "CreatePresignedNotebookInstanceUrl"
},
{
"resource_types": "training-job",
"description": "Starts a model training job. After training completes, Amazon SageMaker saves the resulting model artifacts and other optional output to an Amazon S3 location that you specify",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTrainingJob"
},
{
"resource_types": "transform-job",
"description": "Starts a transform job. After the results are obtained, Amazon SageMaker saves them to an Amazon S3 location that you specify",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateTransformJob"
},
{
"resource_types": "workteam",
"description": "Create a workteam",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateWorkteam"
},
{
"resource_types": "algorithm",
"description": "Deletes an algorithm",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAlgorithm"
},
{
"resource_types": "code-repository",
"description": "Deletes a code repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCodeRepository"
},
{
"resource_types": "endpoint",
"description": "Deletes an endpoint. Amazon SageMaker frees up all the resources that were deployed when the endpoint was created",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEndpoint"
},
{
"resource_types": "endpoint-config",
"description": "Deletes the endpoint configuration created using the CreateEndpointConfig API. The DeleteEndpointConfig API deletes only the specified configuration. It does not delete any endpoints created using the configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEndpointConfig"
},
{
"resource_types": "model",
"description": "Deletes a model created using the CreateModel API. The DeleteModel API deletes only the model entry in Amazon SageMaker that you created by calling the CreateModel API. It does not delete model artifacts, inference code, or the IAM role that you specified when creating the model",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteModel"
},
{
"resource_types": "model-package",
"description": "Deletes a model package",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteModelPackage"
},
{
"resource_types": "notebook-instance",
"description": "Deletes an Amazon SageMaker notebook instance. Before you can delete a notebook instance, you must call the StopNotebookInstance API",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNotebookInstance"
},
{
"resource_types": "notebook-instance-lifecycle-config",
"description": "Deletes an notebook instance lifecycle configuration that can be deployed using Amazon SageMaker",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNotebookInstanceLifecycleConfig"
},
{
"resource_types": "compilation-job",
"description": "Deletes the specified set of tags from an Amazon SageMaker resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "workteam",
"description": "Deletes a workteam",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteWorkteam"
},
{
"resource_types": "algorithm",
"description": "Returns information about an algorithm",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAlgorithm"
},
{
"resource_types": "code-repository",
"description": "Returns information about a code repository",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCodeRepository"
},
{
"resource_types": "compilation-job",
"description": "Returns information about a compilation job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCompilationJob"
},
{
"resource_types": "endpoint",
"description": "Returns the description of an endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEndpoint"
},
{
"resource_types": "endpoint-config",
"description": "Returns the description of an endpoint configuration, which was created using the CreateEndpointConfig API",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEndpointConfig"
},
{
"resource_types": "hyper-parameter-tuning-job",
"description": "Describes a hyper parameter tuning job that was created via CreateHyperParameterTuningJob API",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHyperParameterTuningJob"
},
{
"resource_types": "labeling-job",
"description": "Returns information about a labeling job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLabelingJob"
},
{
"resource_types": "model",
"description": "Describes a model that you created using the CreateModel API",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeModel"
},
{
"resource_types": "model-package",
"description": "Returns information about a model package",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeModelPackage"
},
{
"resource_types": "notebook-instance",
"description": "Returns information about a notebook instance",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeNotebookInstance"
},
{
"resource_types": "notebook-instance-lifecycle-config",
"description": "Describes an notebook instance lifecycle configuration that was created via CreateNotebookInstanceLifecycleConfig API",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeNotebookInstanceLifecycleConfig"
},
{
"resource_types": "workteam",
"description": "Returns information about a subscribed workteam",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSubscribedWorkteam"
},
{
"resource_types": "training-job",
"description": "Returns information about a training job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTrainingJob"
},
{
"resource_types": "transform-job",
"description": "Returns information about a transform job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTransformJob"
},
{
"resource_types": "workteam",
"description": "Returns information about a workteam",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeWorkteam"
},
{
"resource_types": "training-job",
"description": "Get search suggestions when provided with keyword",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetSearchSuggestions"
},
{
"resource_types": "endpoint",
"description": "After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "InvokeEndpoint"
},
{
"resource_types": "",
"description": "Lists algorithms",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAlgorithms"
},
{
"resource_types": "",
"description": "Lists code repositories",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCodeRepositories"
},
{
"resource_types": "",
"description": "Lists compilation jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCompilationJobs"
},
{
"resource_types": "",
"description": "Lists endpoint configurations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEndpointConfigs"
},
{
"resource_types": "",
"description": "Lists endpoints",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEndpoints"
},
{
"resource_types": "",
"description": "Lists hyper parameter tuning jobs that was created using Amazon SageMaker",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHyperParameterTuningJobs"
},
{
"resource_types": "",
"description": "Lists labeling jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLabelingJobs"
},
{
"resource_types": "workteam",
"description": "Lists labeling jobs for workteam",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLabelingJobsForWorkteam"
},
{
"resource_types": "",
"description": "Lists model packages",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListModelPackages"
},
{
"resource_types": "",
"description": "Lists the models created with the CreateModel API",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListModels"
},
{
"resource_types": "",
"description": "Lists notebook instance lifecycle configurations that can be deployed using Amazon SageMaker",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListNotebookInstanceLifecycleConfigs"
},
{
"resource_types": "",
"description": "Returns a list of the Amazon SageMaker notebook instances in the requester's account in an AWS Region",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListNotebookInstances"
},
{
"resource_types": "",
"description": "Lists subscribed workteams",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSubscribedWorkteams"
},
{
"resource_types": "",
"description": "Returns the tag set associated with the specified resource",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "",
"description": "Lists training jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTrainingJobs"
},
{
"resource_types": "hyper-parameter-tuning-job",
"description": "Lists training jobs for a hyper parameter tuning job that was created using Amazon SageMaker",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTrainingJobsForHyperParameterTuningJob"
},
{
"resource_types": "",
"description": "Lists transform jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTransformJobs"
},
{
"resource_types": "",
"description": "Lists workteams",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListWorkteams"
},
{
"resource_types": "training-job",
"description": "Search for a training job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "Search"
},
{
"resource_types": "notebook-instance",
"description": "Launches an EC2 instance with the latest version of the libraries and attaches your EBS volume",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartNotebookInstance"
},
{
"resource_types": "compilation-job",
"description": "Stops a compilation job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopCompilationJob"
},
{
"resource_types": "hyper-parameter-tuning-job",
"description": "Stops a running hyper parameter tuning job create via the CreateHyperParameterTuningJob",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopHyperParameterTuningJob"
},
{
"resource_types": "labeling-job",
"description": "Stops a labeling job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopLabelingJob"
},
{
"resource_types": "notebook-instance",
"description": "Terminates the EC2 instance. Before terminating the instance, Amazon SageMaker disconnects the EBS volume from it. Amazon SageMaker preserves the EBS volume",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopNotebookInstance"
},
{
"resource_types": "training-job",
"description": "Stops a training job. To stop a job, Amazon SageMaker sends the algorithm the SIGTERM signal, which delays job termination for 120 seconds",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopTrainingJob"
},
{
"resource_types": "transform-job",
"description": "Stops a transform job. When Amazon SageMaker receives a StopTransformJob request, the status of the job changes to Stopping. After Amazon SageMaker stops the job, the status is set to Stopped",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopTransformJob"
},
{
"resource_types": "code-repository",
"description": "Updates a code repository",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCodeRepository"
},
{
"resource_types": "endpoint",
"description": "Updates an endpoint to use the endpoint configuration specified in the request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEndpoint"
},
{
"resource_types": "endpoint",
"description": "Updates variant weight, capacity, or both of one or more variants associated with an endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEndpointWeightsAndCapacities"
},
{
"resource_types": "notebook-instance",
"description": "Updates a notebook instance. Notebook instance updates include upgrading or downgrading the EC2 instance used for your notebook instance to accommodate changes in your workload requirements. You can also update the VPC security groups",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateNotebookInstance"
},
{
"resource_types": "workteam",
"description": "Updates a workteam",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateWorkteam"
}
]
},
{
"service_name": "AWS SSO Directory",
"privileges": []
},
{
"service_name": "Amazon EC2 Auto Scaling",
"privileges": [
{
"resource_types": "autoScalingGroup",
"description": "Attaches one or more EC2 instances to the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachInstances"
},
{
"resource_types": "autoScalingGroup",
"description": "Attaches one or more target groups to the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachLoadBalancerTargetGroups"
},
{
"resource_types": "autoScalingGroup",
"description": "Attaches one or more load balancers to the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachLoadBalancers"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified scheduled actions",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchDeleteScheduledAction"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates or updates multiple scheduled scaling actions for an Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchPutScheduledUpdateGroupAction"
},
{
"resource_types": "autoScalingGroup",
"description": "Completes the lifecycle action for the specified token or instance with the specified result",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CompleteLifecycleAction"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates an Auto Scaling group with the specified name and attributes",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateAutoScalingGroup"
},
{
"resource_types": "launchConfiguration",
"description": "Creates a launch configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLaunchConfiguration"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates or updates tags for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateOrUpdateTags"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAutoScalingGroup"
},
{
"resource_types": "launchConfiguration",
"description": "Deletes the specified launch configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLaunchConfiguration"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified lifecycle hook",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLifecycleHook"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified notification",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteNotificationConfiguration"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified Auto Scaling policy",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "DeletePolicy"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified scheduled action",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteScheduledAction"
},
{
"resource_types": "autoScalingGroup",
"description": "Deletes the specified tags",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "DeleteTags"
},
{
"resource_types": "",
"description": "Describes the current Auto Scaling resource limits for your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAccountLimits"
},
{
"resource_types": "",
"description": "Describes the policy adjustment types for use with PutScalingPolicy",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAdjustmentTypes"
},
{
"resource_types": "",
"description": "Describes one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto Scaling groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAutoScalingGroups"
},
{
"resource_types": "",
"description": "Describes one or more Auto Scaling instances. If a list is not provided, the call describes all instances",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAutoScalingInstances"
},
{
"resource_types": "",
"description": "Describes the notification types that are supported by Auto Scaling",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeAutoScalingNotificationTypes"
},
{
"resource_types": "",
"description": "Describes one or more launch configurations. If you omit the list of names, then the call describes all launch configurations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLaunchConfigurations"
},
{
"resource_types": "",
"description": "Describes the available types of lifecycle hooks",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLifecycleHookTypes"
},
{
"resource_types": "",
"description": "Describes the lifecycle hooks for the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLifecycleHooks"
},
{
"resource_types": "",
"description": "Describes the target groups for the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLoadBalancerTargetGroups"
},
{
"resource_types": "",
"description": "Describes the load balancers for the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeLoadBalancers"
},
{
"resource_types": "",
"description": "Describes the available CloudWatch metrics for Auto Scaling",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeMetricCollectionTypes"
},
{
"resource_types": "",
"description": "Describes the notification actions associated with the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeNotificationConfigurations"
},
{
"resource_types": "",
"description": "Describes the policies for the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribePolicies"
},
{
"resource_types": "",
"description": "Describes one or more scaling activities for the specified Auto Scaling group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeScalingActivities"
},
{
"resource_types": "",
"description": "Describes the scaling process types for use with ResumeProcesses and SuspendProcesses",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeScalingProcessTypes"
},
{
"resource_types": "",
"description": "Describes the actions scheduled for your Auto Scaling group that haven't run",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeScheduledActions"
},
{
"resource_types": "",
"description": "Describes the specified tags",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTags"
},
{
"resource_types": "",
"description": "Describes the termination policies supported by Auto Scaling",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeTerminationPolicyTypes"
},
{
"resource_types": "autoScalingGroup",
"description": "Removes one or more instances from the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachInstances"
},
{
"resource_types": "autoScalingGroup",
"description": "Detaches one or more target groups from the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachLoadBalancerTargetGroups"
},
{
"resource_types": "autoScalingGroup",
"description": "Removes one or more load balancers from the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DetachLoadBalancers"
},
{
"resource_types": "autoScalingGroup",
"description": "Disables monitoring of the specified metrics for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisableMetricsCollection"
},
{
"resource_types": "autoScalingGroup",
"description": "Enables monitoring of the specified metrics for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnableMetricsCollection"
},
{
"resource_types": "autoScalingGroup",
"description": "Moves the specified instances into Standby mode",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "EnterStandby"
},
{
"resource_types": "autoScalingGroup",
"description": "Executes the specified policy",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "ExecutePolicy"
},
{
"resource_types": "autoScalingGroup",
"description": "Moves the specified instances out of Standby mode",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ExitStandby"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates or updates a lifecycle hook for the specified Auto Scaling Group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutLifecycleHook"
},
{
"resource_types": "autoScalingGroup",
"description": "Configures an Auto Scaling group to send notifications when specified events take place",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutNotificationConfiguration"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates or updates a policy for an Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "PutScalingPolicy"
},
{
"resource_types": "autoScalingGroup",
"description": "Creates or updates a scheduled scaling action for an Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutScheduledUpdateGroupAction"
},
{
"resource_types": "autoScalingGroup",
"description": "Records a heartbeat for the lifecycle action associated with the specified token or instance",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RecordLifecycleActionHeartbeat"
},
{
"resource_types": "autoScalingGroup",
"description": "Resumes the specified suspended Auto Scaling processes, or all suspended process, for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResumeProcesses"
},
{
"resource_types": "autoScalingGroup",
"description": "Sets the size of the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetDesiredCapacity"
},
{
"resource_types": "autoScalingGroup",
"description": "Sets the health status of the specified instance",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetInstanceHealth"
},
{
"resource_types": "autoScalingGroup",
"description": "Updates the instance protection settings of the specified instances",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetInstanceProtection"
},
{
"resource_types": "autoScalingGroup",
"description": "Suspends the specified Auto Scaling processes, or all processes, for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SuspendProcesses"
},
{
"resource_types": "autoScalingGroup",
"description": "Terminates the specified instance and optionally adjusts the desired group size",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TerminateInstanceInAutoScalingGroup"
},
{
"resource_types": "autoScalingGroup",
"description": "Updates the configuration for the specified Auto Scaling group",
"condition_keys": [
"autoscaling:ResourceTag/${TagKey"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAutoScalingGroup"
}
]
},
{
"service_name": "AWS Elemental MediaConvert",
"privileges": [
{
"resource_types": "",
"description": "Cancel a mediaconvert job that is waiting in queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelJob"
},
{
"resource_types": "",
"description": "Create and submit a mediaconvert job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJob"
},
{
"resource_types": "",
"description": "Create a mediaconvert custom job template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateJobTemplate"
},
{
"resource_types": "",
"description": "Create a mediaconvert custom output preset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePreset"
},
{
"resource_types": "",
"description": "Create a mediaconvert job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateQueue"
},
{
"resource_types": "",
"description": "Delete a mediaconvert custom job template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteJobTemplate"
},
{
"resource_types": "",
"description": "Delete a mediaconvert custom output preset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePreset"
},
{
"resource_types": "",
"description": "Delete a mediaconvert job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteQueue"
},
{
"resource_types": "",
"description": "Subscribe to mediaconvert service, returns one (or more) custom endpoints",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "DescribeEndpoints"
},
{
"resource_types": "",
"description": "Get a mediaconvert job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJob"
},
{
"resource_types": "",
"description": "Get a mediaconvert job template",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetJobTemplate"
},
{
"resource_types": "",
"description": "Get a mediaconvert output preset",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPreset"
},
{
"resource_types": "",
"description": "Get a mediaconvert job queue",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetQueue"
},
{
"resource_types": "",
"description": "List mediaconvert job templates",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobTemplates"
},
{
"resource_types": "",
"description": "List mediaconvert jobs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListJobs"
},
{
"resource_types": "",
"description": "List mediaconvert output presets",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPresets"
},
{
"resource_types": "",
"description": "List mediaconvert job queues",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListQueues"
},
{
"resource_types": "",
"description": "Update a mediaconvert custom job template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateJobTemplate"
},
{
"resource_types": "",
"description": "Update a mediaconvert custom output preset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePreset"
},
{
"resource_types": "",
"description": "Update a mediaconvert job queue",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateQueue"
}
]
},
{
"service_name": "AWS Elemental MediaConnect",
"privileges": [
{
"resource_types": "",
"description": "Grants permission to add outputs to any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddFlowOutputs"
},
{
"resource_types": "",
"description": "Grants permission to create flows",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFlow"
},
{
"resource_types": "",
"description": "Grants permission to delete flows",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFlow"
},
{
"resource_types": "",
"description": "Grants permission to display the details of a flow including the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFlow"
},
{
"resource_types": "",
"description": "Grants permission to grant entitlements on any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GrantFlowEntitlements"
},
{
"resource_types": "",
"description": "Grants permission to display a list of all entitlements that have been granted to the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEntitlements"
},
{
"resource_types": "",
"description": "Grants permission to display a list of flows that are associated with this account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListFlows"
},
{
"resource_types": "",
"description": "Grants permission to remove outputs from any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveFlowOutput"
},
{
"resource_types": "",
"description": "Grants permission to revoke entitlements on any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RevokeFlowEntitlement"
},
{
"resource_types": "",
"description": "Grants permission to start flows",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartFlow"
},
{
"resource_types": "",
"description": "Grants permission to stop flows",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopFlow"
},
{
"resource_types": "",
"description": "Grants permission to update entitlements on any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFlowEntitlement"
},
{
"resource_types": "",
"description": "Grants permission to update outputs on any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFlowOutput"
},
{
"resource_types": "",
"description": "Grants permission to update the source of any flow",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFlowSource"
}
]
},
{
"service_name": "AWS Cost and Usage Report",
"privileges": [
{
"resource_types": "cur",
"description": "Delete Cost and Usage Report Definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReportDefinition"
},
{
"resource_types": "",
"description": "Get Cost and Usage Report Definitions",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReportDefinitions"
},
{
"resource_types": "cur",
"description": "Write Cost and Usage Report Definition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutReportDefinition"
}
]
},
{
"service_name": "AWS IoT Analytics",
"privileges": [
{
"resource_types": "channel",
"description": "Puts a batch of messages into the specified channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchPutMessage"
},
{
"resource_types": "pipeline",
"description": "Cancels reprocessing for the specified pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CancelPipelineReprocessing"
},
{
"resource_types": "channel",
"description": "Creates a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateChannel"
},
{
"resource_types": "dataset",
"description": "Creates a dataset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDataset"
},
{
"resource_types": "dataset",
"description": "Generates content of the specified dataset (by executing the dataset actions",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDatasetContent"
},
{
"resource_types": "datastore",
"description": "Creates a datastore",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDatastore"
},
{
"resource_types": "pipeline",
"description": "Creates a pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreatePipeline"
},
{
"resource_types": "channel",
"description": "Deletes the specified channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteChannel"
},
{
"resource_types": "dataset",
"description": "Deletes the specified dataset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDataset"
},
{
"resource_types": "dataset",
"description": "Deletes the content of the specified dataset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDatasetContent"
},
{
"resource_types": "datastore",
"description": "Deletes the specified datastore",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDatastore"
},
{
"resource_types": "pipeline",
"description": "Deletes the specified pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeletePipeline"
},
{
"resource_types": "channel",
"description": "Describes the specified channel",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeChannel"
},
{
"resource_types": "dataset",
"description": "Describes the specified dataset",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDataset"
},
{
"resource_types": "datastore",
"description": "Describes the specified datastore",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDatastore"
},
{
"resource_types": "",
"description": "Describes logging options for the the account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLoggingOptions"
},
{
"resource_types": "pipeline",
"description": "Describes the specified pipeline",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribePipeline"
},
{
"resource_types": "dataset",
"description": "Gets the content of the specified dataset",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDatasetContent"
},
{
"resource_types": "",
"description": "Lists the channels for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListChannels"
},
{
"resource_types": "",
"description": "Lists the datasets for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDatasets"
},
{
"resource_types": "",
"description": "Lists the datastores for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDatastores"
},
{
"resource_types": "",
"description": "Lists the pipelines for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListPipelines"
},
{
"resource_types": "channel",
"description": "Lists the tags (metadata) which you have assigned to the resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Puts logging options for the the account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutLoggingOptions"
},
{
"resource_types": "",
"description": "Runs the specified pipeline activity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "RunPipelineActivity"
},
{
"resource_types": "channel",
"description": "Samples the specified channel's data",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "SampleChannelData"
},
{
"resource_types": "pipeline",
"description": "Starts reprocessing for the specified pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartPipelineReprocessing"
},
{
"resource_types": "channel",
"description": "Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "channel",
"description": "Removes the given tags (metadata) from the resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "channel",
"description": "Updates the specified channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateChannel"
},
{
"resource_types": "dataset",
"description": "Updates the specified dataset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDataset"
},
{
"resource_types": "datastore",
"description": "Updates the specified datastore",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDatastore"
},
{
"resource_types": "pipeline",
"description": "Updates the specified pipeline",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdatePipeline"
}
]
},
{
"service_name": "AWS DeepLens",
"privileges": []
},
{
"service_name": "AWS Elemental MediaLive",
"privileges": [
{
"resource_types": "",
"description": "Grants permission to add and remove actions from a channel's schedule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchUpdateSchedule"
},
{
"resource_types": "",
"description": "Grants permission to create a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateChannel"
},
{
"resource_types": "",
"description": "Grants permission to create an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInput"
},
{
"resource_types": "",
"description": "Grants permission to create an input security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInputSecurityGroup"
},
{
"resource_types": "",
"description": "Grants permission to delete a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteChannel"
},
{
"resource_types": "",
"description": "Grants permission to delete an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInput"
},
{
"resource_types": "",
"description": "Grants permission to delete an input security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteInputSecurityGroup"
},
{
"resource_types": "",
"description": "Grants permission to delete an expired reservation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteReservation"
},
{
"resource_types": "",
"description": "Grants permission to get details about a channel",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeChannel"
},
{
"resource_types": "",
"description": "Grants permission to describe an input",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeInput"
},
{
"resource_types": "",
"description": "Grants permission to describe an input security group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeInputSecurityGroup"
},
{
"resource_types": "",
"description": "Grants permission to get details about a reservation offering",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeOffering"
},
{
"resource_types": "",
"description": "Grants permission to get details about a reservation",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeReservation"
},
{
"resource_types": "",
"description": "Grants permission to view a list of actions scheduled on a channel",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSchedule"
},
{
"resource_types": "",
"description": "Grants permission to list channels",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListChannels"
},
{
"resource_types": "",
"description": "Grants permission to list input security groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInputSecurityGroups"
},
{
"resource_types": "",
"description": "Grants permission to list inputs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInputs"
},
{
"resource_types": "",
"description": "Grants permission to list reservation offerings",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListOfferings"
},
{
"resource_types": "",
"description": "Grants permission to list reservations",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListReservations"
},
{
"resource_types": "",
"description": "Grants permission to purchase a reservation offering",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PurchaseOffering"
},
{
"resource_types": "",
"description": "Grants permission to start a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartChannel"
},
{
"resource_types": "",
"description": "Grants permission to stop a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopChannel"
},
{
"resource_types": "",
"description": "Grants permission to update a channel",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateChannel"
},
{
"resource_types": "",
"description": "Grants permission to update an input",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateInput"
},
{
"resource_types": "",
"description": "Grants permission to update an input security group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateInputSecurityGroup"
}
]
},
{
"service_name": "Amazon Inspector",
"privileges": [
{
"resource_types": "",
"description": "Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddAttributesToFindings"
},
{
"resource_types": "",
"description": "Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAssessmentTarget"
},
{
"resource_types": "",
"description": "Creates an assessment template for the assessment target that is specified by the ARN of the assessment target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAssessmentTemplate"
},
{
"resource_types": "",
"description": "Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateResourceGroup"
},
{
"resource_types": "",
"description": "Deletes the assessment run that is specified by the ARN of the assessment run",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAssessmentRun"
},
{
"resource_types": "",
"description": "Deletes the assessment target that is specified by the ARN of the assessment target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAssessmentTarget"
},
{
"resource_types": "",
"description": "Deletes the assessment template that is specified by the ARN of the assessment template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAssessmentTemplate"
},
{
"resource_types": "",
"description": "Describes the assessment runs that are specified by the ARNs of the assessment runs",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAssessmentRuns"
},
{
"resource_types": "",
"description": "Describes the assessment targets that are specified by the ARNs of the assessment targets",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAssessmentTargets"
},
{
"resource_types": "",
"description": "Describes the assessment templates that are specified by the ARNs of the assessment templates",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAssessmentTemplates"
},
{
"resource_types": "",
"description": "Describes the IAM role that enables Amazon Inspector to access your AWS account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeCrossAccountAccessRole"
},
{
"resource_types": "",
"description": "Describes the findings that are specified by the ARNs of the findings",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeFindings"
},
{
"resource_types": "",
"description": "Describes the resource groups that are specified by the ARNs of the resource groups",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeResourceGroups"
},
{
"resource_types": "",
"description": "Describes the rules packages that are specified by the ARNs of the rules packages",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeRulesPackages"
},
{
"resource_types": "",
"description": "Information about the data that is collected for the specified assessment run",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTelemetryMetadata"
},
{
"resource_types": "",
"description": "Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAssessmentRunAgents"
},
{
"resource_types": "",
"description": "Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAssessmentRuns"
},
{
"resource_types": "",
"description": "Lists the ARNs of the assessment targets within this AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAssessmentTargets"
},
{
"resource_types": "",
"description": "Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAssessmentTemplates"
},
{
"resource_types": "",
"description": "Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEventSubscriptions"
},
{
"resource_types": "",
"description": "Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListFindings"
},
{
"resource_types": "",
"description": "Lists all available Amazon Inspector rules packages",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListRulesPackages"
},
{
"resource_types": "",
"description": "Lists all tags associated with an assessment template",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Previews the agents installed on the EC2 instances that are part of the specified assessment target",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "PreviewAgents"
},
{
"resource_types": "",
"description": "Registers the IAM role that Amazon Inspector uses to list your EC2 instances at the start of the assessment run or when you call the PreviewAgents action",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterCrossAccountAccessRole"
},
{
"resource_types": "",
"description": "Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RemoveAttributesFromFindings"
},
{
"resource_types": "",
"description": "Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "SetTagsForResource"
},
{
"resource_types": "",
"description": "Starts the assessment run specified by the ARN of the assessment template",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartAssessmentRun"
},
{
"resource_types": "",
"description": "Stops the assessment run that is specified by the ARN of the assessment run",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopAssessmentRun"
},
{
"resource_types": "",
"description": "Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubscribeToEvent"
},
{
"resource_types": "",
"description": "Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnsubscribeFromEvent"
},
{
"resource_types": "",
"description": "Updates the assessment target that is specified by the ARN of the assessment target",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAssessmentTarget"
}
]
},
{
"service_name": "AWS Lambda",
"privileges": [
{
"resource_types": "layerVersion",
"description": "Adds a permission policy to a version of a function layer",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AddLayerVersionPermission"
},
{
"resource_types": "function",
"description": "Adds a permission to the resource policy associated with the specified AWS Lambda function",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "AddPermission"
},
{
"resource_types": "function",
"description": "Creates an alias that points to the specified Lambda function version",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAlias"
},
{
"resource_types": "",
"description": "Identifies a stream as an event source for a Lambda function",
"condition_keys": [
"lambda:FunctionArn"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEventSourceMapping"
},
{
"resource_types": "function",
"description": "Creates a new Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateFunction"
},
{
"resource_types": "function",
"description": "Deletes the specified Lambda function alias",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAlias"
},
{
"resource_types": "eventSourceMapping",
"description": "Removes an event source mapping",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEventSourceMapping"
},
{
"resource_types": "function",
"description": "Deletes the specified Lambda function code and configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFunction"
},
{
"resource_types": "function",
"description": "Remove concurrency limit set on a Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteFunctionConcurrency"
},
{
"resource_types": "layerVersion",
"description": "Deletes a version of a function layer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLayerVersion"
},
{
"resource_types": "",
"description": "Returns account limits and usage statistics, such as concurrency and code storage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountSettings"
},
{
"resource_types": "function",
"description": "Returns the specified alias information such as the alias ARN, description, and function version it is pointing to",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAlias"
},
{
"resource_types": "",
"description": "Returns configuration information for the specified event source mapping",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetEventSourceMapping"
},
{
"resource_types": "function",
"description": "Returns the configuration information of the Lambda function and a presigned URL link to the .zip file you uploaded with CreateFunction so you can download the .zip file",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFunction"
},
{
"resource_types": "function",
"description": "Returns the configuration information of the Lambda function",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetFunctionConfiguration"
},
{
"resource_types": "layerVersion",
"description": "Returns information about a version of a function layer, with a link to download the layer archive that is valid for 10 minutes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLayerVersion"
},
{
"resource_types": "layerVersion",
"description": "Returns the permissions policy for a layer version",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetLayerVersionPolicy"
},
{
"resource_types": "function",
"description": "Returns the resource policy associated with the specified Lambda function",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetPolicy"
},
{
"resource_types": "function",
"description": "Submits an invocation request to AWS Lambda. Is deprecated",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InvokeAsync"
},
{
"resource_types": "function",
"description": "Invokes a specific Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InvokeFunction"
},
{
"resource_types": "function",
"description": "Returns list of aliases created for a Lambda function",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAliases"
},
{
"resource_types": "",
"description": "Returns a list of event source mappings you created using the CreateEventSourceMapping",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEventSourceMappings"
},
{
"resource_types": "",
"description": "Returns a list of your Lambda functions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListFunctions"
},
{
"resource_types": "",
"description": "Returns a list of your Lambda layer versions",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLayerVersions"
},
{
"resource_types": "",
"description": "Lists function layers and shows information about the latest version of each",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLayers"
},
{
"resource_types": "function",
"description": "Lists tags for a Lambda function",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "function",
"description": "List all versions of a function",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListVersionsByFunction"
},
{
"resource_types": "layer",
"description": "Creates a function layer from a ZIP archive. Each time you call PublishLayerVersion with the same version name, a new version is created",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PublishLayerVersion"
},
{
"resource_types": "function",
"description": "Publishes a version of your function from the current snapshot of $LATEST",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PublishVersion"
},
{
"resource_types": "function",
"description": "Adds concurrency limit to a Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutFunctionConcurrency"
},
{
"resource_types": "layerVersion",
"description": "Removes a statement from the permissions policy for a layer version",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RemoveLayerVersionPermission"
},
{
"resource_types": "function",
"description": "You can remove individual permissions from an resource policy associated with a Lambda function by providing a statement ID that you provided when you added the permission",
"condition_keys": [],
"access_level": "Permissions management",
"dependent_actions": [],
"privilege": "RemovePermission"
},
{
"resource_types": "function",
"description": "Adds tags to a Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "function",
"description": "Removes tags from a Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "function",
"description": "Using this API you can update the function version to which the alias points and the alias description",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAlias"
},
{
"resource_types": "",
"description": "You can update an event source mapping",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEventSourceMapping"
},
{
"resource_types": "function",
"description": "Updates the code for the specified Lambda function",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFunctionCode"
},
{
"resource_types": "function",
"description": "Updates the configuration parameters for the specified Lambda function by using the values provided in the request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateFunctionConfiguration"
}
]
},
{
"service_name": "AWS Cost Explorer Service",
"privileges": [
{
"resource_types": "",
"description": "Get cost and usage metrics for your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCostAndUsage"
},
{
"resource_types": "",
"description": "Retrieve all available filter values for a filter over a period of time",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDimensionValues"
},
{
"resource_types": "",
"description": "Get reservation utilization for your account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetReservationUtilization"
},
{
"resource_types": "",
"description": "Query tags for a specified time period",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetTags"
}
]
},
{
"service_name": "Amazon CloudFront",
"privileges": [
{
"resource_types": "",
"description": "This action creates a new CloudFront origin access identity (POST /2016-11-25/origin-access-identity/cloudfront",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCloudFrontOriginAccessIdentity"
},
{
"resource_types": "",
"description": "This action creates a new web distribution (POST /2016-11-25/distribution",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDistribution"
},
{
"resource_types": "",
"description": "This action creates a new web distribution with tags (POST /2016-11-25/distribution?WithTags",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateDistributionWithTags"
},
{
"resource_types": "",
"description": "This action creates a new invalidation batch request (POST /2016-11-25/distribution/<DISTRIBUTION_ID>/invalidation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateInvalidation"
},
{
"resource_types": "",
"description": "This action creates a new RTMP distribution (POST /2016-11-25/streaming-distribution",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateStreamingDistribution"
},
{
"resource_types": "",
"description": "This action creates a new RTMP distribution with tags (POST /2016-11-25/streaming-distribution?WithTags",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "CreateStreamingDistributionWithTags"
},
{
"resource_types": "",
"description": "This action deletes a CloudFront origin access identity (DELETE /2016-11-25/origin-access-identity/cloudfront/<OAI_ID",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCloudFrontOriginAccessIdentity"
},
{
"resource_types": "",
"description": "This action deletes a web distribution (DELETE /2016-11-25/distribution/<DISTRIBUTION_ID",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDistribution"
},
{
"resource_types": "",
"description": "This action deletes an RTMP distribution (DELETE /2016-11-25/streaming-distribution/<DISTRIBUTION_ID",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteStreamingDistribution"
},
{
"resource_types": "",
"description": "Get the information about a CloudFront origin access identity (GET /2016-11-25/origin-access-identity/cloudfront/<OAI_ID",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCloudFrontOriginAccessIdentity"
},
{
"resource_types": "",
"description": "Get the configuration information about a Cloudfront origin access identity (GET /2016-11-25/origin-access-identity/cloudfront/<OAI_ID>/config",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCloudFrontOriginAccessIdentityConfig"
},
{
"resource_types": "",
"description": "Get the information about a web distribution (GET /2016-11-25/distribution/<DISTRIBUTION_ID",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDistribution"
},
{
"resource_types": "",
"description": "Get the configuration information about a distribution (GET /2016-11-25/distribution/<DISTRIBUTION_ID>/config",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDistributionConfig"
},
{
"resource_types": "",
"description": "Get the information about an invalidation (GET /2016-11-25/distribution/<DISTRIBUTION_ID>/invalidation/<INVALIDATION_ID",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetInvalidation"
},
{
"resource_types": "",
"description": "Get the information about an RTMP distribution (GET /2016-11-25/streaming-distribution/<DISTRIBUTION_ID",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetStreamingDistribution"
},
{
"resource_types": "",
"description": "Get the configuration information about a streaming distribution (GET /2016-11-25/streaming-distribution/<DISTRIBUTION_ID>/config",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetStreamingDistributionConfig"
},
{
"resource_types": "",
"description": "List your CloudFront origin access identities (GET /2016-11-25/origin-access-identity/cloudfront?Marker=<MARKER>&MaxItems=<MAX_ITEMS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListCloudFrontOriginAccessIdentities"
},
{
"resource_types": "",
"description": "List the distributions associated with your AWS account (GET /2016-11-25/distribution?Marker=<MARKER>&MaxItems=<MAX_ITEMS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDistributions"
},
{
"resource_types": "",
"description": "List the distributions associated with your AWS account with given AWS WAF web ACL (GET /2016-11-25/distributionsByWebACLId/<WEB_ACL_ID>?Marker=<MARKER>&MaxItems=<MAX_ITEMS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDistributionsByWebACLId"
},
{
"resource_types": "",
"description": "List your invalidation batches (GET /2016-11-25/distribution/<DISTRIBUTION_ID>/invalidation?Marker=<MARKER>&MaxItems=<MAX_ITEMS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListInvalidations"
},
{
"resource_types": "",
"description": "List your RTMP distributions (GET /2016-11-25/streaming-distribution?Marker=<MARKER>&MaxItems=<MAX_ITEMS",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListStreamingDistributions"
},
{
"resource_types": "",
"description": "List tags for a CloudFront resource (GET /2016-11-25/tagging?Resource=<RESOURCE",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Add tags to a CloudFront resource (POST /2016-11-25/tagging?Operation=Tag?Resource=<RESOURCE",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "",
"description": "Remove tags from a CloudFront resource (POST /2016-11-25/tagging?Operation=Untag?Resource=<RESOURCE",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "",
"description": "This action sets the configuration for a CloudFront origin access identity (PUT /2016-11-25/origin-access-identity/cloudfront/<OAI_ID>/config",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateCloudFrontOriginAccessIdentity"
},
{
"resource_types": "",
"description": "This action updates the configuration for a web distribution (PUT /2016-11-25/distribution/<DISTRIBUTION_ID>/config",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateDistribution"
},
{
"resource_types": "",
"description": "This action updates the configuration for an RTMP distribution (PUT /2016-11-25/streaming-distribution/<DISTRIBUTION_ID>/config",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateStreamingDistribution"
}
]
},
{
"service_name": "Amazon Chime",
"privileges": [
{
"resource_types": "",
"description": "Accepts the delegate invitation to share management of an Amazon Chime account with another AWS Account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AcceptDelegate"
},
{
"resource_types": "",
"description": "Activates users in an Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ActivateUsers"
},
{
"resource_types": "",
"description": "Adds a domain to your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddDomain"
},
{
"resource_types": "",
"description": "Adds new or updates existing Active Directory or Okta user groups associated with your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AddOrUpdateGroups"
},
{
"resource_types": "",
"description": "Authorize an Active Directory to your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AuthorizeDirectory"
},
{
"resource_types": "",
"description": "Suspends multiple users",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchSuspendUser"
},
{
"resource_types": "",
"description": "Removes the suspension of multiple users",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchUnsuspendUser"
},
{
"resource_types": "",
"description": "Updates details for multiple users",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BatchUpdateUser"
},
{
"resource_types": "",
"description": "Connects an Active Directory to your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"ds:ConnectDirectory"
],
"privilege": "ConnectDirectory"
},
{
"resource_types": "",
"description": "Creates a new Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAccount"
},
{
"resource_types": "",
"description": "Generates a new SCIM access key for your Amazon Chime account and Okta configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateApiKey"
},
{
"resource_types": "",
"description": "Creates a new Call Detail Record S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:CreateBucket",
"s3:ListAllMyBuckets"
],
"privilege": "CreateCDRBucket"
},
{
"resource_types": "",
"description": "Deletes an Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAccount"
},
{
"resource_types": "",
"description": "Deletes the OpenIdConfig attributes from your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAccountOpenIdConfig"
},
{
"resource_types": "",
"description": "Deletes the specified SCIM access key associated with your Amazon Chime account and Okta configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteApiKey"
},
{
"resource_types": "",
"description": "Deletes a Call Detail Record S3 bucket from your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:DeleteBucket"
],
"privilege": "DeleteCDRBucket"
},
{
"resource_types": "",
"description": "Deletes delegated AWS account management from your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDelegate"
},
{
"resource_types": "",
"description": "Deletes a domain from your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDomain"
},
{
"resource_types": "",
"description": "Deletes Active Directory or Okta user groups from your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroups"
},
{
"resource_types": "",
"description": "Disconnects the Active Directory from your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisconnectDirectory"
},
{
"resource_types": "",
"description": "Gets the account details for an Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccount"
},
{
"resource_types": "",
"description": "Shows the details of the account resource associated with your Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountResource"
},
{
"resource_types": "",
"description": "Shows your Amazon Chime account settings",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountSettings"
},
{
"resource_types": "",
"description": "Gets the account details and OpenIdConfig attributes for your Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetAccountWithOpenIdConfig"
},
{
"resource_types": "",
"description": "Gets the details of a Call Detail Record S3 bucket associated with your Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite"
],
"privilege": "GetCDRBucket"
},
{
"resource_types": "",
"description": "Shows domain details for a domain associated with your Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetDomain"
},
{
"resource_types": "",
"description": "Shows attendee, connection and other details for a meeting",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetMeetingDetail"
},
{
"resource_types": "",
"description": "Gets the user details for an Amazon Chime user",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUser"
},
{
"resource_types": "",
"description": "Shows summary of user activity on the user details page",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUserActivityReportData"
},
{
"resource_types": "",
"description": "Gets user details for an Amazon Chime user based on the email address in an Amazon Chime enterprise or team account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetUserByEmail"
},
{
"resource_types": "",
"description": "Sends an invitation to accept a request for AWS account delegation for an Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InviteDelegate"
},
{
"resource_types": "",
"description": "Invites new users to an Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InviteUsers"
},
{
"resource_types": "",
"description": "Lists Amazon Chime account usage reporting data",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccountUsageReportData"
},
{
"resource_types": "",
"description": "Lists the Amazon Chime accounts associated with your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccounts"
},
{
"resource_types": "",
"description": "Lists the SCIM access keys defined for your Amazon Chime account and Okta configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListApiKeys"
},
{
"resource_types": "",
"description": "Lists Call Detail Record S3 buckets",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"privilege": "ListCDRBucket"
},
{
"resource_types": "",
"description": "Lists account delegate information associated with your Amazon Chime account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDelegates"
},
{
"resource_types": "",
"description": "Lists active Active Directories hosted in the Directory Service of your AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDirectories"
},
{
"resource_types": "",
"description": "Lists domains associated with your Amazon Chime account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDomains"
},
{
"resource_types": "",
"description": "Lists Active Directory or Okta user groups associated with your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroups"
},
{
"resource_types": "",
"description": "Lists all events that occurred for a meeting",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMeetingEvents"
},
{
"resource_types": "",
"description": "Lists meetings ended during the date range",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListMeetingsReportData"
},
{
"resource_types": "",
"description": "Lists the users in an Amazon Chime account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsers"
},
{
"resource_types": "",
"description": "Spike an Amazon Chime user device",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "LogoutUser"
},
{
"resource_types": "",
"description": "Modifies the account name for your Amazon Chime enterprise or team account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RenameAccount"
},
{
"resource_types": "",
"description": "Renews the delegation request associated with an Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RenewDelegate"
},
{
"resource_types": "",
"description": "Resets the account resource in your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetAccountResource"
},
{
"resource_types": "",
"description": "Resets the personal meeting PIN for an Amazon Chime user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ResetPersonalPin"
},
{
"resource_types": "",
"description": "Downloads the file containing links to all user attachments returned as part of the \"Request attachments\" action",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "RetrieveDataExports"
},
{
"resource_types": "",
"description": "Submits the \"Request attachments\" request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDataExport"
},
{
"resource_types": "",
"description": "Submits a customer service support request",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubmitSupportRequest"
},
{
"resource_types": "",
"description": "Suspend users from an Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SuspendUsers"
},
{
"resource_types": "",
"description": "Unauthorize an Active Directory to your Amazon Chime enterprise account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnauthorizeDirectory"
},
{
"resource_types": "",
"description": "Updates an existing account's details",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccount"
},
{
"resource_types": "",
"description": "Updates the OpenIdConfig attributes for your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccountOpenIdConfig"
},
{
"resource_types": "",
"description": "Updates the account resource in your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccountResource"
},
{
"resource_types": "",
"description": "Modifies your Amazon Chime account settings",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccountSettings"
},
{
"resource_types": "",
"description": "Updates your Call Detail Record S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:ListAllMyBuckets"
],
"privilege": "UpdateCDRBucket"
},
{
"resource_types": "",
"description": "Updates the supported license tiers available for users in your Amazon Chime account",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateSupportedLicenses"
},
{
"resource_types": "",
"description": "Updates an existing user's details",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUser"
},
{
"resource_types": "",
"description": "Manages the licenses for your Amazon Chime users",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateUserLicenses"
},
{
"resource_types": "",
"description": "Validates the account resource in your Amazon Chime account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ValidateAccountResource"
}
]
},
{
"service_name": "Amazon Comprehend",
"privileges": [
{
"resource_types": "",
"description": "Detects the language or languages present in the list of text documents",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchDetectDominantLanguage"
},
{
"resource_types": "",
"description": "Detects the named entities (\"People\", \"Places\", \"Locations\", etc) within the given list of text documents",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchDetectEntities"
},
{
"resource_types": "",
"description": "Detects the phrases in the list of text documents that are most indicative of the content",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchDetectKeyPhrases"
},
{
"resource_types": "",
"description": "Detects the sentiment of a text in the list of documents (Positive, Negative, Neutral, or Mixed",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchDetectSentiment"
},
{
"resource_types": "",
"description": "Detects syntactic information (like Part of Speech, Tokens) in a list of text documents",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "BatchDetectSyntax"
},
{
"resource_types": "document-classifier",
"description": "Creates a new document classifier that you can use to categorize documents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateDocumentClassifier"
},
{
"resource_types": "entity-recognizer",
"description": "Creates an entity recognizer using submitted files",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEntityRecognizer"
},
{
"resource_types": "document-classifier",
"description": "Deletes a previously created document classifier",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDocumentClassifier"
},
{
"resource_types": "entity-recognizer",
"description": "Deletes a submitted entity recognizer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEntityRecognizer"
},
{
"resource_types": "",
"description": "Gets the properties associated with a document classification job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDocumentClassificationJob"
},
{
"resource_types": "document-classifier",
"description": "Gets the properties associated with a document classifier",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDocumentClassifier"
},
{
"resource_types": "",
"description": "Gets the properties associated with a dominant language detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDominantLanguageDetectionJob"
},
{
"resource_types": "",
"description": "Gets the properties associated with an entities detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEntitiesDetectionJob"
},
{
"resource_types": "entity-recognizer",
"description": "Provides details about an entity recognizer including status, S3 buckets containing training data, recognizer metadata, metrics, and so on",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEntityRecognizer"
},
{
"resource_types": "",
"description": "Gets the properties associated with a key phrases detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeKeyPhrasesDetectionJob"
},
{
"resource_types": "",
"description": "Gets the properties associated with a sentiment detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeSentimentDetectionJob"
},
{
"resource_types": "",
"description": "Gets the properties associated with a topic detection job",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeTopicsDetectionJob"
},
{
"resource_types": "",
"description": "Detects the language or languages present in the text",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectDominantLanguage"
},
{
"resource_types": "",
"description": "Detects the named entities (\"People\", \"Places\", \"Locations\", etc) within the given text document",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectEntities"
},
{
"resource_types": "",
"description": "Detects the phrases in the text that are most indicative of the content",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectKeyPhrases"
},
{
"resource_types": "",
"description": "Detects the sentiment of a text in a document (Positive, Negative, Neutral, or Mixed",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectSentiment"
},
{
"resource_types": "",
"description": "Detects syntactic information (like Part of Speech, Tokens) in a text document",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DetectSyntax"
},
{
"resource_types": "",
"description": "Gets a list of the document classification jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDocumentClassificationJobs"
},
{
"resource_types": "",
"description": "Gets a list of the document classifiers that you have created",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDocumentClassifiers"
},
{
"resource_types": "",
"description": "Gets a list of the dominant language detection jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDominantLanguageDetectionJobs"
},
{
"resource_types": "",
"description": "Gets a list of the entity detection jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEntitiesDetectionJobs"
},
{
"resource_types": "",
"description": "Gets a list of the properties of all entity recognizers that you created, including recognizers currently in training",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEntityRecognizers"
},
{
"resource_types": "",
"description": "Get a list of key phrase detection jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListKeyPhrasesDetectionJobs"
},
{
"resource_types": "",
"description": "Gets a list of sentiment detection jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListSentimentDetectionJobs"
},
{
"resource_types": "",
"description": "Gets a list of the topic detection jobs that you have submitted",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListTopicsDetectionJobs"
},
{
"resource_types": "document-classifier",
"description": "Starts an asynchronous document classification job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDocumentClassificationJob"
},
{
"resource_types": "",
"description": "Starts an asynchronous dominant language detection job for a collection of documents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartDominantLanguageDetectionJob"
},
{
"resource_types": "",
"description": "Starts an asynchronous entity detection job for a collection of documents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartEntitiesDetectionJob"
},
{
"resource_types": "",
"description": "Starts an asynchronous key phrase detection job for a collection of documents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartKeyPhrasesDetectionJob"
},
{
"resource_types": "",
"description": "Starts an asynchronous sentiment detection job for a collection of documents",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartSentimentDetectionJob"
},
{
"resource_types": "",
"description": "Starts an asynchronous job to detect the most common topics in the collection of documents and the phrases associated with each topic",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StartTopicsDetectionJob"
},
{
"resource_types": "",
"description": "Stops a dominant language detection job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopDominantLanguageDetectionJob"
},
{
"resource_types": "",
"description": "Stops an entity detection job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopEntitiesDetectionJob"
},
{
"resource_types": "",
"description": "Stops a key phrase detection job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopKeyPhrasesDetectionJob"
},
{
"resource_types": "",
"description": "Stops a sentiment detection job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopSentimentDetectionJob"
},
{
"resource_types": "document-classifier",
"description": "Stop a previously created document classifier training job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopTrainingDocumentClassifier"
},
{
"resource_types": "entity-recognizer",
"description": "Stop a previously created entity recognizer training job",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "StopTrainingEntityRecognizer"
}
]
},
{
"service_name": "Global Accelerator",
"privileges": [
{
"resource_types": "",
"description": "Create an accelerator",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAccelerator"
},
{
"resource_types": "listener",
"description": "Add an endpoint group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateEndpointGroup"
},
{
"resource_types": "accelerator",
"description": "Add a listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateListener"
},
{
"resource_types": "accelerator",
"description": "Delete the accelerator",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteAccelerator"
},
{
"resource_types": "endpointgroup",
"description": "Delete the endpoint group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteEndpointGroup"
},
{
"resource_types": "listener",
"description": "Delete the listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteListener"
},
{
"resource_types": "accelerator",
"description": "Describe the accelerator",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAccelerator"
},
{
"resource_types": "accelerator",
"description": "Describe the accelerator Attributes",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeAcceleratorAttributes"
},
{
"resource_types": "endpointgroup",
"description": "Describe the endpoint group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeEndpointGroup"
},
{
"resource_types": "listener",
"description": "Describe the listener",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeListener"
},
{
"resource_types": "",
"description": "List the accelerators",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAccelerators"
},
{
"resource_types": "listener",
"description": "List the endpoint groups",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListEndpointGroups"
},
{
"resource_types": "accelerator",
"description": "List the listeners",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListListeners"
},
{
"resource_types": "accelerator",
"description": "Update the accelerator",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAccelerator"
},
{
"resource_types": "accelerator",
"description": "Update the accelerator attributes",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateAcceleratorAttributes"
},
{
"resource_types": "endpointgroup",
"description": "Update the endpoint group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateEndpointGroup"
},
{
"resource_types": "listener",
"description": "Update the listener",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateListener"
}
]
},
{
"service_name": "Amazon Cognito Sync",
"privileges": [
{
"resource_types": "identitypool",
"description": "Initiates a bulk publish of all existing datasets for an Identity Pool to the configured stream",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "BulkPublish"
},
{
"resource_types": "dataset",
"description": "Deletes the specific dataset",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteDataset"
},
{
"resource_types": "dataset",
"description": "Gets meta data about a dataset by identity and dataset name",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeDataset"
},
{
"resource_types": "identitypool",
"description": "Gets usage details (for example, data storage) about a particular identity pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeIdentityPoolUsage"
},
{
"resource_types": "identity",
"description": "Gets usage information for an identity, including number of datasets and data usage",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeIdentityUsage"
},
{
"resource_types": "identitypool",
"description": "Get the status of the last BulkPublish operation for an identity pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetBulkPublishDetails"
},
{
"resource_types": "identitypool",
"description": "Gets the events and the corresponding Lambda functions associated with an identity pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetCognitoEvents"
},
{
"resource_types": "identitypool",
"description": "Gets the configuration settings of an identity pool",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetIdentityPoolConfiguration"
},
{
"resource_types": "dataset",
"description": "Lists datasets for an identity",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListDatasets"
},
{
"resource_types": "identitypool",
"description": "Gets a list of identity pools registered with Cognito",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListIdentityPoolUsage"
},
{
"resource_types": "dataset",
"description": "Gets paginated records, optionally changed after a particular sync count for a dataset and identity",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListRecords"
},
{
"resource_types": "identity",
"description": "Registers a device to receive push sync notifications",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterDevice"
},
{
"resource_types": "identitypool",
"description": "Sets the AWS Lambda function for a given event type for an identity pool",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetCognitoEvents"
},
{
"resource_types": "identitypool",
"description": "Sets the necessary configuration for push sync",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetIdentityPoolConfiguration"
},
{
"resource_types": "dataset",
"description": "Subscribes to receive notifications when a dataset is modified by another device",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SubscribeToDataset"
},
{
"resource_types": "dataset",
"description": "Unsubscribes from receiving notifications when a dataset is modified by another device",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UnsubscribeFromDataset"
},
{
"resource_types": "dataset",
"description": "Posts updates to records and adds and deletes records for a dataset and user",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateRecords"
}
]
},
{
"service_name": "AWS CloudHSM",
"privileges": [
{
"resource_types": "",
"description": "Adds or overwrites one or more tags for the specified AWS CloudHSM resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "AddTagsToResource"
},
{
"resource_types": "",
"description": "Creates a new AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateCluster"
},
{
"resource_types": "",
"description": "Creates a high-availability partition group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHapg"
},
{
"resource_types": "",
"description": "Creates a new hardware security module (HSM) in the specified AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateHsm"
},
{
"resource_types": "",
"description": "Creates an HSM client",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateLunaClient"
},
{
"resource_types": "",
"description": "Deletes the specified AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteCluster"
},
{
"resource_types": "",
"description": "Deletes a high-availability partition group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHapg"
},
{
"resource_types": "",
"description": "Deletes the specified HSM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteHsm"
},
{
"resource_types": "",
"description": "Deletes a client",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteLunaClient"
},
{
"resource_types": "",
"description": "Gets information about backups of AWS CloudHSM clusters",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBackups"
},
{
"resource_types": "",
"description": "Gets information about AWS CloudHSM clusters",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeClusters"
},
{
"resource_types": "",
"description": "Retrieves information about a high-availability partition group",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHapg"
},
{
"resource_types": "",
"description": "Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeHsm"
},
{
"resource_types": "",
"description": "Retrieves information about an HSM client",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeLunaClient"
},
{
"resource_types": "",
"description": "Gets the configuration files necessary to connect to all high availability partition groups the client is associated with",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetConfig"
},
{
"resource_types": "",
"description": "Claims an AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InitializeCluster"
},
{
"resource_types": "",
"description": "Lists the Availability Zones that have available AWS CloudHSM capacity",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAvailableZones"
},
{
"resource_types": "",
"description": "Lists the high-availability partition groups for the account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHapgs"
},
{
"resource_types": "",
"description": "Retrieves the identifiers of all of the HSMs provisioned for the current customer",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListHsms"
},
{
"resource_types": "",
"description": "Lists all of the clients",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListLunaClients"
},
{
"resource_types": "",
"description": "Gets a list of tags for the specified AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTags"
},
{
"resource_types": "",
"description": "Returns a list of all tags for the specified AWS CloudHSM resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "",
"description": "Modifies an existing high-availability partition group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyHapg"
},
{
"resource_types": "",
"description": "Modifies an HSM",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyHsm"
},
{
"resource_types": "",
"description": "Modifies the certificate used by the client",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ModifyLunaClient"
},
{
"resource_types": "",
"description": "Removes one or more tags from the specified AWS CloudHSM resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "RemoveTagsFromResource"
},
{
"resource_types": "",
"description": "Adds or overwrites one or more tags for the specified AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "",
"description": "Removes the specified tag or tags from the specified AWS CloudHSM cluster",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
}
]
},
{
"service_name": "Amazon QuickSight",
"privileges": [
{
"resource_types": "user",
"description": "CreateAdmin enables the user to provision Amazon QuickSight administrators, authors, and readers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateAdmin"
},
{
"resource_types": "group",
"description": "Create a QuickSight group",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGroup"
},
{
"resource_types": "group",
"description": "Add a QuickSight user to a QuickSight group",
"condition_keys": [
"quicksight:UserName"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateGroupMembership"
},
{
"resource_types": "user",
"description": "CreateReader enables the user to provision Amazon QuickSight readers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateReader"
},
{
"resource_types": "user",
"description": "CreateUser enables the user to provision Amazon QuickSight authors and readers",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateUser"
},
{
"resource_types": "group",
"description": "Remove a user group from QuickSight",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroup"
},
{
"resource_types": "group",
"description": "Remove a user from a group so that he/she is no longer a member of the group",
"condition_keys": [
"quicksight:UserName"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteGroupMembership"
},
{
"resource_types": "user",
"description": "Delete the QuickSight user that is associated with the identity of the IAM user/role making the call. The IAM user is not deleted as a result of this call",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteUser"
},
{
"resource_types": "group",
"description": "Return a QuickSight group’s description and ARN",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeGroup"
},
{
"resource_types": "user",
"description": "Return information about a user, given the user name",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeUser"
},
{
"resource_types": "",
"description": "GetGroupMapping is used only in Amazon QuickSight Enterprise edition accounts. It enables the user to use Amazon QuickSight to identify and display the Microsoft Active Directory (Microsoft Active Directory) directory groups that are mapped to roles in Amazon QuickSight",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GetGroupMapping"
},
{
"resource_types": "group",
"description": "Return a list of member users in a group",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroupMemberships"
},
{
"resource_types": "group",
"description": "Get a list of all user groups in QuickSight",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListGroups"
},
{
"resource_types": "user",
"description": "Return a list of groups that a given user is a member of",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUserGroups"
},
{
"resource_types": "user",
"description": "Return a list of all of the QuickSight users belonging to this account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListUsers"
},
{
"resource_types": "user",
"description": "Create a QuickSight user, whose identity is associated with the IAM identity/role specified in the request",
"condition_keys": [
"quicksight:IamArn",
"quicksight:SessionName"
],
"access_level": "Write",
"dependent_actions": [],
"privilege": "RegisterUser"
},
{
"resource_types": "",
"description": "SearchDirectoryGroups is used only in Amazon QuickSight Enterprise edition accounts. It enables the user to use Amazon QuickSight to display your Microsoft Active Directory directory groups so that you can choose which ones to map to roles in Amazon QuickSight",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SearchDirectoryGroups"
},
{
"resource_types": "",
"description": "SearchDirectoryGroups is used only in Amazon QuickSight Enterprise edition accounts. It enables the user to use Amazon QuickSight to display your Microsoft Active Directory directory groups so that you can choose which ones to map to roles in Amazon QuickSight",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SetGroupMapping"
},
{
"resource_types": "",
"description": "Subscribe enables the user to subscribe to Amazon QuickSight. Enabling this action also allows the user to upgrade the subscription to Enterprise edition",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Subscribe"
},
{
"resource_types": "",
"description": "Unsubscribe enables the user to unsubscribe from Amazon QuickSight, which permanently deletes all users and their resources from Amazon QuickSight",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "Unsubscribe"
},
{
"resource_types": "group",
"description": "Change group description",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateGroup"
}
]
},
{
"service_name": "Amazon Route 53 Resolver",
"privileges": [
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to associate a specified IP address with a resolver endpoint. This is an IP address that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateResolverEndpointIpAddress"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to associate a specified resolver rule with a specified VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateResolverRule"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to create a resolver endpoint. There are two types of resolver endpoints, inbound and outbound",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateResolverEndpoint"
},
{
"resource_types": "resolver-rule",
"description": "For DNS queries that originate in your VPC, grants permission to define how to route the queries out of the VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateResolverRule"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to delete a resolver endpoint. The effect of deleting a resolver endpoint depends on whether it's an inbound or an outbound resolver endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteResolverEndpoint"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to delete a resolver rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteResolverRule"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to remove a specified IP address from a resolver endpoint. This is an IP address that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateResolverEndpointIpAddress"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to remove the association between a specified resolver rule and a specified VPC",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DisassociateResolverRule"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to get information about a specified resolver endpoint, such as whether it's an inbound or an outbound resolver endpoint, and the IP addresses in your VPC that DNS queries are forwarded to on the way into or out of your VPC",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetResolverEndpoint"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to get information about a specified resolver rule, such as the domain name that the rule forwards DNS queries for and the IP address that queries are forwarded to",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetResolverRule"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to get information about an association between a specified resolver rule and a VPC",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetResolverRuleAssociation"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to get information about a resolver rule policy",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetResolverRulePolicy"
},
{
"resource_types": "resolver-endpoint",
"description": "For a specified resolver endpoint, grants permission to list the IP addresses that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResolverEndpointIpAddresses"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to list all the resolver endpoints that were created using the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResolverEndpoints"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to list the associations that were created between resolver rules and VPCs using the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResolverRuleAssociations"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to list the resolver rules that were created using the current AWS account",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListResolverRules"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to list the tags that you associated with the specified resource",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ListTagsForResource"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to specify the Resolver operations and resources that you want to allow another AWS account to use",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "PutResolverRulePolicy"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to add one or more tags to a specified resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "TagResource"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to remove one or more tags from a specified resource",
"condition_keys": [],
"access_level": "Tagging",
"dependent_actions": [],
"privilege": "UntagResource"
},
{
"resource_types": "resolver-endpoint",
"description": "Grants permission to update selected settings for an inbound or an outbound resolver endpoint",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateResolverEndpoint"
},
{
"resource_types": "resolver-rule",
"description": "Grants permission to update settings for a specified resolver rule",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateResolverRule"
}
]
},
{
"service_name": "AWS Mobile Hub",
"privileges": [
{
"resource_types": "",
"description": "Create a project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateProject"
},
{
"resource_types": "",
"description": "Enable AWS Mobile Hub in the account by creating the required service role",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CreateServiceRole"
},
{
"resource_types": "project",
"description": "Delete the specified project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProject"
},
{
"resource_types": "",
"description": "Delete a saved snapshot of project configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeleteProjectSnapshot"
},
{
"resource_types": "",
"description": "Deploy changes to the specified stage",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "DeployToStage"
},
{
"resource_types": "",
"description": "Describe the download bundle",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "DescribeBundle"
},
{
"resource_types": "",
"description": "Export the download bundle",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ExportBundle"
},
{
"resource_types": "project",
"description": "Export the project configuration",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "ExportProject"
},
{
"resource_types": "project",
"description": "Generate project parameters required for code generation",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "GenerateProjectParameters"
},
{
"resource_types": "project",
"description": "Get project configuration and resources",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetProject"
},
{
"resource_types": "",
"description": "Fetch the previously exported project configuration snapshot",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "GetProjectSnapshot"
},
{
"resource_types": "",
"description": "Create a new project from the previously exported project configuration",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "ImportProject"
},
{
"resource_types": "",
"description": "Install a bundle in the project deployments S3 bucket",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "InstallBundle"
},
{
"resource_types": "",
"description": "List the available SaaS (Software as a Service) connectors",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAvailableConnectors"
},
{
"resource_types": "",
"description": "List available features",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAvailableFeatures"
},
{
"resource_types": "",
"description": "List available regions for projects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListAvailableRegions"
},
{
"resource_types": "",
"description": "List the available download bundles",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListBundles"
},
{
"resource_types": "",
"description": "List saved snapshots of project configuration",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProjectSnapshots"
},
{
"resource_types": "",
"description": "List projects",
"condition_keys": [],
"access_level": "List",
"dependent_actions": [],
"privilege": "ListProjects"
},
{
"resource_types": "project",
"description": "Synchronize state of resources into project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "SynchronizeProject"
},
{
"resource_types": "project",
"description": "Update project",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "UpdateProject"
},
{
"resource_types": "",
"description": "Verify AWS Mobile Hub is enabled in the account",
"condition_keys": [],
"access_level": "Read",
"dependent_actions": [],
"privilege": "VerifyServiceRole"
}
]
},
{
"service_name": "AWS OpsWorks",
"privileges": [
{
"resource_types": "stack",
"description": "Assign a registered instance to a layer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssignInstance"
},
{
"resource_types": "stack",
"description": "Assigns one of the stack's registered Amazon EBS volumes to a specified instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssignVolume"
},
{
"resource_types": "stack",
"description": "Associates one of the stack's registered Elastic IP addresses with a specified instance",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AssociateElasticIp"
},
{
"resource_types": "stack",
"description": "Attaches an Elastic Load Balancing load balancer to a specified layer",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "AttachElasticLoadBalancer"
},
{
"resource_types": "stack",
"description": "Creates a clone of a specified stack",
"condition_keys": [],
"access_level": "Write",
"dependent_actions": [],
"privilege": "CloneStack"
},
{
"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment