|
[ |
|
{ |
|
"service_name": "AWS Config", |
|
"privileges": [ |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns the current configuration items for resources that are present in your AWS Config aggregator", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "BatchGetAggregateResourceConfig" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the current configuration for one or more requested resources", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "BatchGetResourceConfig" |
|
}, |
|
{ |
|
"resource_types": "AggregationAuthorization", |
|
"description": "Deletes the authorization granted to the specified configuration aggregator account in a specified region", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteAggregationAuthorization" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Deletes the specified AWS Config rule and all of its evaluation results", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteConfigRule" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Deletes the specified configuration aggregator and the aggregated data associated with the aggregator", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteConfigurationAggregator" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes the configuration recorder", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteConfigurationRecorder" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes the delivery channel", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteDeliveryChannel" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Deletes the evaluation results for the specified Config rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteEvaluationResults" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes pending authorization requests for a specified aggregator account in a specified region", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeletePendingAggregationRequest" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes the retention configuration", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRetentionConfiguration" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DeliverConfigSnapshot" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeAggregateComplianceByConfigRules" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of authorizations granted to various aggregator accounts and regions", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeAggregationAuthorizations" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Indicates whether the specified AWS Config rules are compliant", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeComplianceByConfigRule" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Indicates whether the specified AWS resources are compliant", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeComplianceByResource" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Returns status information for each of your AWS managed Config rules", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigRuleEvaluationStatus" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Returns details about your AWS Config rules", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigRules" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns status information for sources within an aggregator", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigurationAggregatorSourcesStatus" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the details of one or more configuration aggregators", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigurationAggregators" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the current status of the specified configuration recorder", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigurationRecorderStatus" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the name of one or more specified configuration recorders", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConfigurationRecorders" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the current status of the specified delivery channel", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeDeliveryChannelStatus" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns details about the specified delivery channel", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeDeliveryChannels" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of all pending aggregation requests", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribePendingAggregationRequests" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the details of one or more retention configurations", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeRetentionConfigurations" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns the evaluation results for the specified AWS Config rule for a specific resource in a rule", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetAggregateComplianceDetailsByConfigRule" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetAggregateConfigRuleComplianceSummary" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns the resource counts across accounts and regions that are present in your AWS Config aggregator", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetAggregateDiscoveredResourceCounts" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Returns configuration item that is aggregated for your specific resource in a specific source account and region", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetAggregateResourceConfig" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Returns the evaluation results for the specified AWS Config rule", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetComplianceDetailsByConfigRule" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the evaluation results for the specified AWS resource", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetComplianceDetailsByResource" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetComplianceSummaryByConfigRule" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the number of resources that are compliant and the number that are noncompliant", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetComplianceSummaryByResourceType" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetDiscoveredResourceCounts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of configuration items for the specified resource", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetResourceConfigHistory" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListAggregateDiscoveredResources" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Accepts a resource type and returns a list of resource identifiers for the resources of that type", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListDiscoveredResources" |
|
}, |
|
{ |
|
"resource_types": "AggregationAuthorization", |
|
"description": "Authorizes the aggregator account and region to collect data from the source account and region", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutAggregationAuthorization" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutConfigRule" |
|
}, |
|
{ |
|
"resource_types": "ConfigurationAggregator", |
|
"description": "Creates and updates the configuration aggregator with the selected source accounts and regions", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutConfigurationAggregator" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a new configuration recorder to record the selected resource configurations", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutConfigurationRecorder" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutDeliveryChannel" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Used by an AWS Lambda function to deliver evaluation results to AWS Config", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutEvaluations" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates and updates the retention configuration with details about retention period (number of days) that AWS Config stores your historical information", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutRetentionConfiguration" |
|
}, |
|
{ |
|
"resource_types": "ConfigRule", |
|
"description": "Evaluates your resources against the specified Config rules", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "StartConfigRulesEvaluation" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Starts recording configurations of the AWS resources you have selected to record in your AWS account", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "StartConfigurationRecorder" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Stops recording configurations of the AWS resources you have selected to record in your AWS account", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "StopConfigurationRecorder" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "AWS Service Catalog", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Accepts a portfolio that has been shared with you", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AcceptPortfolioShare" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Associates an IAM principal with a portfolio, giving the specified principal access to any products associated with the specified portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AssociatePrincipalWithPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Associates a product with a portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AssociateProductWithPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a constraint on an associated product and portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateConstraint" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a portfolio", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "CreatePortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Shares a portfolio you own with another AWS account", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "CreatePortfolioShare" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a product and that product's first provisioning artifact", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "CreateProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Adds a new provisioned product plan", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "CreateProvisionedProductPlan" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Adds a new provisioning artifact to an existing product", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateProvisioningArtifact" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Removes and deletes an existing constraint from an associated product and portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteConstraint" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a portfolio if all associations and shares have been removed from the portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeletePortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Unshares a portfolio you own from an AWS account you previously shared the portfolio with", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "DeletePortfolioShare" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a product if all associations have been removed from the product", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a provisioned product plan", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteProvisionedProductPlan" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a provisioning artifact from a product", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteProvisioningArtifact" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a constraint", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeConstraint" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a portfolio", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribePortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a product as an end-user", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a product as an admin", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProductAsAdmin" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a product as an end-user", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProductView" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a provisioned product", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProvisionedProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a provisioned product plan", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProvisionedProductPlan" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a provisioning artifact", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProvisioningArtifact" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the parameters that you need to specify to successfully provision a specified provisioning artifact", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeProvisioningParameters" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes a record and lists any outputs", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeRecord" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Disassociates an IAM principal from a portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DisassociatePrincipalFromPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Disassociates a product from a portfolio", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DisassociateProductFromPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Executes a provisioned product plan", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "ExecuteProvisionedProductPlan" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Executes a provisioned product plan", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "ExecuteProvisionedProductServiceAction" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the portfolios that have been shared with you and you have accepted", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListAcceptedPortfolioShares" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists constraints associated with a given portfolio", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListConstraintsForPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the different ways to launch a given product as an end-user", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListLaunchPaths" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the AWS accounts you have shared a given portfolio with", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListPortfolioAccess" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the portfolios in your account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListPortfolios" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the portfolios associated with a given product", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListPortfoliosForProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the IAM principals associated with a given portfolio", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListPrincipalsForPortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the provisioned product plans", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListProvisionedProductPlans" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the provisioning artifacts associated with a given product", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListProvisioningArtifacts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the records in your account or all the records related to a given provisioned product", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRecordHistory" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the service actions in your account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListServiceActionsForProvisioningArtifact" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provisions a product with a specified provisioning artifact and launch parameters", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "ProvisionProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Rejects a portfolio that has been shared with you that you previously accepted", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RejectPortfolioShare" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the provisioned products in your account", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ScanProvisionedProducts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the products available to you as an end-user", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "SearchProducts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the products in your account or all the products associated with a given portfolio", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "SearchProductsAsAdmin" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the provisioned products in your account", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "SearchProvisionedProducts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Terminates an existing provisioned product", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "TerminateProvisionedProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Updates the metadata fields of an existing constraint", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateConstraint" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Updates the metadata fields and/or tags of an existing portfolio", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "UpdatePortfolio" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Updates the metadata fields and/or tags of an existing product", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "UpdateProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Updates an existing provisioned product", |
|
"condition_keys": [ |
|
"servicecatalog:accountLevel", |
|
"servicecatalog:roleLevel", |
|
"servicecatalog:userLevel" |
|
], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateProvisionedProduct" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Updates the metadata fields of an existing provisioning artifact", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateProvisioningArtifact" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "AWS WAF", |
|
"privileges": [ |
|
{ |
|
"resource_types": "bytematchset", |
|
"description": "Creates a ByteMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateByteMatchSet" |
|
}, |
|
{ |
|
"resource_types": "geomatchset", |
|
"description": "Creates a GeoMatchSet, which you use to specify which web requests you want to allow or block based on the country that the requests originate from", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateGeoMatchSet" |
|
}, |
|
{ |
|
"resource_types": "ipset", |
|
"description": "Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateIPSet" |
|
}, |
|
{ |
|
"resource_types": "ratebasedrule", |
|
"description": "Creates a RateBasedRule, which contains a RateLimit specifying the maximum number of requests that AWS WAF allows from a specified IP address in a five-minute period", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRateBasedRule" |
|
}, |
|
{ |
|
"resource_types": "regexmatchset", |
|
"description": "Creates a RegexMatchSet, which you use to specify which web requests you want to allow or block based on the regex patterns you specified in a RegexPatternSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRegexMatchSet" |
|
}, |
|
{ |
|
"resource_types": "regexpatternset", |
|
"description": "Creates a RegexPatternSet, which you use to specify the regular expression (regex) pattern that you want AWS WAF to search for", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRegexPatternSet" |
|
}, |
|
{ |
|
"resource_types": "rule", |
|
"description": "Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to block", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRule" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Creates a RuleGroup. A rule group is a collection of predefined rules that you add to a WebACL", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRuleGroup" |
|
}, |
|
{ |
|
"resource_types": "sizeconstraintset", |
|
"description": "Creates a SizeConstraintSet, which you use to identify the part of a web request that you want to check for length", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateSizeConstraintSet" |
|
}, |
|
{ |
|
"resource_types": "sqlinjectionmatchset", |
|
"description": "Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateSqlInjectionMatchSet" |
|
}, |
|
{ |
|
"resource_types": "webacl", |
|
"description": "Creates a WebACL, which contains the Rules that identify the CloudFront web requests that you want to allow, block, or count", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "CreateWebACL" |
|
}, |
|
{ |
|
"resource_types": "xssmatchset", |
|
"description": "Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateXssMatchSet" |
|
}, |
|
{ |
|
"resource_types": "bytematchset", |
|
"description": "Permanently deletes a ByteMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteByteMatchSet" |
|
}, |
|
{ |
|
"resource_types": "geomatchset", |
|
"description": "Permanently deletes an GeoMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteGeoMatchSet" |
|
}, |
|
{ |
|
"resource_types": "ipset", |
|
"description": "Permanently deletes an IPSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteIPSet" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Permanently deletes an IAM policy from the specified RuleGroup", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "DeletePermissionPolicy" |
|
}, |
|
{ |
|
"resource_types": "ratebasedrule", |
|
"description": "Permanently deletes a RateBasedRule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRateBasedRule" |
|
}, |
|
{ |
|
"resource_types": "regexmatchset", |
|
"description": "Permanently deletes an RegexMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRegexMatchSet" |
|
}, |
|
{ |
|
"resource_types": "regexpatternset", |
|
"description": "Permanently deletes an RegexPatternSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRegexPatternSet" |
|
}, |
|
{ |
|
"resource_types": "rule", |
|
"description": "Permanently deletes a Rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRule" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Permanently deletes a RuleGroup", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRuleGroup" |
|
}, |
|
{ |
|
"resource_types": "sizeconstraintset", |
|
"description": "Permanently deletes a SizeConstraintSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteSizeConstraintSet" |
|
}, |
|
{ |
|
"resource_types": "sqlinjectionmatchset", |
|
"description": "Permanently deletes a SqlInjectionMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteSqlInjectionMatchSet" |
|
}, |
|
{ |
|
"resource_types": "webacl", |
|
"description": "Permanently deletes a WebACL", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "DeleteWebACL" |
|
}, |
|
{ |
|
"resource_types": "xssmatchset", |
|
"description": "Permanently deletes an XssMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteXssMatchSet" |
|
}, |
|
{ |
|
"resource_types": "bytematchset", |
|
"description": "Returns the ByteMatchSet specified by ByteMatchSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetByteMatchSet" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetChangeToken" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the status of a ChangeToken that you got by calling GetChangeToken", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetChangeTokenStatus" |
|
}, |
|
{ |
|
"resource_types": "geomatchset", |
|
"description": "Returns the GeoMatchSet specified by GeoMatchSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetGeoMatchSet" |
|
}, |
|
{ |
|
"resource_types": "ipset", |
|
"description": "Returns the IPSet that is specified by IPSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetIPSet" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Returns the IAM policy attached to the RuleGroup", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetPermissionPolicy" |
|
}, |
|
{ |
|
"resource_types": "ratebasedrule", |
|
"description": "Returns the RateBasedRule that is specified by the RuleId that you included in the GetRateBasedRule request", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRateBasedRule" |
|
}, |
|
{ |
|
"resource_types": "ratebasedrule", |
|
"description": "Returns an array of IP addresses currently being blocked by the RateBasedRule that is specified by the RuleId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRateBasedRuleManagedKeys" |
|
}, |
|
{ |
|
"resource_types": "regexmatchset", |
|
"description": "Returns the RegexMatchSet specified by RegexMatchSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRegexMatchSet" |
|
}, |
|
{ |
|
"resource_types": "regexpatternset", |
|
"description": "Returns the RegexPatternSet specified by RegexPatternSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRegexPatternSet" |
|
}, |
|
{ |
|
"resource_types": "rule", |
|
"description": "Returns the Rule that is specified by the RuleId that you included in the GetRule request", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRule" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Returns the RuleGroup that is specified by the RuleGroupId that you included in the GetRuleGroup request", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetRuleGroup" |
|
}, |
|
{ |
|
"resource_types": "rule", |
|
"description": "Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetSampledRequests" |
|
}, |
|
{ |
|
"resource_types": "sizeconstraintset", |
|
"description": "Returns the SizeConstraintSet specified by SizeConstraintSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetSizeConstraintSet" |
|
}, |
|
{ |
|
"resource_types": "sqlinjectionmatchset", |
|
"description": "Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetSqlInjectionMatchSet" |
|
}, |
|
{ |
|
"resource_types": "webacl", |
|
"description": "Returns the WebACL that is specified by WebACLId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetWebACL" |
|
}, |
|
{ |
|
"resource_types": "xssmatchset", |
|
"description": "Returns the XssMatchSet that is specified by XssMatchSetId", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetXssMatchSet" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of ActivatedRule objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListActivatedRulesInRuleGroup" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of ByteMatchSetSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListByteMatchSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of GeoMatchSetSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListGeoMatchSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of IPSetSummary objects in the response", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListIPSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RuleSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRateBasedRules" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RegexMatchSetSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRegexMatchSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RegexPatternSetSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRegexPatternSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RuleGroup objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRuleGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RuleSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListRules" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of SizeConstraintSetSummary objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSizeConstraintSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of SqlInjectionMatchSet objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSqlInjectionMatchSets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of RuleGroup objects that you are subscribed to", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSubscribedRuleGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of WebACLSummary objects in the response", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListWebACLs" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns an array of XssMatchSet objects", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListXssMatchSets" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "PutPermissionPolicy" |
|
}, |
|
{ |
|
"resource_types": "bytematchset", |
|
"description": "Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateByteMatchSet" |
|
}, |
|
{ |
|
"resource_types": "geomatchset", |
|
"description": "Inserts or deletes GeoMatchConstraint objects in a GeoMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateGeoMatchSet" |
|
}, |
|
{ |
|
"resource_types": "ipset", |
|
"description": "Inserts or deletes IPSetDescriptor objects in an IPSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateIPSet" |
|
}, |
|
{ |
|
"resource_types": "ratebasedrule", |
|
"description": "Inserts or deletes Predicate objects in a rule and updates the RateLimit in the rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateRateBasedRule" |
|
}, |
|
{ |
|
"resource_types": "regexmatchset", |
|
"description": "Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateRegexMatchSet" |
|
}, |
|
{ |
|
"resource_types": "regexpatternset", |
|
"description": "Inserts or deletes RegexPatternStrings in a RegexPatternSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateRegexPatternSet" |
|
}, |
|
{ |
|
"resource_types": "rule", |
|
"description": "Inserts or deletes Predicate objects in a Rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateRule" |
|
}, |
|
{ |
|
"resource_types": "rulegroup", |
|
"description": "Inserts or deletes ActivatedRule objects in a RuleGroup", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateRuleGroup" |
|
}, |
|
{ |
|
"resource_types": "sizeconstraintset", |
|
"description": "Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateSizeConstraintSet" |
|
}, |
|
{ |
|
"resource_types": "sqlinjectionmatchset", |
|
"description": "Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateSqlInjectionMatchSet" |
|
}, |
|
{ |
|
"resource_types": "webacl", |
|
"description": "Inserts or deletes ActivatedRule objects in a WebACL", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "UpdateWebACL" |
|
}, |
|
{ |
|
"resource_types": "xssmatchset", |
|
"description": "Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateXssMatchSet" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon Elastic MapReduce", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Adds instance groups to a running cluster", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AddInstanceGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Adds new steps to a running job flow", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AddJobFlowSteps" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Adds tags to an Amazon EMR resource", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "AddTags" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Cancels a pending step or steps in a running cluster", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CancelSteps" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a security configuration which is stored in the service", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateSecurityConfiguration" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a security configuration", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteSecurityConfiguration" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides cluster-level details including status, hardware and software configuration, VPC settings, and so on", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeCluster" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides the details of a security configuration by returning the configuration JSON", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeSecurityConfiguration" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides more detail about the cluster step", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeStep" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides information about the bootstrap actions associated with a cluster", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListBootstrapActions" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides the status of all clusters visible to this AWS account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListClusters" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides all available details about the instance groups in a cluster", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListInstanceGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when it creates the cluster", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListInstances" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists all the security configurations visible to this account, providing their creation dates and times, and their names", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSecurityConfigurations" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Provides a list of steps for the cluster", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSteps" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Modifies the number of nodes and configuration settings of an instance group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyInstanceGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Modifies the number of nodes and configuration settings of an instance group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutAutoScalingPolicy" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Removes an automatic scaling policy from a specified instance group within an EMR cluster", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RemoveAutoScalingPolicy" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Removes tags from an Amazon EMR resource", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "RemoveTags" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates and starts running a new job flow", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "RunJobFlow" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Locks a job flow so the Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetTerminationProtection" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Sets whether all AWS Identity and Access Management (IAM) users under your account can access the specified job flows", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetVisibleToAllUsers" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Shuts a list of job flows down", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "TerminateJobFlows" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "AWS Serverless Application Repository", |
|
"privileges": [] |
|
}, |
|
{ |
|
"service_name": "Amazon WorkSpaces", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Creates tags for a WorkSpace", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "CreateTags" |
|
}, |
|
{ |
|
"resource_types": "workspacebundle", |
|
"description": "Creates one or more WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes tags from a Workspace", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteTags" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes tags for a WorkSpace", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeTags" |
|
}, |
|
{ |
|
"resource_types": "workspacebundle", |
|
"description": "Obtains information about the WorkSpace bundles that are available to your account in the specified region", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeWorkspaceBundles" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Retrieves information about the AWS Directory Service directories in the region that are registered with Amazon WorkSpaces and are available to your account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeWorkspaceDirectories" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Obtains information about the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "DescribeWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the connection status of a specified WorkSpace", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeWorkspacesConnectionStatus" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Modifies the WorkSpace properties, including the running mode and AutoStop time", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyWorkspaceProperties" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Reboots the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RebootWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Rebuilds the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RebuildWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Starts the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "StartWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Stops the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "StopWorkspaces" |
|
}, |
|
{ |
|
"resource_types": "workspaceid", |
|
"description": "Terminates the specified WorkSpaces", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "TerminateWorkspaces" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon SNS", |
|
"privileges": [ |
|
{ |
|
"resource_types": "topic", |
|
"description": "Adds a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "AddPermission" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Accepts a phone number and indicates whether the phone holder has opted out of receiving SMS messages from your account", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "CheckIfPhoneNumberIsOptedOut" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Verifies an endpoint owner's intent to receive messages by validating the token sent to the endpoint by an earlier Subscribe action", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ConfirmSubscription" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates a platform application object for one of the supported push notification services, such as APNS and GCM, to which devices and mobile apps may register", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreatePlatformApplication" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreatePlatformEndpoint" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Creates a topic to which notifications can be published", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateTopic" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes the endpoint for a device and mobile app from Amazon SNS", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteEndpoint" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a platform application object for one of the supported push notification services, such as APNS and GCM", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeletePlatformApplication" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Deletes a topic and all its subscriptions", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteTopic" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Retrieves the endpoint attributes for a device on one of the supported push notification services, such as GCM and APNS", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetEndpointAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Retrieves the attributes of the platform application object for the supported push notification services, such as APNS and GCM", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetPlatformApplicationAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns the settings for sending SMS messages from your account", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetSMSAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns all of the properties of a subscription", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetSubscriptionAttributes" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Returns all of the properties of a topic. Topic properties returned might differ based on the authorization of the user", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetTopicAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the endpoints and endpoint attributes for devices in a supported push notification service, such as GCM and APNS", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListEndpointsByPlatformApplication" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of phone numbers that are opted out, meaning you cannot send SMS messages to them", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "ListPhoneNumbersOptedOut" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Lists the platform application objects for the supported push notification services, such as APNS and GCM", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListPlatformApplications" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of the requester's subscriptions", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSubscriptions" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Returns a list of the subscriptions to a specific topic", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListSubscriptionsByTopic" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns a list of the requester's topics. Each call returns a limited list of topics, up to 100", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListTopics" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Opts in a phone number that is currently opted out, which enables you to resume sending SMS messages to the number", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "OptInPhoneNumber" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Sends a message to all of a topic's subscribed endpoints", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "Publish" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Removes a statement from a topic's access control policy", |
|
"condition_keys": [], |
|
"access_level": "Permissions management", |
|
"dependent_actions": [], |
|
"privilege": "RemovePermission" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Sets the attributes for an endpoint for a device on one of the supported push notification services, such as GCM and APNS", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetEndpointAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Sets the attributes of the platform application object for the supported push notification services, such as APNS and GCM", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetPlatformApplicationAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Allows a subscription owner to set an attribute of the topic to a new value", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetSubscriptionAttributes" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Allows a topic owner to set an attribute of the topic to a new value", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetTopicAttributes" |
|
}, |
|
{ |
|
"resource_types": "topic", |
|
"description": "Prepares to subscribe an endpoint by sending the endpoint a confirmation message", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "Subscribe" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the subscription or the topic's owner can unsubscribe, and an AWS signature is required", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "Unsubscribe" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon FreeRTOS", |
|
"privileges": [] |
|
}, |
|
{ |
|
"service_name": "Amazon API Gateway", |
|
"privileges": [ |
|
{ |
|
"resource_types": "execute-api-general", |
|
"description": "Used to invalidate API cache upon a client request", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "InvalidateCache" |
|
}, |
|
{ |
|
"resource_types": "execute-api-general", |
|
"description": "Used to invoke an API upon a client request", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "Invoke" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon Connect", |
|
"privileges": [] |
|
}, |
|
{ |
|
"service_name": "Elastic Load Balancing V2", |
|
"privileges": [ |
|
{ |
|
"resource_types": "listener", |
|
"description": "Adds the specified certificates to the specified secure listener", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AddListenerCertificates" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Adds the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "AddTags" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Creates a listener for the specified Application Load Balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateListener" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Creates a load balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateLoadBalancer" |
|
}, |
|
{ |
|
"resource_types": "listener", |
|
"description": "Creates a rule for the specified listener", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateRule" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Creates a target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateTargetGroup" |
|
}, |
|
{ |
|
"resource_types": "listener", |
|
"description": "Deletes the specified listener", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteListener" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Deletes the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteLoadBalancer" |
|
}, |
|
{ |
|
"resource_types": "listener-rule", |
|
"description": "Deletes the specified rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteRule" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Deletes the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteTargetGroup" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Deregisters the specified targets from the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeregisterTargets" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the Elastic Load Balancing resource limits for the AWS account", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeAccountLimits" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the certificates for the specified secure listener", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeListenerCertificates" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the specified listeners or the listeners for the specified Application Load Balancer", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeListeners" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the attributes for the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeLoadBalancerAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeLoadBalancers" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the specified rules or the rules for the specified listener", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeRules" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the specified policies or all policies used for SSL negotiation", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeSSLPolicies" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the tags associated with the specified load balancers", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeTags" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the attributes for the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeTargetGroupAttributes" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the specified target groups or all of your target groups", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeTargetGroups" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Describes the health of the specified targets or all of your targets", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeTargetHealth" |
|
}, |
|
{ |
|
"resource_types": "listener", |
|
"description": "Modifies the specified properties of the specified listener", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyListener" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Modifies the attributes of the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyLoadBalancerAttributes" |
|
}, |
|
{ |
|
"resource_types": "listener-rule", |
|
"description": "Modifies the specified rule", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyRule" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Modifies the health checks used when evaluating the health state of the targets in the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyTargetGroup" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Modifies the specified attributes of the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ModifyTargetGroupAttributes" |
|
}, |
|
{ |
|
"resource_types": "targetgroup", |
|
"description": "Registers the specified targets with the specified target group", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RegisterTargets" |
|
}, |
|
{ |
|
"resource_types": "listener", |
|
"description": "Removes the specified certificates of the specified secure listener", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RemoveListenerCertificates" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Removes one or more tags from the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "RemoveTags" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Not found", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetIpAddressType" |
|
}, |
|
{ |
|
"resource_types": "listener-rule", |
|
"description": "Sets the priorities of the specified rules", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetRulePriorities" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Associates the specified security groups with the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetSecurityGroups" |
|
}, |
|
{ |
|
"resource_types": "loadbalancer/app", |
|
"description": "Enables the Availability Zone for the specified subnets for the specified load balancer", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "SetSubnets" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon Mobile Analytics", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "The PutEvents operation records one or more events", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "PutEvents" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "AWS Trusted Advisor", |
|
"privileges": [] |
|
}, |
|
{ |
|
"service_name": "Amazon Macie", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to associate a specified AWS account with Amazon Macie as a member account", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AssociateMemberAccount" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to associate specified S3 resources with Amazon Macie for monitoring and data classification", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "AssociateS3Resources" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to remove the specified member account from Amazon Macie", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DisassociateMemberAccount" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to remove specified S3 resources from being monitored by Amazon Macie", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DisassociateS3Resources" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to list all Amazon Macie member accounts for the current Macie master account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListMemberAccounts" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to list all the S3 resources associated with Amazon Macie", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListS3Resources" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Enables the user to update the classification types for the specified S3 resources", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateS3Resources" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon Textract", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Detects instances of real-world document entities within an image provided as input", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [ |
|
"s3:GetObject" |
|
], |
|
"privilege": "AnalyzeDocument" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Detects text in document images", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [ |
|
"s3:GetObject" |
|
], |
|
"privilege": "DetectDocumentText" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns information about a document analysis job", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetDocumentAnalysis" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Returns information about a document text detection job", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetDocumentTextDetection" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Starts an asynchronous job to detect instances of real-world document entities within an image or pdf provided as input", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [ |
|
"s3:GetObject" |
|
], |
|
"privilege": "StartDocumentAnalysis" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Starts an asynchronous job to detect text in document images or pdfs", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [ |
|
"s3:GetObject" |
|
], |
|
"privilege": "StartDocumentTextDetection" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "AWS Certificate Manager Private Certificate Authority", |
|
"privileges": [ |
|
{ |
|
"resource_types": "", |
|
"description": "Creates an ACM Private CA and its associated private key and configuration", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Creates an audit report for an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateCertificateAuthorityAuditReport" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Deletes an ACM Private CA and its associated private key and configuration", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Returns a list of the configuration and status fields contained in the specified ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Returns the status and information about an ACM Private CA audit report", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "DescribeCertificateAuthorityAuditReport" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Retrieves an ACM Private CA certificate and certificate chain for the certificate authority specified by an ARN", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetCertificate" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Retrieves an ACM Private CA certificate and certificate chain for the certificate authority specified by an ARN", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetCertificateAuthorityCertificate" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Retrieves an ACM Private CA certificate signing request (CSR) for the certificate-authority specified by an ARN", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "GetCertificateAuthorityCsr" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Imports an SSL/TLS certificate into ACM Private CA for use as the CA certificate of an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "ImportCertificateAuthorityCertificate" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Issues an ACM Private CA certificate", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "IssueCertificate" |
|
}, |
|
{ |
|
"resource_types": "", |
|
"description": "Retrieves a list of the ACM Private CA certificate authority ARNs, and a summary of the status of each CA in the calling account", |
|
"condition_keys": [], |
|
"access_level": "List", |
|
"dependent_actions": [], |
|
"privilege": "ListCertificateAuthorities" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Lists the tags that have been applied to the ACM Private CA certificate authority", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "ListTags" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Restores an ACM Private CA from the deleted state to the state it was in when deleted", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RestoreCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Revokes a certificate issued by an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "RevokeCertificate" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Adds one or more tags to an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "TagCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Remove one or more tags from an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Tagging", |
|
"dependent_actions": [], |
|
"privilege": "UntagCertificateAuthority" |
|
}, |
|
{ |
|
"resource_types": "certificate-authority", |
|
"description": "Updates the configuration of an ACM Private CA", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "UpdateCertificateAuthority" |
|
} |
|
] |
|
}, |
|
{ |
|
"service_name": "Amazon DynamoDB", |
|
"privileges": [ |
|
{ |
|
"resource_types": "table", |
|
"description": "Returns the attributes of one or more items from one or more tables", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "BatchGetItem" |
|
}, |
|
{ |
|
"resource_types": "table", |
|
"description": "Puts or deletes multiple items in one or more tables", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "BatchWriteItem" |
|
}, |
|
{ |
|
"resource_types": "table", |
|
"description": "The ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key", |
|
"condition_keys": [], |
|
"access_level": "Read", |
|
"dependent_actions": [], |
|
"privilege": "ConditionCheckItem" |
|
}, |
|
{ |
|
"resource_types": "table", |
|
"description": "Creates a backup for an existing table", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateBackup" |
|
}, |
|
{ |
|
"resource_types": "global-table", |
|
"description": "Enables the user to create a global table from an existing table", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateGlobalTable" |
|
}, |
|
{ |
|
"resource_types": "table", |
|
"description": "The CreateTable operation adds a new table to your account", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "CreateTable" |
|
}, |
|
{ |
|
"resource_types": "backup", |
|
"description": "Deletes an existing backup of a table", |
|
"condition_keys": [], |
|
"access_level": "Write", |
|
"dependent_actions": [], |
|
"privilege": "DeleteBackup" |
|
}, |
|
{ |
|
"resource_types": "table", |
|
"description": "Deletes a single item in a table b |