AWS verwaltete Richtlinien für AWS Config

AWS_ConfigRole— füge „lightsail:GetActiveNames" „lightsail:" „s3:GetOperations“ hinzu GetBucketAbac

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Lightsail und Amazon Simple Storage Service (Amazon S3).

20. November 2025

AWSConfigServiceRolePolicy— füge „lightsail:GetActiveNames" „lightsail:" „s3:GetOperations“ hinzu GetBucketAbac

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Lightsail und Amazon Simple Storage Service (Amazon S3).

20. November 2025

AWSConfigServiceRolePolicy— Aktualisierte verwaltete Richtlinie mit umfassenden Berechtigungen für die Aufzeichnung der AWS Ressourcenkonfiguration für über 100 AWS Dienste, darunter Rechen-, Speicher-, Netzwerk-, Sicherheits-, Analyse- und maschinelles Lernen.

Diese Richtlinie bietet nun eine verbesserte Dokumentation der Serviceberechtigungen und unterstützt eine umfassende Überwachung aller AWS Dienste, die die Konfigurationsaufzeichnung AWS Config unterstützen.

11. November 2025

AWS_ConfigRole— Aktualisierte verwaltete Richtlinie mit umfassenden Berechtigungen für die Aufzeichnung von AWS Ressourcenkonfigurationen für mehrere Dienste AWS Identity and Access Management, darunter Amazon Elastic Compute Cloud, Amazon Simple Storage Service AWS Lambda, Amazon Relational Database Service und viele andere.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für die umfassende Aufzeichnung und Überwachung der AWS Ressourcenkonfiguration für alle unterstützten AWS Dienste.

10. November 2025

AWS_ConfigRole— „amplify:GetDomainAssociation" „amplify:ListDomainAssociations" „amplify:ListTagsForResource" „appsync:" „appsync:GetSourceApiAssociation" „bedrock:ListSourceApiAssociations" „bedrock:GetFlow" „bedrock:ListAgentCollaborators" „bedrock:ListFlows" „cloudTrail:ListPrompts" „cloudformation:GetResourcePolicy" „codeartifact:DescribePublisher" „codeartifact:DescribePackageGroup" „codeartifact:ListAllowedRepositoriesForGroup" „codeartifact:ListPackageGroups" „codepipeline:" „hinzufügen connect:ListActionTypes" „Frist:ListTagsForResource" „ec2:ListWebhooks" „ec2:DescribeTrafficDistributionGroup" „ec2: ListTrafficDistributionGroups ListFarms GetTransitGatewayRouteTablePropagations SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups„„entityresolution:GetMatchingWorkflow" „entityresolution:ListMatchingWorkflows" „iotsitewise:ListAssetModelCompositeModels" „iotsitewise:ListAssetModelProperties" „iotsitewise:ListAssetProperties" „ivs:" „lambda:ListAssociatedAssets" „lambda:ListPublicKeys" „lambda:GetProvisionedConcurrencyConfig" „lambda:GetRuntimeManagementConfig" „lambda:ListFunctionEventInvokeConfigs" „lambda:ListFunctionUrlConfigs" „pipes:DescribePipe" „pipes:ListPipes" „quicksight:DescribeRefreshSchedule" „quicksight:ListRefreshSchedules" „redshift-serverless:ListSnapshotCopyConfigurations" „redshift:" „redshift:GetResourcePolicy" „rolesanywhere:GetCrl" „rolesanywhere:ListCrls" „sagemaker:DescribeApp" „sagemaker:DescribeUserProfile" „sagemaker: ListApps"„sagemaker:ListModelPackages" „sagemaker:ListUserProfiles" „secretsmanager:GetResourcePolicy" „securitylake:ListSubscribers" „securitylake:ListTagsForResource" „servicecatalog:DescribeServiceAction" „servicecatalog:ListApplications" „servicecatalog:ListAssociatedResources" „shield:" „shield:ListProtectionGroups" „shield:ListTagsForResource" „ssm:GetReplicationSet" „ssm:ListReplicationSets" „ssm:DescribeAssociation" „ssm:DescribePatchBaselines" „ssm:" „ssm:GetDefaultPatchBaseline" „ssm:GetPatchBaseline" „ssm:GetResourcePolicies" „ssm:ListAssociations" „ssm:ListResourceDataSync" „wafv2:ListLoggingConfigurations" „bedrock-agentcore:ListCodeInterpreters" „bedrock-agentcore:GetCodeInterpreter" „bedrock -agentcore: ListBrowsers "„bedrock-agentcore:GetBrowser" „bedrock-agentcore:ListAgentRuntimes" „bedrock-agentcore:GetAgentRuntime" „bedrock-agentcore:ListAgentRuntimeEndpoints" „bedrock-agentcore:GetAgentRuntimeEndpoint“

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Amplify,AWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifactAWS CodePipeline, Amazon Connect,, Amazon AWS Deadline Cloud, EC2 AWS Entity Resolution, Amazon IVS AWS IoT SiteWise,, Amazon AWS Lambda, Amazon EventBridge Quick Suite, Amazon Redshift, Amazon Redshift Serverless, Amazon,AWS Identity and Access Management Roles Anywhere SageMaker, Amazon Security Lake AWS Secrets Manager,AWS Service CatalogAWS Shield, Amazon EC2 Systems Manager und.AWS WAFV2

1. Oktober 2025

AWSConfigServiceRolePolicy— „amplify:GetDomainAssociation" „amplify:ListDomainAssociations" „amplify:ListTagsForResource" „appsync:GetSourceApiAssociation" „appsync:ListSourceApiAssociations" „bedrock:GetFlow" „bedrock:ListAgentCollaborators" „bedrock:ListFlows" „bedrock: ListPromptsGetResourcePolicy" „cloudTrail:DescribePublisher" „cloudformation:DescribePackageGroup" „codeartifact:ListAllowedRepositoriesForGroup" „codeartifact:ListPackageGroups" „codeartifact:ListActionTypes" „codeartifact:ListTagsForResource" „codepipeline:ListWebhooks" „hinzufügen connect:ListTrafficDistributionGroups" „Frist:ListFarms" „ec2:GetTransitGatewayRouteTablePropagations" „ec2:SearchLocalGatewayRoutes" „ec2: DescribeTrafficDistributionGroup SearchTransitGatewayMulticastGroups„„entityresolution:GetMatchingWorkflow" „entityresolution:ListMatchingWorkflows" „iotsitewise:ListAssetModelCompositeModels" „iotsitewise:ListAssetModelProperties" „iotsitewise:ListAssetProperties" „ivs:" „lambda:ListAssociatedAssets" „lambda:ListPublicKeys" „lambda:GetProvisionedConcurrencyConfig" „lambda:GetRuntimeManagementConfig" „lambda:ListFunctionEventInvokeConfigs" „lambda:ListFunctionUrlConfigs" „pipes:DescribePipe" „pipes:ListPipes" „quicksight:DescribeRefreshSchedule" „quicksight:ListRefreshSchedules" „redshift-serverless:ListSnapshotCopyConfigurations" „redshift:" „redshift:GetResourcePolicy" „rolesanywhere:GetCrl" „rolesanywhere:ListCrls" „sagemaker:DescribeApp" „sagemaker:DescribeUserProfile" „sagemaker: ListApps"„sagemaker:ListModelPackages" „sagemaker:ListUserProfiles" „secretsmanager:GetResourcePolicy" „securitylake:ListSubscribers" „securitylake:ListTagsForResource" „servicecatalog:DescribeServiceAction" „servicecatalog:ListApplications" „servicecatalog:ListAssociatedResources" „shield:" „shield:ListProtectionGroups" „shield:ListTagsForResource" „ssm:GetReplicationSet" „ssm:ListReplicationSets" „ssm:DescribeAssociation" „ssm:DescribePatchBaselines" „ssm:" „ssm:GetDefaultPatchBaseline" „ssm:GetPatchBaseline" „ssm:GetResourcePolicies" „ssm:ListAssociations" „ssm:ListResourceDataSync" „wafv2:ListLoggingConfigurations" „bedrock-agentcore:ListCodeInterpreters" „bedrock-agentcore:GetCodeInterpreter" „bedrock -agentcore: ListBrowsers "„bedrock-agentcore:GetBrowser" „bedrock-agentcore:ListAgentRuntimes" „bedrock-agentcore:GetAgentRuntime" „bedrock-agentcore:ListAgentRuntimeEndpoints" „bedrock-agentcore:GetAgentRuntimeEndpoint“

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Amplify,AWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifactAWS CodePipeline, Amazon Connect,, Amazon AWS Deadline Cloud, EC2 AWS Entity Resolution, Amazon IVS AWS IoT SiteWise,, Amazon AWS Lambda, Amazon EventBridge Quick Suite, Amazon Redshift, Amazon Redshift Serverless, Amazon,AWS Identity and Access Management Roles Anywhere SageMaker, Amazon Security Lake AWS Secrets Manager,AWS Service CatalogAWS Shield, Amazon EC2 Systems Manager und.AWS WAFV2

1. Oktober 2025

AWS_ConfigRole— Hinzufügen "arc-zonal-shift: GetAutoshiftObserverNotificationStatus „, „bedrock: GetModelInvocationLoggingConfiguration „, „cloudtrail: „, GetEventConfiguration „codeartifact: „, DescribeDomain „codeartifact: „, „deadline: GetDomainPermissionsPolicy „, „deadline: GetFleet „, „deadline: „, GetQueueFleetAssociation „deadline: „, ListFleets „deadline: „, „deadline: ListQueueFleetAssociations „, „deadline: ListTagsForResource „, „deadline: DescribeDataMigrations „, „dms: „, ListMigrationProjects „glue: „, GetDataCatalogEncryptionSettings „kafkaconnect: „, DescribeCustomPlugin „kafkaconnect: „, „kafkaconnect: DescribeWorkerConfiguration „, „kafkaconnect: ListCustomPlugins „aconnect: „, ListTagsForResource „kafkaconnect: „, „kafkaconnect: ListWorkerConfigurations „, „lakeformation: DescribeLakeFormationIdentityCenterConfiguration „, „medialive: DescribeMultiplexProgram „, „medialive: ListMultiplexPrograms„, „mediapackagev2: GetChannelGroup „, „mediapackagev2: ListChannelGroups „, „rds: „, „rolesanywhere: DescribeEngineDefaultParameters „, „rolesanywhere: GetProfile „, „rolesanywhere: GetTrustAnchor „, „rolesanywhere: ListProfiles „, „rolesanywhere: „, ListTagsForResource „rolesanywhere: „, „s3: ListTrustAnchors „, „secretsmanager: GetAccessGrant „, „securitylake: ListAccessGrants „, „securitylake: DescribeSecret „, „securitylake: „, „security lake: ListDataLakeExceptions „, „security lake: ListDataLakes „, „security lake: „, „security lake: ListLogSources „, „security itylake: GetAttributeGroup „, „servicecatalog: ListAttributeGroups „, „servicecatalog: „, ListServiceActions „servicecatalog: „, „servicecatalog: ListServiceActionsForProvisioningArtifact „, „ses: GetTrafficPolicy „, „ses: ListTagsForResource „,“ siehe: ListTrafficPolicies „, „xray: GetGroup „, „xray: GetGroups „, „xray: GetSamplingRules „, „xray: ListResourcePolicies „, „xray:ListTagsForResource“

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS ARC - Zonal Shift Amazon Bedrock,,,AWS CloudTrail,AWS CodeArtifact,AWS Deadline CloudAWS Database Migration ServiceAWS GlueAWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka AWS Lake Formation, Amazon CloudWatch Logs,,AWS Elemental MediaLiveAWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service AWS Secrets Manager, Amazon Security Lake AWS Service Catalog, Amazon Simple Email Service und.AWS X-Ray

28. Juli 2025

AWSConfigServiceRolePolicy— Hinzufügen

"arc-zonal-shift: GetAutoshiftObserverNotificationStatus „, „bedrock: „, GetModelInvocationLoggingConfiguration „cloudtrail: „, „codeartifact: GetEventConfiguration „, „codeartifact: DescribeDomain „, „deadline: „, „deadline: GetDomainPermissionsPolicy „, „deadline: GetFleet „, „deadline: „, GetQueueFleetAssociation „deadline: „, „deadline: ListFleets „, „deadline: ListQueueFleetAssociations „, „dms: ListTagsForResource „, „dms: „, „glue: DescribeDataMigrations „, „iam: ListMigrationProjects „, kafkaconnect: GetDataCatalogEncryptionSettings „, „kafkaconnect: ListPolicies „, „kafkaconnect: DescribeCustomPlugin „, „kafkaconnect: DescribeWorkerConfiguration „, „kafkaconnect: „, „lakeformation: ListCustomPlugins „, „logs: „, „logs: ListTagsForResource „, „medialive: ListWorkerConfigurations DescribeLakeFormationIdentityCenterConfiguration DescribeIndexPolicies ListTagsForResource DescribeMultiplexProgram„, „medialive: ListMultiplexPrograms „, „mediapackagev2: GetChannelGroup „, „mediapackagev2: ListChannelGroups „, „rds: DescribeEngineDefaultParameters „, „rolesanywhere: GetProfile „, „rolesanywhere: GetTrustAnchor „, „rolesanywhere: ListProfiles „, „rolesanywhere: ListTagsForResource „, „rolesanywhere: ListTrustAnchors „, „rolesanywhere: GetAccessGrant „, „s3: ListAccessGrants „, „secretsmanager: DescribeSecret „, „securitylake: ListDataLakeExceptions „, „securitylake: „, ListDataLakes „securitylylake: „, „securitylake: ListLogSources „, „servicecatalog: GetAttributeGroup „, „servicecatalog: ListAttributeGroups „, „servicecatalog: ListServiceActions „, „servicecatalog: ListServiceActionsForProvisioningArtifact „, „ses: GetTrafficPolicy „, „ses: ListTagsForResource „, „ses: ListTrafficPolicies „, „xray: GetGroup „, „xray: GetGroups „, „xray: GetSamplingRules „, „xray: ListResourcePolicies „, „xray: ListTagsForResource „, „arn:aws:apigateway: ::/account“, „arn:aws:apigateway: ::/usageplans“, „arn:aws:apigateway: ::/usageplans/“.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS ARC - Zonal Shift Amazon Bedrock,,,AWS CloudTrail,AWS CodeArtifact,AWS Deadline CloudAWS Database Migration ServiceAWS GlueAWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka AWS Lake Formation, Amazon CloudWatch Logs,AWS Elemental MediaLive,AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service AWS Secrets Manager, Amazon Security Lake AWS Service Catalog, Amazon Simple Email Service und Amazon AWS X-Ray API Gateway.

28. Juli 2025

AWSConfigServiceRolePolicy— „backup-gateway: GetHypervisor „, „backup-gateway: ListHypervisors „,"bcm-data-exports: GetExport „,"bcm-data-exports: ListExports „,"bcm-data-exports: ListTagsForResource „,": GetAgent „, „bedrock: GetAgentActionGroup „, „bedrock: GetAgentKnowledgeBase „, „bedrock: GetDataSource „, „bedrock: GetFlowAlias „, „bedrock: GetFlowVersion „, „bedrock: ListAgentActionGroups „, „bedrock: ListAgentKnowledgeBases „, „bedrock: ListDataSources „, „bedrock: ListFlowAliases „, „bedrock: ListFlowVersions „hinzufügen Wolkenbildung: BatchDescribeTypeConfigurations „, „Wolkenformation: DescribeStackInstance „, „Wolkenformation: DescribeStackSet „, „Wolkenformation: ListStackInstances „,“ cloudformation: ListStackSets „, „cloudfront: GetPublicKey „, „cloudfront: GetRealtimeLogConfig „, „cloudfront: ListPublicKeys „, „cloudfront: „, ListRealtimeLogConfigs „entityresolution: „, GetIdMappingWorkflow „entityresolution: „, GetSchemaMapping „entityresolution: „, ListIdMappingWorkflows „entityresolution: „, ListSchemaMappings „entityresolution: „, „entityresolution: ListTagsForResource „, „iotdeviceadvisor: GetSuiteDefinition „, „lambda: ListSuiteDefinitions „, „lambda: „, GetEventSourceMapping „lambda: „, ListEventSourceMappings „lambda: „, „mediapackagev2: GetChannel „, „mediapaketv2: ListChannels „, „networkmanager: GetTransitGatewayPeering „, „networkmanager: ListPeerings „,"pca-connector-ad: GetDirectoryRegistration „,“ pca-connector-ad: ListDirectoryRegistrations „,"pca-connector-ad: ListTagsForResource „, „DBShardrds:Gruppen beschreiben“, „rds: „, DescribeIntegrations „redshift: „, DescribeIntegrations „s3tables: „, GetTableBucket „s3tables: „, GetTableBucketEncryption „s3tables: „, „s3tables: GetTableBucketMaintenanceConfiguration „, „s3tables: ListTableBuckets „, „ssm-quicksetup: GetConfigurationManager „, „ssm-quicksetup:ListConfigurationManagers“

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Backup gateway,AWS Fakturierung und Kostenmanagement, Amazon Bedrock,, Amazon AWS CloudFormation, CloudFront,,AWS Entity Resolution,AWS IoT Core Device AdvisorAWS LambdaAWS Network Manager, Amazon Relational Database Service AWS Private Certificate Authority, Amazon Redshift, Amazon S3 Tables,.AWS Systems Manager Quick Setup

AWS_ConfigRole— „backup-gateway: GetHypervisor „, „backup-gateway: ListHypervisors „,"bcm-data-exports: GetExport „,"bcm-data-exports: ListExports „,"bcm-data-exports: ListTagsForResource „,": GetAgent „, „bedrock: GetAgentActionGroup „, „bedrock: GetAgentKnowledgeBase „, „bedrock: GetDataSource „, „bedrock: GetFlowAlias „, „bedrock: GetFlowVersion „, „bedrock: ListAgentActionGroups „, „bedrock: ListAgentKnowledgeBases „, „bedrock: ListDataSources „, „bedrock: ListFlowAliases „, „bedrock: ListFlowVersions „hinzufügen Wolkenbildung: BatchDescribeTypeConfigurations „, „Wolkenformation: DescribeStackInstance „, „Wolkenformation: DescribeStackSet „, „Wolkenformation: ListStackInstances „,“ cloudformation: ListStackSets „, „cloudfront: GetPublicKey „, „cloudfront: GetRealtimeLogConfig „, „cloudfront: „, ListPublicKeys „cloudfront: „, ListRealtimeLogConfigs „entityresolution: „, GetIdMappingWorkflow „entityresolution: „, „entityresolution: GetSchemaMapping „, „entityresolution: ListIdMappingWorkflows „, „entityresolution: ListSchemaMappings „, „entityresolution: ListTagsForResource „, „iotdeviceadvisor: GetSuiteDefinition „, „lambda: „, „lambda: ListSuiteDefinitions „, „lambda: GetEventSourceMapping „, „lambda: ListEventSourceMappings „, „Netzwerkmanager: GetTransitGatewayPeering „, „Netzwerkmanager: ListPeerings „,": „,"pca-connector-ad: GetDirectoryRegistration „,"pca-connector-ad: ListDirectoryRegistrations „,"pca-connector-ad: ListTagsForResource „, „rds: DBShardGruppen beschreiben“, „rds: DescribeIntegrations „, „redshift: DescribeIntegrations „, „s3tables: „, GetTableBucket „s3tables: „, GetTableBucketEncryption „s3tables: „, „s3tables: GetTableBucketMaintenanceConfiguration „, „ssm-quicksetup: ListTableBuckets „, „ssm-quicksetup: GetConfigurationManager „, „ssm-quicksetup:ListConfigurationManagers“

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Backup gateway,AWS Fakturierung und Kostenmanagement, Amazon Bedrock,, Amazon AWS CloudFormation, CloudFront,,AWS Entity Resolution,AWS IoT Core Device AdvisorAWS LambdaAWS Network Manager, Amazon Relational Database Service AWS Private Certificate Authority, Amazon Redshift, Amazon S3 Tables,.AWS Systems Manager Quick Setup

AWS_ConfigRole – Addition: "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Bedrock.

AWSConfigServiceRolePolicy – Addition: "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Bedrock.

AWS_ConfigRole – Addition: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS B2B Data Interchange Amazon Bedrock,,,AWS Clean RoomsAWS CodeConnections,AWS Database Migration Service(AWS DMS)AWS Direct Connect, Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI AWS Security Hub CSPM, und AWS Systems Manager Incident Manager,AWS Systems Manager Incident Manager Kontakte und.AWS Systems Manager

AWSConfigServiceRolePolicy – Addition: "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS B2B Data Interchange Amazon Bedrock,,,AWS Clean RoomsAWS CodeConnections,AWS Database Migration Service(AWS DMS)AWS Direct Connect, Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI AWS Security Hub CSPM, und AWS Systems Manager Incident Manager,AWS Systems Manager Incident Manager Kontakte und.AWS Systems Manager Diese Richtlinie unterstützt jetzt auch die Erlaubnis, auf alle Amazon API Gateway Gateway-Domänennamen zuzugreifen, indem das Ressourcenmuster "arn:aws:apigateway:::/domainnames/" eingeschlossen wird.

AWS_ConfigRole – Addition: "ec2:GetAllowedImagesSettings"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic Compute Cloud (Amazon EC2).

AWSConfigServiceRolePolicy – Addition: "ec2:GetAllowedImagesSettings"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic Compute Cloud (Amazon EC2).

AWS_ConfigRole – Addition: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Clean Rooms Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon EC2)AWS HealthOmics, Amazon Simple Storage Service (Amazon S3) und Amazon Simple Email Service (Amazon SES).

AWSConfigServiceRolePolicy – Addition: "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Clean Rooms Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon EC2)AWS HealthOmics, Amazon Simple Storage Service (Amazon S3) und Amazon Simple Email Service (Amazon SES).

AWSConfigServiceRolePolicy – Addition: "organizations:ListAWSServiceAccessForOrganization"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für.AWS Organizations

AWS_ConfigRole – Addition: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS AppConfig,, Amazon Connect AWS CloudTrail, Amazon, Amazon DevOps Guru DataZone, Identity Store AWS Glue,,,AWS IoTAWS IoT FleetWiseAWS IoT Wireless, Amazon Interactive Video Service (Amazon IVS), Amazon CloudWatch Logs, Amazon CloudWatch Observability Access Manager AWS Payment Cryptography, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3), Amazon EventBridge Scheduler und Amazon VPC Lattice.AWS Systems Manager

AWSConfigServiceRolePolicy – Addition: "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS AppConfig,, Amazon Connect AWS CloudTrail, Amazon, Amazon DevOps Guru DataZone, Identity Store AWS Glue,,,AWS IoTAWS IoT FleetWiseAWS IoT Wireless, Amazon Interactive Video Service (Amazon IVS), Amazon CloudWatch Logs, Amazon CloudWatch Observability Access Manager AWS Payment Cryptography, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3), Amazon EventBridge Scheduler und Amazon VPC Lattice.AWS Systems Manager

AWS_ConfigRole – Addition: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon OpenSearch Service Severless, Amazon AppStream,,AWS Backup,AWS CloudTrailAWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon IVS),,AWS Elemental MediaConnectAWS Elemental MediaTailorAWS HealthOmics, und Amazon EventBridge Scheduler.

AWSConfigServiceRolePolicy – Addition: "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon OpenSearch Service Severless, Amazon AppStream,,AWS Backup,AWS CloudTrailAWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon IVS),,AWS Elemental MediaConnectAWS Elemental MediaTailorAWS HealthOmics, und Amazon EventBridge Scheduler.

AWS_ConfigRole – Addition: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic File System (Amazon EFS), Amazon Redshift und AWS Systems Manager für SAP.

AWSConfigServiceRolePolicy – Addition: "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic File System (Amazon EFS), Amazon Redshift und AWS Systems Manager für SAP.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus, Amazon CloudWatch, Amazon Cognito, Amazon, ElastiCache,AWS Identity and Access Management(IAM) FSx AWS Glue,,, Amazon Redshift Serverless AWS LambdaAWS RAM, Amazon SageMaker AI und Amazon Simple Notification Service (Amazon SNS).

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus, Amazon CloudWatch, Amazon Cognito, Amazon, ElastiCache,AWS Identity and Access Management(IAM) FSx AWS Glue,,, Amazon Redshift Serverless AWS LambdaAWS RAM, Amazon SageMaker AI und Amazon Simple Notification Service (Amazon SNS).

AWSConfigUserAccess— beginnt AWS Config mit der Nachverfolgung von Änderungen für diese verwaltete Richtlinie AWS

Diese Richtlinie ermöglicht den Zugriff auf die Nutzung AWS Config, einschließlich der Suche nach Tags in Ressourcen und dem Lesen aller Tags. Dadurch wird keine Berechtigung zur Konfiguration erteilt AWS Config, wofür Administratorrechte erforderlich sind.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS AppConfig Amazon Managed Service for Prometheus,AWS Database Migration Service(AWS DMS), (AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon CloudWatch Logs und Amazon Simple Storage Service (Amazon S3).AWS Organizations

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS AppConfig Amazon Managed Service for Prometheus,AWS Database Migration Service(AWS DMS), (AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon CloudWatch Logs und Amazon Simple Storage Service (Amazon S3).AWS Organizations

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Cognito, Amazon Connect, Amazon EMR,,AWS Ground Station, Amazon MemoryDB AWS Mainframe Modernization,, Amazon Quick Suite AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53, und.AWS Service CatalogAWS Transfer Family

Diese Richtlinie fügt jetzt Sicherheitskennungen (SID) für AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID und AWSConfigSLRApiGatewayStatementID hinzu.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Cognito, Amazon Connect, Amazon EMR,,AWS Ground Station, Amazon MemoryDB AWS Mainframe Modernization,, Amazon Quick Suite AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53, und.AWS Service CatalogAWS Transfer Family

Diese Richtlinie fügt jetzt Sicherheitskennungen (SID) für AWSConfigServiceRolePolicyStatementID, AWSConfigSLRLogStatementID, AWSConfigSLRLogEventStatementID und AWSConfigSLRApiGatewayStatementID hinzu.

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Evidly, Amazon Managed Grafana, Amazon, Amazon Inspector GuardDuty,,AWS IoTAWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka (Amazon MSK),,AWS LambdaAWS Network ManagerAWS Organizations, und Amazon AI. SageMaker

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Evidly, Amazon Managed Grafana, Amazon, Amazon Inspector GuardDuty,,AWS IoTAWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka (Amazon MSK),,AWS LambdaAWS Network ManagerAWS Organizations, und Amazon AI. SageMaker

Diese Richtlinie entfernt jetzt Berechtigungen für AWS Systems Manager(Systems Manager).

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS App Mesh,, Amazon AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifactAWS CodeBuild,, Amazon AWS Glue,AWS Identity and Access Management(IAM) GuardDuty, Amazon Inspector,,,AWS IoTAWS IoT TwinMakerAWS IoT Wireless, Amazon Managed Streaming for Apache Kafka, Amazon Macie,,,AWS Elemental MediaConnect,AWS Network ManagerAWS Organizations, Amazon Route 53 AWS Resource Explorer, Amazon Simple Storage Service (Amazon S3) und Amazon Simple Notification Service (Amazon SNS).

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS App Mesh Amazon WorkSpaces Applications, Amazon AWS CloudFormation,, CloudFront AWS CodeArtifact, Amazon Connect AWS CodeBuild,, Amazon AWS Glue,AWS Identity and Access Management(IAM) GuardDuty, Amazon Inspector,,AWS IoTAWS IoT TwinMakerAWS IoT Wireless, Amazon Managed Streaming for Apache Kafka, Amazon Macie,,,AWS Elemental MediaConnect,AWS Network ManagerAWS Organizations, Amazon Route 53 AWS Resource Explorer, Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon SNS) und Amazon EC2 Systems Manager (SSM).

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Connect AWS Amplify, Amazon Managed Service for Prometheus AWS App Mesh, Amazon Athena,,,,, Amazon AWS Batch, Amazon DynamoDB AWS CloudFormationAWS CloudTrailAWS CodeArtifact CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon), Amazon CloudWatch Evidly, Amazon Forecast,,, (IAM EC2)AWS Organizations, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management(Amazon MSK), Amazon Lightsail, Amazon CloudWatch Logs,,, Amazon Pinpoint, Amazon Virtual Private Cloud (AWS IoT GreengrassAWS Ground StationAWS Elemental MediaConnectAWS Elemental MediaTailor Amazon VPC), Amazon Personalize, Amazon Quick Suite AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI,.AWS Transfer Family

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Connect AWS Amplify, Amazon Managed Service for Prometheus AWS App Mesh, Amazon Athena,,,,, Amazon AWS Batch, Amazon DynamoDB AWS CloudFormationAWS CloudTrailAWS CodeArtifact CodeGuru AWS Directory Service, Amazon Elastic Compute Cloud (Amazon), Amazon CloudWatch Evidly, Amazon Forecast,,, (IAM EC2)AWS Organizations, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management(Amazon MSK), Amazon Lightsail, Amazon CloudWatch Logs,,, Amazon Pinpoint, Amazon Virtual Private Cloud (AWS IoT GreengrassAWS Ground StationAWS Elemental MediaConnectAWS Elemental MediaTailor Amazon VPC), Amazon Personalize, Amazon Quick Suite AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI,.AWS Transfer Family

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows für AWS Amplify,AWS App Mesh,AWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI, Amazon Pinpoint AWS Transfer Family,,AWS Migration HubAWS Resilience Hub, Amazon CloudWatch,AWS Directory Service und.AWS WAF

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows für AWS Amplify,AWS App Mesh,AWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI, Amazon Pinpoint AWS Transfer Family,,AWS Migration HubAWS Resilience Hub, Amazon CloudWatch,AWS Directory Service und.AWS WAF

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows for Amazon AppFlow,AWS App Runner Amazon WorkSpaces Applications, Amazon, Amazon CloudFront,, CloudWatch,AWS CodeArtifactAWS CodeCommit, Amazon CloudWatch Evidly AWS Device Farm, Amazon Forecast AWS Ground Station,AWS Identity and Access Management(IAM),, Amazon MemoryDB AWS IoT, Amazon Pinpoint,,, Amazon Relational Database Service (Amazon RDS), Amazon Redshift und Amazon AI.AWS Network ManagerAWS Panorama SageMaker

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows for Amazon AppFlow, Amazon WorkSpaces Applications AWS App Runner, Amazon AWS CloudFormation, Amazon CloudFront,, CloudWatch,AWS CodeArtifactAWS CodeCommitAWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast,AWS Identity and Access Management(IAM)AWS Ground Station,, Amazon MemoryDB AWS IoT, Amazon Pinpoint,,, Amazon Relational Database Service (Amazon RDS), Amazon Redshift und Amazon AI.AWS Network ManagerAWS Panorama SageMaker

AWSConfigRulesExecutionRole— beginnt AWS Config mit der Nachverfolgung von Änderungen für diese verwaltete Richtlinie AWS

Diese Richtlinie ermöglicht AWS Lambda Funktionen den Zugriff auf die AWS Config API und die Konfigurations-Snapshots, die regelmäßig AWS Config an Amazon S3 gesendet werden. Dieser Zugriff ist für Funktionen erforderlich, die Konfigurationsänderungen für AWS benutzerdefinierte Lambda-Regeln auswerten.

AWSConfigRoleForOrganizations—AWS Config beginnt mit der Nachverfolgung von Änderungen für diese AWS verwaltete Richtlinie

Diese Richtlinie ermöglicht das Aufrufen AWS Config im Nur-Lese-Modus AWS Organizations APIs.

AWSConfigRemediationServiceRolePolicy—AWS Config beginnt mit der Nachverfolgung von Änderungen für diese verwaltete Richtlinie AWS

Diese Richtlinie ermöglicht es AWS Config, NON_COMPLIANT Ressourcen in Ihrem Namen zu korrigieren.

AWSConfigServiceRolePolicy – Addition: auditmanager:GetAccountStatus

Diese Richtlinie gewährt nun die Berechtigung, den Registrierungsstatus eines Kontos in AWS Audit Manager wiederherzustellen.

AWS_ConfigRole – Addition: auditmanager:GetAccountStatus

Diese Richtlinie gewährt nun die Berechtigung, den Registrierungsstatus eines Kontos in AWS Audit Manager wiederherzustellen.

AWSConfigMultiAccountSetupPolicy—AWS Config beginnt mit der Nachverfolgung von Änderungen für diese AWS verwaltete Richtlinie

Diese Richtlinie ermöglicht AWS Config das Aufrufen von AWS Diensten und die Bereitstellung von AWS Config Ressourcen in einer Organisation mit AWS Organizations.

AWSConfigServiceRolePolicy – Addition: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows for Apache Airflow AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC)AWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint AWS Identity and Access Management(IAM) GuardDuty, Amazon und Amazon Logs. CloudWatch

AWS_ConfigRole – Addition: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows for Apache Airflow AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC)AWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint AWS Identity and Access Management(IAM) GuardDuty, Amazon und Amazon Logs. CloudWatch

ConfigConformsServiceRolePolicy – Aktualisierung: config:DescribeConfigRules

Als bewährte Sicherheitsmethode entfernt diese Richtlinie nun umfassende Berechtigungen auf Ressourcenebene für config:DescribeConfigRules.

AWSConfigServiceRolePolicy – Addition: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus,,AWS Audit Manager,AWS Database Migration Service(AWS DMS)AWS Device FarmAWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2),,AWS Glue, Amazon Lightsail AWS IoT,,, Amazon Quick Suite AWS Elemental MediaPackageAWS Network ManagerAWS Resource Access Manager, Amazon Application Recovery Controller (ARC), Amazon Simple Storage Service (Amazon S3) und Amazon Timestream.

AWS_ConfigRole – Addition: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus,,AWS Audit Manager,AWS Database Migration Service(AWS DMS)AWS Device FarmAWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2),,AWS Glue, Amazon Lightsail AWS IoT,,, Amazon Quick Suite AWS Elemental MediaPackageAWS Network ManagerAWS Resource Access Manager, Amazon Application Recovery Controller (ARC), Amazon Simple Storage Service (Amazon S3) und Amazon Timestream.

AWSConfigServiceRolePolicy – Addition: cloudformation:ListStackResources and cloudformation:ListStacks

Diese Richtlinie gewährt nun die Erlaubnis, Beschreibungen aller Ressourcen eines angegebenen AWS CloudFormation Stacks und die zusammenfassenden Informationen für Stacks zurückzugeben, deren Status dem angegebenen entspricht. StackStatusFilter

AWS_ConfigRole – Addition: cloudformation:ListStackResources and cloudformation:ListStacks

Diese Richtlinie gewährt nun die Erlaubnis, Beschreibungen aller Ressourcen eines angegebenen AWS CloudFormation Stacks und die zusammenfassenden Informationen für Stapel zurückzugeben, deren Status dem angegebenen entspricht. StackStatusFilter

AWSConfigServiceRolePolicy – Addition: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Certificate Manager Amazon Managed Workflows for Apache Airflow,,AWS Amplify, Amazon Keyspaces AWS AppConfig, Amazon, Amazon Connect CloudWatch, Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector EventBridge AWS Fault Injection Service, Amazon, Amazon GameLift Servers FSx, Amazon Location Service, Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite OpsWorksAWS PanoramaAWS Resource Access Manager, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition,AWS RoboMaker,AWS -Ressourcengruppen, Amazon Route 53, Amazon Simple Storage Service (Amazon S3)AWS Cloud Map, und.AWS Security Token Service

AWS_ConfigRole – Addition: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Certificate Manager Amazon Managed Workflows for Apache Airflow,,AWS Amplify, Amazon Keyspaces AWS AppConfig, Amazon, Amazon Connect CloudWatch, Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector EventBridge AWS Fault Injection Service, Amazon, Amazon GameLift Servers FSx, Amazon Location Service, Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite OpsWorksAWS PanoramaAWS Resource Access Manager, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition,AWS RoboMaker,AWS -Ressourcengruppen, Amazon Route 53, Amazon Simple Storage Service (Amazon S3)AWS Cloud Map, und.AWS Security Token Service

AWSConfigServiceRolePolicy – Addition: Glue::GetTable

Diese Richtlinie gewährt jetzt die Berechtigung zum Abrufen der AWS Glue Tabellendefinition in einem Datenkatalog für eine angegebene Tabelle.

AWS_ConfigRole – Addition: Glue::GetTable

Diese Richtlinie gewährt nun die Berechtigung zum Abrufen der AWS Glue Tabellendefinition in einem Datenkatalog für eine angegebene Tabelle.

AWSConfigServiceRolePolicy – Addition: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect-Kundenprofile, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon EventBridge Schemas EventBridge, Amazon Fraud Detector Amazon FinSpace, Amazon GameLift Servers, Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service für Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver,, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSync,AWS Auto Scaling,AWS Backup,AWS Budgets,AWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMakerAWS Lake Formation,AWS License Manager,AWS Resilience HubAWS Signer, und AWS Transfer Family.

AWS_ConfigRole – Addition: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect-Kundenprofile, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon EventBridge Schemas EventBridge, Amazon Fraud Detector Amazon FinSpace, Amazon GameLift Servers, Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service für Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver,, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSync,AWS Auto Scaling,AWS Backup,AWS Budgets,AWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake FormationAWS License Manager,AWS Resilience Hub,AWS Signer, und AWS Transfer Family

AWS_ConfigRole – Addition: airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Workflows for Apache Airflow AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC)AWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint AWS Identity and Access Management(IAM) GuardDuty, Amazon und Amazon Logs. CloudWatch

ConfigConformsServiceRolePolicy – Aktualisierung: config:DescribeConfigRules

Als bewährte Sicherheitsmethode entfernt diese Richtlinie nun umfassende Berechtigungen auf Ressourcenebene für config:DescribeConfigRules.

AWSConfigServiceRolePolicy – Addition: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus,,AWS Audit Manager,AWS Database Migration Service(AWS DMS)AWS Device FarmAWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2),,AWS Glue, Amazon Lightsail AWS IoT,,, Amazon Quick Suite AWS Elemental MediaPackageAWS Network ManagerAWS Resource Access Manager, Amazon Application Recovery Controller (ARC), Amazon Simple Storage Service (Amazon S3) und Amazon Timestream.

AWS_ConfigRole – Addition: APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Managed Service for Prometheus,,AWS Audit Manager,AWS Database Migration Service(AWS DMS)AWS Device FarmAWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2),,AWS Glue, Amazon Lightsail AWS IoT,,, Amazon Quick Suite AWS Elemental MediaPackageAWS Network ManagerAWS Resource Access Manager, Amazon Application Recovery Controller (ARC), Amazon Simple Storage Service (Amazon S3) und Amazon Timestream.

AWSConfigServiceRolePolicy – Addition: cloudformation:ListStackResources and cloudformation:ListStacks

Diese Richtlinie gewährt nun die Erlaubnis, Beschreibungen aller Ressourcen eines angegebenen AWS CloudFormation Stacks und die zusammenfassenden Informationen für Stacks zurückzugeben, deren Status dem angegebenen entspricht. StackStatusFilter

AWS_ConfigRole – Addition: cloudformation:ListStackResources and cloudformation:ListStacks

Diese Richtlinie gewährt nun die Erlaubnis, Beschreibungen aller Ressourcen eines angegebenen AWS CloudFormation Stacks und die zusammenfassenden Informationen für Stapel zurückzugeben, deren Status dem angegebenen entspricht. StackStatusFilter

AWSConfigServiceRolePolicy – Addition: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Certificate Manager Amazon Managed Workflows for Apache Airflow,,AWS Amplify, Amazon Keyspaces AWS AppConfig, Amazon, Amazon Connect CloudWatch, Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector EventBridge AWS Fault Injection Service, Amazon, Amazon GameLift Servers FSx, Amazon Location Service, Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite OpsWorksAWS PanoramaAWS Resource Access Manager, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition,AWS RoboMaker,AWS -Ressourcengruppen, Amazon Route 53, Amazon Simple Storage Service (Amazon S3)AWS Cloud Map, und.AWS Security Token Service

AWS_ConfigRole – Addition: acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Certificate Manager Amazon Managed Workflows for Apache Airflow,,AWS Amplify, Amazon Keyspaces AWS AppConfig, Amazon, Amazon Connect CloudWatch, Amazon Elastic Compute Cloud (Amazon EC2)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon,, Amazon Fraud Detector EventBridge AWS Fault Injection Service, Amazon, Amazon GameLift Servers FSx, Amazon Location Service, Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite OpsWorksAWS PanoramaAWS Resource Access Manager, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition,AWS RoboMaker,AWS -Ressourcengruppen, Amazon Route 53, Amazon Simple Storage Service (Amazon S3)AWS Cloud Map, und.AWS Security Token Service

AWSConfigServiceRolePolicy – Addition: Glue::GetTable

Diese Richtlinie gewährt jetzt die Berechtigung zum Abrufen der AWS Glue Tabellendefinition in einem Datenkatalog für eine angegebene Tabelle.

AWS_ConfigRole – Addition: Glue::GetTable

Diese Richtlinie gewährt nun die Berechtigung zum Abrufen der AWS Glue Tabellendefinition in einem Datenkatalog für eine angegebene Tabelle.

AWSConfigServiceRolePolicy – Addition: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect-Kundenprofile, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon EventBridge Schemas EventBridge, Amazon Fraud Detector Amazon FinSpace, Amazon GameLift Servers, Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service für Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver,, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSync,AWS Auto Scaling,AWS Backup,AWS Budgets,AWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMakerAWS Lake Formation,AWS License Manager,AWS Resilience HubAWS Signer, und AWS Transfer Family.

AWS_ConfigRole – Addition: appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon AppFlow, Amazon, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect-Kundenprofile, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon EventBridge Schemas EventBridge, Amazon Fraud Detector Amazon FinSpace, Amazon GameLift Servers, Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service für Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC)Amazon Route 53 Resolver,, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,AWS AppConfig,AWS AppSync,AWS Auto Scaling,AWS Backup,AWS Budgets,AWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake FormationAWS License Manager,AWS Resilience Hub,AWS Signer, und AWS Transfer Family

AWSConfigServiceRolePolicy – Addition: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

Diese Richtlinie gewährt nun die Erlaubnis, eine Liste von AWS DataSync Agenten, DataSync Quell- und Zielstandorten und DataSync Aufgaben in einer AWS-Konto Liste zurückzugeben, zusammenfassende Informationen über die AWS Cloud Map Namespaces und Dienste aufzulisten, die mit einem oder mehreren angegebenen Namespaces in einem verknüpft sind AWS-Konto, und alle Kontaktlisten von Amazon Simple Email Service (Amazon SES) aufzulisten, die in verfügbar sind.AWS-Konto

AWS_ConfigRole – Addition: datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists

Diese Richtlinie gewährt nun die Erlaubnis, eine Liste von AWS DataSync Agenten, DataSync Quell- und Zielstandorten und DataSync Aufgaben in einer AWS-Konto Liste zurückzugeben, zusammenfassende Informationen über die AWS Cloud Map Namespaces und Dienste aufzulisten, die mit einem oder mehreren angegebenen Namespaces in einem verknüpft sind AWS-Konto, und alle Kontaktlisten von Amazon Simple Email Service (Amazon SES) aufzulisten, die in verfügbar sind.AWS-Konto

ConfigConformsServiceRolePolicy – Addition: cloudwatch:PutMetricData

Diese Richtlinie gewährt nun die Erlaubnis, metrische Datenpunkte auf Amazon zu veröffentlichen CloudWatch.

AWSConfigServiceRolePolicy – Addition: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon ElastiCache EventBridge FSx, Amazon Managed Service für Apache Flink, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition,AWS RoboMaker, Amazon Simple Storage Service (Amazon S3), Amazon Simple Email Service (Amazon SES),,,,AWS Amplify,AWS AppConfig,AWS AppSyncAWS Billing ConductorAWS DataSync,AWS IAM Identity Center(IAM Identity Center)AWS Firewall ManagerAWS Glue, EC2 Image Builder und Elastic Load Balancing.

AWS_ConfigRole – Addition: amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon ElastiCache EventBridge FSx, Amazon Managed Service für Apache Flink, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition,AWS RoboMaker, Amazon Simple Storage Service (Amazon S3), Amazon Simple Email Service (Amazon SES),,,,AWS Amplify,AWS AppConfig,AWS AppSyncAWS Billing ConductorAWS DataSync,AWS IAM Identity Center(IAM Identity Center)AWS Firewall ManagerAWS Glue, EC2 Image Builder und Elastic Load Balancing.

AWSConfigServiceRolePolicy – Addition: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

Diese Richtlinie gewährt nun die Erlaubnis, einen bestimmten Amazon Athena Athena-Datenkatalog abzurufen, die Athena-Datenkataloge in einem aufzulisten und Tags aufzulisten AWS-Konto, die mit einer Athena-Arbeitsgruppe oder Datenkatalogressource verknüpft sind; um eine Liste von Amazon Detective-Verhaltensdiagrammen und Listen-Tags für ein Detective-Verhaltensdiagramm abzurufen; eine Liste von Ressourcenmetadaten für eine bestimmte Liste von AWS Glue Entwicklungsendpunktnamen abzurufen, Informationen über einen bestimmten AWS Glue Entwicklungsendpunkt abzurufen, alle AWS Glue Entwicklungsendpunkte in einem, abzurufen AWS-KontoAWS Glue Konfiguration, alle AWS Glue Sicherheitskonfigurationen abrufen, eine Liste der mit einer AWS Glue Ressource verknüpften Tags abrufen, Informationen über eine AWS Glue Arbeitsgruppe mit dem angegebenen Namen abrufen, die Namen aller AWS Glue Crawler-Ressourcen in einem AWS Konto abrufen, die Namen aller AWS GlueDevEndpoint Ressourcen in einem abrufen AWS-Konto, die Namen aller AWS Glue Jobressourcen in einem auflisten AWS-Konto, Details zu AWS Glue Mitgliedskonten abrufen, Namen von AWS Glue Workflows auflisten, in einem Konto erstellte Workflows auflisten und verfügbare AWS Glue Arbeitsgruppen für ein Konto auflisten; um Details zu einem GuardDuty Amazon-Filter abzurufen, einen abzurufen GuardDuty IPSet, einen abzurufen GuardDutyThreatIntelSet, GuardDuty Mitgliedskonten abzurufen, eine Filterliste abzurufen, den IPSets GuardDuty Service abzurufen, Tags für den GuardDuty Service abzurufen und den ThreatIntelSets des GuardDuty Service abzurufen; um den aktuellen Status und die Konfigurationseinstellungen für ein Amazon Macie-Konto abzurufen; um die Ressourcen- und Hauptzuordnungen für AWS Resource Access Manager(AWS RAM) Resource Shares abzurufen und Details AWS RAM zur Ressource abzurufen GuardDuty teilt; um Informationen über einen vorhandenen Konfigurationssatz von Amazon Simple Email Service (Amazon SES) abzurufen, eine Liste von Ereigniszielen abzurufen, die mit einem Amazon SES SES-Konfigurationssatz verknüpft sind, und um alle mit einem Amazon SES-Konto verknüpften Konfigurationssätze aufzurufen; und um eine Liste von Identity Center-Verzeichnisattributen abzurufen, die Details eines AWS IAM Identity Center Berechtigungssatzes abzurufen, die IAM-verwaltete Richtlinie abzurufen, die mit einem bestimmten IAM Identity Center-Berechtigungssatz verknüpft ist, den Berechtigungssatz für ein IAM abzurufen Identity Center-Instanz und Abrufen von Tags für IAM Identity Ressourcen des Zentrums.

AWS_ConfigRole – Addition: athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource

Diese Richtlinie gewährt nun die Erlaubnis, einen bestimmten Amazon Athena Athena-Datenkatalog abzurufen, die Athena-Datenkataloge in einem aufzulisten und Tags aufzulisten AWS-Konto, die mit einer Athena-Arbeitsgruppe oder Datenkatalogressource verknüpft sind; um eine Liste von Amazon Detective-Verhaltensdiagrammen und Listen-Tags für ein Detective-Verhaltensdiagramm abzurufen; eine Liste von Ressourcenmetadaten für eine bestimmte Liste von AWS Glue Entwicklungsendpunktnamen abzurufen, Informationen über einen bestimmten AWS Glue Entwicklungsendpunkt abzurufen, alle AWS Glue Entwicklungsendpunkte in einem, abzurufen AWS-KontoAWS Glue Konfiguration, alle AWS Glue Sicherheitskonfigurationen abrufen, eine Liste der mit einer AWS Glue Ressource verknüpften Tags abrufen, Informationen über eine AWS Glue Arbeitsgruppe mit dem angegebenen Namen abrufen, die Namen aller AWS Glue Crawler-Ressourcen in einem AWS Konto abrufen, die Namen aller AWS GlueDevEndpoint Ressourcen in einem abrufen AWS-Konto, die Namen aller AWS Glue Jobressourcen in einem auflisten AWS-Konto, Details zu AWS Glue Mitgliedskonten abrufen, Namen von AWS Glue Workflows auflisten, in einem Konto erstellte Workflows auflisten und verfügbare AWS Glue Arbeitsgruppen für ein Konto auflisten; um Details zu einem GuardDuty Amazon-Filter abzurufen, einen abzurufen GuardDuty IPSet, einen abzurufen GuardDutyThreatIntelSet, GuardDuty Mitgliedskonten abzurufen, eine Filterliste abzurufen, den IPSets GuardDuty Service abzurufen, Tags für den GuardDuty Service abzurufen und den ThreatIntelSets des GuardDuty Service abzurufen; um den aktuellen Status und die Konfigurationseinstellungen für ein Amazon Macie-Konto abzurufen; um die Ressourcen- und Hauptzuordnungen für AWS Resource Access Manager(AWS RAM) Resource Shares abzurufen und Details AWS RAM zur Ressource abzurufen GuardDuty teilt; um Informationen über einen vorhandenen Konfigurationssatz von Amazon Simple Email Service (Amazon SES) abzurufen, eine Liste von Ereigniszielen abzurufen, die mit einem Amazon SES SES-Konfigurationssatz verknüpft sind, und um alle mit einem Amazon SES-Konto verknüpften Konfigurationssätze aufzurufen; und um eine Liste von Identity Center-Verzeichnisattributen abzurufen, die Details eines AWS IAM Identity Center Berechtigungssatzes abzurufen, die IAM-verwaltete Richtlinie abzurufen, die mit einem bestimmten IAM Identity Center-Berechtigungssatz verknüpft ist, den Berechtigungssatz für ein IAM abzurufen Identity Center-Instanz und Abrufen von Tags für IAM Identity Ressourcen des Zentrums.

AWSConfigServiceRolePolicy – Addition: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

Diese Richtlinie gewährt nun die Berechtigung, Informationen über alle oder einen bestimmten AWS CloudTrail Event Data Store (EDS) abzurufen, Informationen über alle oder eine bestimmte AWS CloudFormation Ressource abzurufen, eine Liste einer DynamoDB Accelerator (DAX) -Parametergruppe oder Subnetzgruppe abzurufen, Informationen über AWS Database Migration Service(AWS DMS) Replikationsaufgaben für Ihr Konto in der aktuellen Region abzurufen, auf die zugegriffen wird, und eine Liste aller Richtlinien eines AWS Organizations bestimmten Typs abzurufen.

AWS_ConfigRole – Addition: cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies

Diese Richtlinie gewährt nun die Berechtigung, Informationen über alle oder einen bestimmten AWS CloudTrail Event Data Store (EDS) abzurufen, Informationen über alle oder eine bestimmte AWS CloudFormation Ressource abzurufen, eine Liste einer DynamoDB Accelerator (DAX) -Parametergruppe oder Subnetzgruppe abzurufen, Informationen über AWS Database Migration Service(AWS DMS) Replikationsaufgaben für Ihr Konto in der aktuellen Region abzurufen, auf die zugegriffen wird, und eine Liste aller Richtlinien eines AWS Organizations bestimmten Typs abzurufen.

AWSConfigServiceRolePolicy – Addition: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Backup,AWS Batch, DynamoDB Accelerator,AWS Database Migration Service, Amazon DynamoDB, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon,, FSx GuardDuty, Amazon Relational Database Service AWS Key Management ServiceAWS OpsWorks, V2 und Amazon.AWS WAF WorkSpaces

AWS_ConfigRole – Addition: backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces

Diese Richtlinie unterstützt jetzt zusätzliche Berechtigungen für AWS Backup,AWS Batch, DynamoDB Accelerator,AWS Database Migration Service, Amazon DynamoDB, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service, Amazon, Amazon,, FSx GuardDuty, Amazon Relational Database Service AWS Key Management ServiceAWS OpsWorks, V2 und Amazon.AWS WAF WorkSpaces

AWSConfigServiceRolePolicy – Addition: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

Diese Richtlinie gewährt nun die Erlaubnis, Details zu Elastic Beanstalk Beanstalk-Umgebungen und eine Beschreibung der Einstellungen für den angegebenen Elastic Beanstalk Beanstalk-Konfigurationssatz abzurufen, eine Übersicht der OpenSearch Elasticsearch-Versionen abzurufen, die verfügbaren Amazon RDS-Optionsgruppen für eine Datenbank zu beschreiben und Informationen über eine Bereitstellungskonfiguration abzurufen. CodeDeploy Diese Richtlinie gewährt jetzt auch die Erlaubnis, den angegebenen alternativen Kontakt abzurufen, der an eine angehängt ist AWS-Konto, Informationen über eine AWS Organizations Richtlinie abzurufen, eine Amazon ECR-Repository-Richtlinie abzurufen, Informationen über eine archivierte AWS Config Regel abzurufen, eine Liste von Amazon ECS-Aufgabendefinitionsfamilien abzurufen, die Stamm- oder übergeordneten Organisationseinheiten (OUs) der angegebenen untergeordneten Organisationseinheit oder des angegebenen untergeordneten Kontos aufzulisten und die Richtlinien aufzulisten, die dem angegebenen Zielstamm, der Organisationseinheit oder dem angegebenen Zielkonto zugeordnet sind.

AWS_ConfigRole – Addition: elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies

Diese Richtlinie gewährt nun die Erlaubnis, Details zu Elastic Beanstalk Beanstalk-Umgebungen und eine Beschreibung der Einstellungen für den angegebenen Elastic Beanstalk Beanstalk-Konfigurationssatz abzurufen, eine Übersicht der OpenSearch Elasticsearch-Versionen abzurufen, die verfügbaren Amazon RDS-Optionsgruppen für eine Datenbank zu beschreiben und Informationen über eine Bereitstellungskonfiguration abzurufen. CodeDeploy Diese Richtlinie gewährt jetzt auch die Erlaubnis, den angegebenen alternativen Kontakt abzurufen, der an eine angehängt ist AWS-Konto, Informationen über eine AWS Organizations Richtlinie abzurufen, eine Amazon ECR-Repository-Richtlinie abzurufen, Informationen über eine archivierte AWS Config Regel abzurufen, eine Liste von Amazon ECS-Aufgabendefinitionsfamilien abzurufen, die Stamm- oder übergeordneten Organisationseinheiten (OUs) der angegebenen untergeordneten Organisationseinheit oder des angegebenen untergeordneten Kontos aufzulisten und die Richtlinien aufzulisten, die dem angegebenen Zielstamm, der Organisationseinheit oder dem angegebenen Zielkonto zugeordnet sind.

AWSConfigServiceRolePolicy – Addition: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

Diese Richtlinie gewährt nun die Erlaubnis, CloudWatch Amazon-Protokollgruppen und -Streams zu erstellen und Protokolle in erstellte Protokollstreams zu schreiben.

AWS_ConfigRole – Addition: logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent

Diese Richtlinie gewährt nun die Erlaubnis, CloudWatch Amazon-Protokollgruppen und -Streams zu erstellen und Protokolle in erstellte Protokollstreams zu schreiben.

AWSConfigServiceRolePolicy – Addition: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

Diese Richtlinie gewährt nun die Erlaubnis, Details zu einem Amazon OpenSearch Service (OpenSearch Service) domain/domains und eine detaillierte Parameterliste für eine bestimmte Amazon Relational Database Service (Amazon RDS) DB-Parametergruppe abzurufen. Diese Richtlinie gewährt auch die Erlaubnis, Details zu ElastiCache Amazon-Snapshots abzurufen.

AWS_ConfigRole – Addition: es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots

Diese Richtlinie gewährt nun die Erlaubnis, Details zu einem Amazon OpenSearch Service (OpenSearch Service) domain/domains und eine detaillierte Parameterliste für eine bestimmte Amazon Relational Database Service (Amazon RDS) DB-Parametergruppe abzurufen. Diese Richtlinie gewährt auch die Erlaubnis, Details zu ElastiCache Amazon-Snapshots abzurufen.

AWSConfigServiceRolePolicy— Hinzufügen logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine und zusätzliche Berechtigungen für AWS Ressourcentypen

Diese Richtlinie gewährt die Berechtigung, Tags für eine Protokollgruppe, Tags für eine Zustandsmaschine und alle Zustandsmaschinen aufzulisten. Diese Richtlinie gewährt die Berechtigung zum Abrufen von Details über eine Zustandsmaschine. Diese Richtlinie unterstützt jetzt auch zusätzliche Berechtigungen für Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon, Amazon Data Firehose FSx, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon SageMaker AI, Amazon Simple Notification Service,, und.AWS Database Migration ServiceAWS Global AcceleratorAWS Storage Gateway

AWS_ConfigRole— Fügen Sie l und zusätzliche Berechtigungen für ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine Ressourcentypen hinzu AWS

Diese Richtlinie gewährt die Berechtigung, Tags für eine Protokollgruppe, Tags für eine Zustandsmaschine und alle Zustandsmaschinen aufzulisten. Diese Richtlinie gewährt die Berechtigung zum Abrufen von Details über eine Zustandsmaschine. Diese Richtlinie unterstützt jetzt auch zusätzliche Berechtigungen für Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon, Amazon Data Firehose FSx, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon SageMaker AI, Amazon Simple Notification Service,, und.AWS Database Migration ServiceAWS Global AcceleratorAWS Storage Gateway

AWSConfigServiceRolePolicy— Zusätzliche Berechtigungen für ssm:DescribeDocumentPermission Ressourcentypen hinzufügen AWS

Diese Richtlinie gewährt die Berechtigung, die Berechtigungen von AWS Systems Manager-Dokumenten und Informationen zu IAM Access Analyzer einzusehen. Diese Richtlinie unterstützt jetzt zusätzliche AWS Ressourcentypen für Amazon Kinesis, Amazon ElastiCache, Amazon EMR AWS Network Firewall, Amazon Route 53 und Amazon Relational Database Service (Amazon RDS). Diese Berechtigungsänderungen ermöglichen das Aufrufen des Nur-Lese-Modus AWS Config, der zur Unterstützung dieser Ressourcentypen APIs erforderlich ist. Diese Richtlinie unterstützt jetzt auch das Filtern von Lambda @Edge -Funktionen für die lambda-inside-vpcAWS Config verwaltete Regel.

AWS_ConfigRole— Zusätzliche Berechtigungen für AWS Ressourcentypen hinzufügen ssm:DescribeDocumentPermission

Diese Richtlinie gewährt die Berechtigung, die Berechtigungen von AWS Systems Manager-Dokumenten und Informationen zu IAM Access Analyzer einzusehen. Diese Richtlinie unterstützt jetzt zusätzliche AWS Ressourcentypen für Amazon Kinesis, Amazon ElastiCache, Amazon EMR AWS Network Firewall, Amazon Route 53 und Amazon Relational Database Service (Amazon RDS). Diese Berechtigungsänderungen ermöglichen das Aufrufen des Nur-Lese-Modus AWS Config, der zur Unterstützung dieser Ressourcentypen APIs erforderlich ist. Diese Richtlinie unterstützt jetzt auch das Filtern von Lambda @Edge -Funktionen für die lambda-inside-vpcAWS Config verwaltete Regel.

AWSConfigServiceRolePolicy— Fügen Sie die apigateway:GET Erlaubnis hinzu, schreibgeschützte GET-Aufrufe an API Gateway zu tätigen, sowie die s3:GetAccessPointPolicy Erlaubnis und s3:GetAccessPointPolicyStatus Erlaubnis, Amazon S3 schreibgeschützt aufzurufen APIs

Diese Richtlinie gewährt nun Berechtigungen, die es AWS Config ermöglichen, schreibgeschützte GET-Aufrufe an API Gateway zu tätigen, um eine AWS Config Regel für API Gateway zu unterstützen. Die Richtlinie fügt außerdem Berechtigungen hinzu, die es AWS Config ermöglichen, Amazon Simple Storage Service (Amazon S3) schreibgeschützt aufzurufen APIs, die zur Unterstützung des neuen AWS::S3::AccessPoint Ressourcentyps erforderlich sind.

AWS_CconfigRole — Fügen Sie die apigateway:GET Erlaubnis hinzu, schreibgeschützte GET-Aufrufe an API Gateway zu tätigen, sowie die s3:GetAccessPointPolicy Erlaubnis und s3:GetAccessPointPolicyStatus Erlaubnis, Amazon S3 schreibgeschützt aufzurufen APIs

Diese Richtlinie gewährt nun Berechtigungen, die es AWS Config ermöglichen, schreibgeschützte GET-Aufrufe an API Gateway zu senden, um ein AWS Config für API Gateway zu unterstützen. Die Richtlinie fügt außerdem Berechtigungen hinzu, die es AWS Config ermöglichen, Amazon Simple Storage Service (Amazon S3) schreibgeschützt aufzurufen APIs, die zur Unterstützung des neuen AWS::S3::AccessPoint Ressourcentyps erforderlich sind.

AWSConfigServiceRolePolicy— Fügen Sie ssm:ListDocuments Berechtigungen und zusätzliche Berechtigungen für Ressourcentypen hinzu AWS

Diese Richtlinie gewährt die Berechtigung zum Anzeigen von Informationen zu AWS Systems Manager-spezifizierten Dokumenten. Diese Richtlinie unterstützt jetzt auch zusätzliche AWS Ressourcentypen für AWS Backup Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis AWS Database Migration Service, Amazon SageMaker AI und Amazon Route 53. Diese Berechtigungsänderungen ermöglichen AWS Config das Aufrufen des Nur-Lese-Modus, der zur Unterstützung dieser APIs Ressourcentypen erforderlich ist.

AWS_ConfigRole— Fügen Sie ssm:ListDocuments Berechtigungen und zusätzliche Berechtigungen für Ressourcentypen hinzu AWS

Diese Richtlinie gewährt die Berechtigung zum Anzeigen von Informationen zu AWS Systems Manager-spezifizierten Dokumenten. Diese Richtlinie unterstützt jetzt auch zusätzliche AWS Ressourcentypen für AWS Backup Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis AWS Database Migration Service, Amazon SageMaker AI und Amazon Route 53. Diese Berechtigungsänderungen ermöglichen AWS Config das Aufrufen des Nur-Lese-Modus, der zur Unterstützung dieser APIs Ressourcentypen erforderlich ist.

AWSConfigRole wird nicht mehr unterstützt.

AWSConfigRole wird nicht mehr unterstützt. Die Ersatzrichtlinie lautet AWS_ConfigRole.

AWS Config hat begonnen, Änderungen zu verfolgen

AWS Config hat begonnen, Änderungen für die AWS verwalteten Richtlinien zu verfolgen.