AWSConfigServiceRolePolicy AWS_ConfigRole AWSConfigUserAccess ConfigConformsServiceRolePolicy AWSConfigRulesExecutionRole AWSConfigMultiAccountSetupPolicy AWSConfigRoleForOrganizations AWSConfigRemediationServiceRolePolicy Actualizaciones de políticas

AWS políticas gestionadas para AWS Config

Una política AWS gestionada es una política independiente creada y administrada por AWS.AWS Las políticas administradas están diseñadas para proporcionar permisos para muchos casos de uso comunes, de modo que pueda empezar a asignar permisos a usuarios, grupos y funciones.

Ten en cuenta que es posible que las políticas AWS administradas no otorguen permisos con privilegios mínimos para tus casos de uso específicos, ya que están disponibles para que los usen todos los AWS clientes. Se recomienda definir políticas administradas por el cliente específicas para sus casos de uso a fin de reducir aún más los permisos.

No puedes cambiar los permisos definidos en AWS las políticas administradas. Si AWS actualiza los permisos definidos en una política AWS administrada, la actualización afecta a todas las identidades principales (usuarios, grupos y roles) a las que está asociada la política.AWS es más probable que actualice una política AWS administrada cuando Servicio de AWS se lance una nueva o cuando estén disponibles nuevas operaciones de API para los servicios existentes.

Para obtener más información, consulte Políticas administradas por AWS en la Guía del usuario de IAM.

AWS política gestionada: AWSConfigServiceRolePolicy

AWS Config utiliza el rol vinculado al servicio denominado AWSServiceRoleForConfigpara llamar a otros AWS servicios en su nombre. Al utilizar el Consola de administración de AWS para configurarlo AWS Config, esta SLR se crea automáticamente AWS Config si selecciona la opción de utilizar la AWS Config SLR en lugar de su propia función de servicio AWS Identity and Access Management(IAM).

El SLR AWSServiceRoleForConfig contiene la política administrada AWSConfigServiceRolePolicy. Esta política gestionada contiene permisos de solo lectura y solo escritura para los recursos y permisos de solo lectura para AWS Config los recursos de otros servicios compatibles.AWS Config La política proporciona un acceso integral para monitorear y registrar los cambios de configuración en toda la AWS infraestructura, incluidos los permisos para más de 100 AWS servicios, como los servicios de computación, almacenamiento, redes, seguridad, análisis y aprendizaje automático.

La política incluye permisos para las siguientes categorías de servicios:

access-analyzer— Permite a los directores analizar los patrones de acceso y recuperar los hallazgos de seguridad.
account— Permite a los directores recuperar la información de contacto de la cuenta.
acmy acm-pca — Permite a los directores gestionar los SSL/TLS certificados y las autoridades de certificación privadas.
airflow— Permite a los directores monitorear los entornos gestionados de Apache Airflow.
amplifyy amplifyuibuilder — Permite a los directores monitorear las aplicaciones web y los componentes de la interfaz de usuario.
aoss— Permite a los directores monitorear las colecciones OpenSearch sin servidor y las configuraciones de seguridad.
app-integrations— Permite a los directores monitorear las configuraciones de integración de las aplicaciones.
appconfig— Permite a los directores monitorear las implementaciones de configuración de las aplicaciones.
appflow— Permite a los directores monitorear las configuraciones del flujo de datos entre aplicaciones.
application-autoscalingyapplication-signals: permite a los directores monitorear las políticas de autoscalamiento y las métricas de rendimiento de las aplicaciones.
appmesh— Permite a los directores monitorear las configuraciones de la malla de servicios.
apprunner— Permite a los directores monitorear las aplicaciones y servicios web en contenedores.
appstream— Permite a los directores monitorear las configuraciones de transmisión de aplicaciones.
appsync— Permite a los directores supervisar las configuraciones de la API de GraphQL.
aps— Permite a los directores monitorear las configuraciones de monitoreo de Prometheus.
apptest— Permite a los directores monitorear las configuraciones de las pruebas de las aplicaciones.
arc-zonal-shift— Permite a los directores monitorear la disponibilidad de las configuraciones de los cambios zonales.
athena— Permite a los directores monitorear las configuraciones de los motores de consultas y los catálogos de datos.
auditmanager— Permite a los directores supervisar las evaluaciones de auditoría y cumplimiento.
autoscalingy autoscaling-plans — Permite a los directores monitorear los grupos de autoescalado y los planes de escalado.
b2bi— Permite a los directores monitorear business-to-business las configuraciones de integración.
backupy backup-gateway — Permite a los directores monitorear las políticas de respaldo y las configuraciones de las puertas de enlace.
batch— Permite a los directores monitorear los entornos de computación por lotes y las colas de trabajos.
bcm-data-exports— Permite a los directores monitorear las exportaciones de datos de facturación y gestión de costos.
bedrocky bedrock-agentcore — Permite a los directores monitorear los modelos básicos y las configuraciones de los agentes de IA.
billingconductor— Permite a los directores supervisar las configuraciones de los grupos de facturación.
budgets— Permite a los directores monitorear las configuraciones y acciones del presupuesto.
cassandra— Permite a los directores consultar las configuraciones de las bases de datos gestionadas de Cassandra.
ce— Permite a los directores monitorear las configuraciones de los informes de costos y uso.
cleanroomsy cleanrooms-ml — Permite a los directores monitorear las configuraciones de colaboración de datos y aprendizaje automático.
cloud9— Permite a los directores monitorear las configuraciones del entorno de desarrollo en la nube.
cloudformation— Permite a los directores monitorear la infraestructura como configuraciones de pila de códigos.
cloudfront— Permite a los directores monitorear las configuraciones de la red de entrega de contenido.
cloudtrail— Permite a los directores monitorear las configuraciones de registro de API y registros de auditoría.
cloudwatch— Permite a los directores monitorear las métricas, las alarmas y las configuraciones del panel de control.
codeartifact— Permite a los directores monitorear las configuraciones de los repositorios de paquetes de software.
codebuild— Permite a los directores monitorear las configuraciones del proyecto de construcción.
codecommit— Permite a los directores monitorear las configuraciones del repositorio de código fuente.
codeconnections— Permite a los directores monitorear las conexiones de fuentes de terceros.
codedeploy— Permite a los directores monitorear las configuraciones de implementación de las aplicaciones.
codeguru-profilery codeguru-reviewer — Permite a los directores monitorear las configuraciones de análisis de código y creación de perfiles.
codepipeline— Permite a los directores monitorear las configuraciones continuas de los procesos de integración y despliegue.
codestar-connections— Permite a los directores monitorear las conexiones entre las herramientas de los desarrolladores.
cognito-identityy cognito-idp — Permite a los directores monitorear la identidad y las configuraciones del grupo de usuarios.
comprehend— Permite a los directores monitorear las configuraciones de procesamiento del lenguaje natural.
config— Permite a los directores gestionar el registro de la configuración y la supervisión del cumplimiento.
connect— Permite a los directores monitorear las configuraciones del centro de contacto.

Para obtener más información sobre los tipos de recursos compatibles, consulte Tipos de recursos compatibles para AWS Config yUso de funciones vinculadas a servicios para AWS Config.

Para ver más detalles sobre la política, incluyendo la última versión del documento de política JSON, consulte AWSConfigServiceRolePolicy en la Guía de referencia de políticas administradas de AWS.

Recomendación: Utilice el rol vinculado al servicio

Es recomendable utilizar el rol vinculado a servicios a menos que tenga un caso de uso concreto. Un rol vinculado a un servicio añade todos los permisos necesarios para que AWS Config se ejecute según lo esperado. Algunas características, como los registradores de configuración vinculados con servicios, requieren el uso del rol vinculado a servicios.

AWS política gestionada: AWS_ConfigRole

Para registrar las configuraciones AWS de sus recursos,AWS Config necesita permisos de IAM para obtener los detalles de configuración de sus recursos. Si desea crear un rol de IAM para AWS Config, puede utilizar la política administrada AWS_ConfigRole y asociarla a su rol de IAM.

Esta política de IAM se actualiza cada vez que AWS Config añade compatibilidad con un tipo de AWS recurso. Esto significa que AWS Config seguirá teniendo los permisos necesarios para registrar los datos de configuración de los tipos de recursos compatibles siempre que la función AWS_COnFigrole tenga asociada esta política gestionada. La política proporciona un acceso integral para monitorear y registrar los cambios de configuración en toda la AWS infraestructura, incluidos los permisos para más de 100 AWS servicios, como los servicios de computación, almacenamiento, redes, seguridad, análisis y aprendizaje automático. Para obtener más información, consulte Tipos de recursos compatibles para AWS Config y Permisos para el rol de IAM asignado a AWS Config.

Para ver más detalles sobre la política, incluida la última versión del documento de política de JSON, consulte AWS_COnFigrole en la Guía de referencia de políticas AWS gestionadas.

AWS política gestionada: AWSConfigUserAccess

Esta política de IAM proporciona acceso al uso AWS Config, incluida la búsqueda por etiquetas en los recursos y la lectura de todas las etiquetas. Esto no proporciona permiso de configuración AWS Config, lo que requiere privilegios administrativos.

Consulte la política: AWSConfigUserAccess.

AWS política gestionada: ConfigConformsServiceRolePolicy

Para implementar y administrar los paquetes de conformidad, se AWS Config requieren permisos de IAM y ciertos permisos de otros AWS servicios. Estos le permiten implementar y gestionar los paquetes de conformidad con todas las funciones y se actualizan cada vez que se AWS Config añaden nuevas funciones a los paquetes de conformidad. Para obtener más información sobre los paquetes de conformidad, consulte Paquetes de conformidad.

Consulte la política: ConfigConformsServiceRolePolicy.

AWS política gestionada: AWSConfigRulesExecutionRole

Para implementar reglas Lambda AWS personalizadas, se AWS Config requieren permisos de IAM y ciertos permisos de otros servicios.AWS Permiten que AWS Lambda las funciones accedan a la AWS Config API y a las instantáneas de configuración que AWS Config se envían periódicamente a Amazon S3. Este acceso lo requieren las funciones que evalúan los cambios de configuración de las reglas Lambda AWS personalizadas y se actualiza cada vez que se AWS Config agrega una nueva funcionalidad. Para obtener más información sobre las reglas Lambda AWS personalizadas, consulte Creación de reglas AWS Config Lambda personalizadas. Para obtener más información sobre las instantáneas de configuración, consulte Conceptos | Instantánea de configuración. Para obtener más información sobre la entrega de instantáneas de configuración, consulte Administrar el canal de entrega.

Consulte la política: AWSConfigRulesExecutionRole.

AWS política gestionada: AWSConfigMultiAccountSetupPolicy

Para implementar, actualizar y eliminar de forma centralizada AWS Config las reglas y los paquetes de conformidad en las cuentas de los miembros de una organización AWS Organizations, se AWS Config requieren permisos de IAM y ciertos permisos de otros AWS servicios. Esta política administrada se actualiza cada vez que AWS Config añade nuevas funciones a la configuración de varias cuentas. Para obtener más información, consulte Administrar AWS Config las reglas en todas las cuentas de su organización y Administrar los paquetes de conformidad en todas las cuentas de su organización.

Consulte la política: AWSConfigMultiAccountSetupPolicy.

AWS política gestionada: AWSConfigRoleForOrganizations

AWS Config Para permitir las llamadas de solo lectura AWS Organizations APIs,AWS Config requiere permisos de IAM y algunos permisos de otros servicios.AWS Esta política administrada se actualiza cada vez que AWS Config añade nuevas funciones a la configuración de varias cuentas. Para obtener más información, consulte Administrar AWS Config las reglas en todas las cuentas de su organización y Administrar los paquetes de conformidad en todas las cuentas de su organización.

Consulte la política: AWSConfigRoleForOrganizations.

Política administrada de AWS: AWSConfigRemediationServiceRolePolicy

Para poder AWS Config corregir NON_COMPLIANT los recursos en su nombre,AWS Config necesita permisos de IAM y algunos permisos de otros servicios.AWS Esta política gestionada se actualiza cada vez que se AWS Config añade una nueva funcionalidad de corrección. Para obtener más información sobre la corrección, consulte Remediar recursos no conformes con reglas.AWS Config Para obtener más información sobre las condiciones que originan los posibles resultados de la AWS Config evaluación, consulte Conceptos | Reglas.AWS Config

Consulte la política: AWSConfigRemediationServiceRolePolicy.

AWS Config actualizaciones de las políticas AWS gestionadas

Consulte los detalles sobre las actualizaciones de las políticas AWS administradas AWS Config desde que este servicio comenzó a realizar el seguimiento de estos cambios. Para recibir alertas automáticas sobre los cambios en esta página, suscríbase a la fuente RSS de la página del historial del AWS Config documento.

Cambio	Descripción	Fecha
AWS_ConfigRole— añada «lightsailGetActiveNames»: «lightsail»: «s3:GetOperations» GetBucketAbac	Esta política ahora admite permisos adicionales para Amazon Lightsail y Amazon Simple Storage Service (Amazon S3).	20 de noviembre de 2025
AWSConfigServiceRolePolicy— añada «lightsailGetActiveNames»: «lightsail»: «s3:GetOperations» GetBucketAbac	Esta política ahora admite permisos adicionales para Amazon Lightsail y Amazon Simple Storage Service (Amazon S3).	20 de noviembre de 2025
AWSConfigServiceRolePolicy— Política gestionada actualizada con permisos integrales para el registro de la configuración de AWS recursos en más de 100 AWS servicios, incluidos los servicios de computación, almacenamiento, redes, seguridad, análisis y aprendizaje automático.	Esta política ahora proporciona una documentación mejorada de los permisos de los servicios y permite una supervisión integral de todos los AWS servicios que AWS Config permiten el registro de la configuración.	11 de noviembre de 2025
AWS_ConfigRole— Política gestionada actualizada con permisos integrales para el registro de la configuración de AWS recursos en varios servicios AWS Identity and Access Management, incluidos Amazon Elastic Compute Cloud, Amazon Simple Storage Service y Amazon Relational Database Service y muchos otros.AWS Lambda	Esta política ahora admite permisos adicionales para la configuración, el registro y la supervisión integrales de los AWS recursos en todos los AWS servicios compatibles.	10 de noviembre de 2025
AWS_ConfigRole— añadir «amplify:GetDomainAssociation» «amplify:ListDomainAssociations» «appsync:ListTagsForResource» appsync: GetSourceApiAssociation «bedrock:ListSourceApiAssociations» bedrock: GetFlow «bedrock:ListAgentCollaborators» bedrock: ListFlows «cloudTrail:ListPrompts» cloudformation:GetResourcePolicy» codeartifact: DescribePublisher «codeartifact:DescribePackageGroup» codeartifact: «codeartifact:ListAllowedRepositoriesForGroup» codepipeline: ListPackageGroups «codepipeline:ListActionTypes» «codepipeline:ListTagsForResource» «connect:ListWebhooks» connect: DescribeTrafficDistributionGroup "«fecha límite:ListTrafficDistributionGroups" «ec2:ListFarms" «ec2:GetTransitGatewayRouteTablePropagations» ec2: SearchLocalGatewayRoutes SearchTransitGatewayMulticastGroups«entityresolution:GetMatchingWorkflow" «entityresolution:ListMatchingWorkflows" «iotsitewise:ListAssetModelCompositeModels" «iotsitewise:ListAssetModelProperties" «iotsitewise:ListAssetProperties" «iotsitewise: ListAssociatedAssetsListPublicKeys" «ivs:GetProvisionedConcurrencyConfig» lambda: GetRuntimeManagementConfig «lambda:ListFunctionEventInvokeConfigs» lambda: «lambda:ListFunctionUrlConfigs» «pipes:DescribePipe» «pipes:ListPipes» quicksight: DescribeRefreshSchedule «redshift-serverless:ListSnapshotCopyConfigurations" «shift: «roles en cualquier lugar:GetResourcePolicy» «roles en cualquier lugar:ListCrls» «sagemaker:DescribeApp» «sagemaker:DescribeUserProfile» «sagemaker: ListRefreshSchedules GetCrl ListApps««sagemaker:ListModelPackages» «sagemaker:ListUserProfiles» «secretsmanager:GetResourcePolicy» «securitylake:ListSubscribers» «securitylake:ListTagsForResource» «catálogo de servicios:DescribeServiceAction» «catálogo de servicios:ListApplications» «escudo:» «ssm-incidentes:ListAssociatedResources» «ssm-incidentes:ListTagsForResource» «ssm:GetReplicationSet» «ssm:» «ssm:ListReplicationSets» «ssm:DescribeAssociation» «ssm:DescribePatchBaselines» ssm: GetDefaultPatchBaseline «ssm:GetPatchBaseline» ssm: GetResourcePolicies «ssm:ListAssociations» sm: "«ssm:ListResourceDataSync" «wafv2:ListLoggingConfigurations" «bedrock-agentcore:ListCodeInterpreters" «bedrock-agentcore:GetCodeInterpreter» bedrock ListProtectionGroups - núcleo de agente: ListBrowsers «núcleo de agente de roca madre:GetBrowser» «núcleo de agente de roca madre: ListAgentRuntimesGetAgentRuntime» «núcleo de agente de roca madre:» ListAgentRuntimeEndpoints «núcleo de agente de roca madre:GetAgentRuntimeEndpoint»	Esta política ahora admite permisos adicionales para AWS AmplifyAWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifactAWS CodePipeline, Amazon Connect, Amazon AWS Deadline Cloud, EC2 AWS Entity Resolution, Amazon IVS AWS IoT SiteWise, Amazon,AWS Lambda EventBridge Amazon Quick Suite, Amazon Redshift, Amazon Redshift Serverless AWS Identity and Access Management Roles Anywhere, Amazon, SageMaker Amazon Security Lake AWS Secrets ManagerAWS Service Catalog,AWS Shield Amazon EC2 Systems Manager y.AWS WAFV2	1 de octubre de 2025
AWSConfigServiceRolePolicy— añadir «amplify:GetDomainAssociation» «amplify:ListDomainAssociations» «appsync:ListTagsForResource» appsync: GetSourceApiAssociation «bedrock:ListSourceApiAssociations» bedrock: GetFlow «bedrock:ListAgentCollaborators» bedrock: ListFlows «cloudTrail:ListPrompts» cloudformation:GetResourcePolicy» codeartifact: DescribePublisher «codeartifact:DescribePackageGroup» codeartifact: ListAllowedRepositoriesForGroup «codeartifact:ListPackageGroups" «codepipeline:ListActionTypes" «codepipeline:ListTagsForResource" «codepipeline:ListWebhooks" «connect:DescribeTrafficDistributionGroup" connect: ListTrafficDistributionGroups "«fecha límite:ListFarms" «ec2:GetTransitGatewayRouteTablePropagations" «ec2:SearchLocalGatewayRoutes» ec2: SearchTransitGatewayMulticastGroups«entityresolution:GetMatchingWorkflow" «entityresolution:ListMatchingWorkflows" «iotsitewise:ListAssetModelCompositeModels" «iotsitewise:ListAssetModelProperties" «iotsitewise:ListAssetProperties" «iotsitewise: ListAssociatedAssetsListPublicKeys" «ivs:GetProvisionedConcurrencyConfig» lambda: GetRuntimeManagementConfig «lambda:ListFunctionEventInvokeConfigs» lambda: «lambda:ListFunctionUrlConfigs» «pipes:DescribePipe» «pipes:ListPipes» quicksight: DescribeRefreshSchedule «redshift-serverless:ListSnapshotCopyConfigurations" «shift: «roles en cualquier lugar:GetResourcePolicy» «roles en cualquier lugar:ListCrls» «sagemaker:DescribeApp» «sagemaker:DescribeUserProfile» «sagemaker: ListRefreshSchedules GetCrl ListApps««sagemaker:ListModelPackages» «sagemaker:ListUserProfiles» «secretsmanager:GetResourcePolicy» «securitylake:ListSubscribers» «securitylake:ListTagsForResource» «catálogo de servicios:DescribeServiceAction» «catálogo de servicios:ListApplications» «escudo:» «ssm-incidentes:ListAssociatedResources» «ssm-incidentes:ListTagsForResource» «ssm:GetReplicationSet» «ssm:» «ssm:ListReplicationSets» «ssm:DescribeAssociation» «ssm:DescribePatchBaselines» ssm: GetDefaultPatchBaseline «ssm:GetPatchBaseline» ssm: GetResourcePolicies «ssm:ListAssociations» sm: "«ssm:ListResourceDataSync" «wafv2:ListLoggingConfigurations" «bedrock-agentcore:ListCodeInterpreters" «bedrock-agentcore:GetCodeInterpreter» bedrock ListProtectionGroups - núcleo de agente: ListBrowsers «núcleo de agente de roca madre:GetBrowser» «núcleo de agente de roca madre: ListAgentRuntimesGetAgentRuntime» «núcleo de agente de roca madre:» ListAgentRuntimeEndpoints «núcleo de agente de roca madre:GetAgentRuntimeEndpoint»	Esta política ahora admite permisos adicionales para AWS AmplifyAWS AppSync, Amazon Bedrock,AWS CloudTrail,CloudFormation,AWS CodeArtifactAWS CodePipeline, Amazon Connect, Amazon AWS Deadline Cloud, EC2 AWS Entity Resolution, Amazon IVS AWS IoT SiteWise, Amazon,AWS Lambda EventBridge Amazon Quick Suite, Amazon Redshift, Amazon Redshift Serverless AWS Identity and Access Management Roles Anywhere, Amazon, SageMaker Amazon Security Lake AWS Secrets ManagerAWS Service Catalog,AWS Shield Amazon EC2 Systems Manager y.AWS WAFV2	1 de octubre de 2025
AWS_ConfigRole— Añade «arc-zonal-shift: GetAutoshiftObserverNotificationStatus «, «bedrock: GetModelInvocationLoggingConfiguration «, «cloudtrail: GetEventConfiguration «, «codeartifact: DescribeDomain «, GetDomainPermissionsPolicy «codeartifact: «, GetFleet «deadline: GetQueueFleetAssociation «, «deadline: ListFleets «, «deadline: ListQueueFleetAssociations «, «deadline: ListTagsForResource «, «dms: DescribeDataMigrations «, «dms: ListMigrationProjects «, GetDataCatalogEncryptionSettings «glue: «, «kafkaconnect: DescribeCustomPlugin «, DescribeWorkerConfiguration «kafkaconnect: «, ListCustomPlugins «kafkaconnect: «, ListTagsForResource «kafkaconnect: ListWorkerConfigurations «, «lake formation: DescribeLakeFormationIdentityCenterConfiguration «, «medialive: DescribeMultiplexProgram «, «medialive: ListMultiplexPrograms«, «mediapackage v2: GetChannelGroup «, «mediapackage v2: ListChannelGroups «, «rds: «, DescribeEngineDefaultParameters «roles en cualquier parte: GetProfile «, «roles en cualquier parte: GetTrustAnchor «, «roles en cualquier parte: ListProfiles «, «roles en cualquier parte: ListTagsForResource «, «s3: ListTrustAnchors «, «s3: GetAccessGrant «, «administrador de secretos: ListAccessGrants «, «security lake: DescribeSecret «, «security lake: ListDataLakeExceptions «, «security lake: ListDataLakes «, «security lake: ListLogSources «, «security lake: GetAttributeGroup «: «, «catálogo de servicios: ListAttributeGroups «, «catálogo de servicios: ListServiceActions «, «catálogo de servicios: ListServiceActionsForProvisioningArtifact «, «catálogo de servicios: GetTrafficPolicy «, «ses: ListTagsForResource «,» ver: ListTrafficPolicies «, «radiografía: GetGroup «, GetGroups «radiografía: «, GetSamplingRules «radiografía: ListResourcePolicies «, «radiografía:ListTagsForResource»	Esta política ahora admite permisos adicionales para Amazon Bedrock AWS ARC - Zonal Shift,,,,AWS CloudTrail,AWS CodeArtifactAWS Deadline CloudAWS Database Migration ServiceAWS GlueAWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka Kafka AWS Lake Formation, CloudWatch Amazon Logs AWS Elemental MediaLive,AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service AWS Secrets Manager, Amazon Security Lake AWS Service Catalog, Amazon Simple Email Service y.AWS X-Ray	28 de julio de 2025
AWSConfigServiceRolePolicy – Add "arc-zonal-shift: GetAutoshiftObserverNotificationStatus «, «bedrock: «, «cloudtrail: GetModelInvocationLoggingConfiguration «, «codeartifact: GetEventConfiguration «, «codeartifact: «, «deadline: DescribeDomain «, «deadline: «, «deadline: «, «deadline: GetDomainPermissionsPolicy «, «deadline: «, GetFleet «dms: «, «dms: GetQueueFleetAssociation «, «glue: «, ListFleets «iam: «, «kafkaconnect: ListQueueFleetAssociations «, kafkaconnect: ListTagsForResource «, kafkaconnect: «, kafkaconnect: DescribeDataMigrations «, kafkaconnect: ListMigrationProjects «, kafkaconnect: «, kafkaconnect: GetDataCatalogEncryptionSettings «, kafkaconnect: «, kafkaconnect: ListPolicies «, kafkaconnect: DescribeCustomPlugin «, kafkaconnect: «, kafkaconnect: DescribeWorkerConfiguration «, kafkaconnect: «, kafkaconnect: ListCustomPlugins «, kafkaconnect: «, kafkaconnect: ListTagsForResource «, kafkaconnect: «, kafkaconnect: ListWorkerConfigurations «, kafkaconnect: connect: «, «kafkaconnect: DescribeLakeFormationIdentityCenterConfiguration «, «kafkaconnect: DescribeIndexPolicies «, «lakeformation: ListTagsForResource «, «registros: «, «medialive: DescribeMultiplexProgram«, «medialive: ListMultiplexPrograms «, «media package v2: GetChannelGroup «, «media package v2: «, «rds: ListChannelGroups «, «roles en cualquier parte: «, GetProfile «roles en cualquier parte: GetTrustAnchor «, «roles en cualquier parte: ListProfiles «, «roles en cualquier parte: ListTagsForResource «, «roles en cualquier lugar: ListTrustAnchors «, GetAccessGrant «s3: «, ListAccessGrants «s3: «, DescribeSecret «administrador de secretos: ListDataLakeExceptions «, «security lake: ListDataLakes «, «security lake»: ListLogSources «, «securitylake: GetAttributeGroup «, «servicecatalog: «, ListAttributeGroups «servicecatalog: «, «servicecatalog: ListServiceActions «, «servicecatalog: ListServiceActionsForProvisioningArtifact «, «ses: DescribeEngineDefaultParameters GetTrafficPolicy «, «ses: ListTagsForResource «, «ses: ListTrafficPolicies «, «xray: GetGroup «, GetGroups «xray: «, GetSamplingRules «xray: ListResourcePolicies «, «xray: ListTagsForResource «, «xray: «, «arn:aws:apiGateway: ::/account», «arn:aws:apigateway: ::apigateway: ::/usageplans/».	Esta política ahora admite permisos adicionales para Amazon Bedrock AWS ARC - Zonal Shift,,,,AWS CloudTrail,AWS CodeArtifactAWS Deadline CloudAWS Database Migration ServiceAWS GlueAWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka Kafka AWS Lake Formation, CloudWatch Amazon Logs AWS Elemental MediaLive,AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service AWS Secrets Manager, Amazon Security Lake AWS Service Catalog, Amazon Simple Email AWS X-Ray Service y Amazon API Gateway.	28 de julio de 2025
AWSConfigServiceRolePolicy— Añada «backup-gateway: GetHypervisor «, ListHypervisors «backup-gatewaybcm-data-exports: GetExport «,"bcm-data-exports: ListExports «,"bcm-data-exports: ListTagsForResource «, «roca madre: GetAgent «, GetAgentActionGroup «roca madre: «, GetAgentKnowledgeBase «roca madre: GetDataSource «, «roca madre: GetFlowAlias «, «roca madre: GetFlowVersion «, «roca madre: ListAgentActionGroups «, ListAgentKnowledgeBases «roca madre: «, ListDataSources «roca madre: «, ListFlowAliases «roca madre: ListFlowVersions «, «formación de nubes: BatchDescribeTypeConfigurations «, «formación de nubes: «, DescribeStackSet «formación de nubes: ListStackInstances «,» DescribeStackInstance cloudformation: ListStackSets «, «cloudfront: GetPublicKey «, «cloudfront: GetRealtimeLogConfig «, ListPublicKeys «cloudfront: «, ListRealtimeLogConfigs «cloudfront: «, GetIdMappingWorkflow «resolución de entidad: GetSchemaMapping «, «resolución de entidad: ListIdMappingWorkflows «, «resolución de entidad: ListSchemaMappings «, «resolución de entidad: ListTagsForResource «, «iotdeviceadvisor: GetSuiteDefinition «, «iotdeviceadvisor: ListSuiteDefinitions «, GetEventSourceMapping «lambda: «, ListEventSourceMappings «lambda: «, «paquete multimedia v2: GetChannel «, «paquete multimedia v2: ListChannels «, «administrador de red: GetTransitGatewayPeering «, ListPeerings «administrador de redpca-connector-ad: GetDirectoryRegistration «,» pca-connector-ad: ListDirectoryRegistrations «,"pca-connector-ad: ListTagsForResource «, «rds:Describe DBShard grupos», DescribeIntegrations «rds: «, DescribeIntegrations «redshift: «, GetTableBucket «s3tables: GetTableBucketEncryption «, «s3tables: GetTableBucketMaintenanceConfiguration «, «s3tables: ListTableBuckets «, «s3tables: GetConfigurationManager «, «ssm-quicksetup:ListConfigurationManagers»	Esta política ahora admite permisos adicionales para Amazon Bedrock AWS Backup gatewayAdministración de facturación y costos de AWS, Amazon,,AWS CloudFormation,, CloudFront,AWS Entity ResolutionAWS IoT Core Device AdvisorAWS LambdaAWS Network Manager, Amazon Relational Database Service AWS Private Certificate Authority, Amazon Redshift, Amazon S3 Tables,.Quick Setup de AWS Systems Manager	18 de junio de 2025
AWS_ConfigRole— Añada «backup-gateway: GetHypervisor «, ListHypervisors «backup-gatewaybcm-data-exports: GetExport «,"bcm-data-exports: ListExports «,"bcm-data-exports: ListTagsForResource «, «roca madre: GetAgent «, GetAgentActionGroup «roca madre: «, GetAgentKnowledgeBase «roca madre: GetDataSource «, «roca madre: GetFlowAlias «, «roca madre: GetFlowVersion «, «roca madre: ListAgentActionGroups «, ListAgentKnowledgeBases «roca madre: «, ListDataSources «roca madre: «, ListFlowAliases «roca madre: ListFlowVersions «, «formación de nubes: BatchDescribeTypeConfigurations «, «formación de nubes: «, DescribeStackSet «formación de nubes: ListStackInstances «,» DescribeStackInstance cloudformation: ListStackSets «, «cloudfront: GetPublicKey «, «cloudfront: GetRealtimeLogConfig «, «cloudfront: ListPublicKeys «, «cloudfront: ListRealtimeLogConfigs «, «resolución de entidad: GetIdMappingWorkflow «, GetSchemaMapping «resolución de entidad: «, ListIdMappingWorkflows «resolución de entidad: «, ListSchemaMappings «resolución de entidad: «, ListTagsForResource «iotdeviceadvisor: GetSuiteDefinition «, «iotdeviceadvisor: ListSuiteDefinitions «, «lambda: GetEventSourceMapping «, «lambda: ListEventSourceMappings «, «administrador de red: GetTransitGatewayPeering «, «administrador de redpca-connector-ad: GetDirectoryRegistration «,"pca-connector-ad: ListDirectoryRegistrations «,"pca-connector-ad: ListTagsForResource «, «rds: ListPeerings Describa DBShard los grupos», DescribeIntegrations «rds: «, DescribeIntegrations «redshift: «, GetTableBucket «s3tables: «, GetTableBucketEncryption «s3tables: GetTableBucketMaintenanceConfiguration «, «s3tables: ListTableBuckets «, «sm-quicksetup:», GetConfigurationManager «ssm-quicksetup:ListConfigurationManagers»	Esta política ahora admite permisos adicionales para Amazon Bedrock AWS Backup gatewayAdministración de facturación y costos de AWS, Amazon,,AWS CloudFormation,, CloudFront,AWS Entity ResolutionAWS IoT Core Device AdvisorAWS LambdaAWS Network Manager, Amazon Relational Database Service AWS Private Certificate Authority, Amazon Redshift, Amazon S3 Tables,.Quick Setup de AWS Systems Manager	18 de junio de 2025
AWS_ConfigRole: añadir "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Bedrock.	27 de mayo de 2025
AWSConfigServiceRolePolicy: añadir "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetKnowledgeBase", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListKnowledgeBases", "bedrock:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Bedrock.	27 de mayo de 2025
AWS_ConfigRole: añadir "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"	Esta política ahora admite permisos adicionales para Amazon Bedrock Intercambio de datos de AWS B2B,,,AWS Database Migration Service(AWS DMS)AWS Clean RoomsAWS CodeConnections, Amazon CloudWatch Logs AWS Direct Connect, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3) Simple Storage Service (Amazon S3), SageMaker Amazon AI AWS Security Hub CSPM y Contacts y.Administrador de incidentes de AWS Systems ManagerAdministrador de incidentes de AWS Systems ManagerAWS Systems Manager	8 de abril de 2025
AWSConfigServiceRolePolicy: añadir "b2bi:GetPartnership", "b2bi:GetProfile", "b2bi:ListPartnerships", "b2bi:ListProfiles", "bedrock:ListAgents", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "codeconnections:GetConnection", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "directconnect:DescribeConnections", "dms:DescribeReplicationConfigs", "logs:DescribeAccountPolicies", "logs:DescribeResourcePolicies", "macie2:ListAutomatedDiscoveryAccounts", "managedblockchain:GetAccessor", "managedblockchain:ListAccessors", "qbusiness:GetApplication", "qbusiness:ListApplications", "qbusiness:ListTagsForResource", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "sagemaker:DescribeCluster", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeStudioLifecycleConfig", "sagemaker:ListClusters", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListStudioLifecycleConfigs", "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm:DescribeInstanceInformation"	Esta política ahora admite permisos adicionales para Amazon Bedrock Intercambio de datos de AWS B2B,,,AWS Database Migration Service(AWS DMS)AWS Clean RoomsAWS CodeConnections, Amazon CloudWatch Logs AWS Direct Connect, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3) Simple Storage Service (Amazon S3), SageMaker Amazon AI AWS Security Hub CSPM y Contacts y.Administrador de incidentes de AWS Systems ManagerAdministrador de incidentes de AWS Systems ManagerAWS Systems Manager Esta política ahora también admite el permiso de acceso a todos los nombres de dominio de Amazon API Gateway al incluir el patrón de recursos “`arn:aws:apigateway:::/domainnames/`”.	8 de abril de 2025
AWS_ConfigRole: añadir "ec2:GetAllowedImagesSettings"	Esta política ahora admite permisos adicionales para Amazon Elastic Compute Cloud (Amazon EC2).	4 de marzo de 2025
AWSConfigServiceRolePolicy: añadir "ec2:GetAllowedImagesSettings"	Esta política ahora admite permisos adicionales para Amazon Elastic Compute Cloud (Amazon EC2).	4 de marzo de 2025
AWS_ConfigRole: añadir "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"	Esta política ahora admite permisos adicionales para Amazon Comprehend AWS Clean Rooms, Amazon Elastic Compute Cloud (Amazon EC2),AWS HealthOmics Amazon Simple Storage Service (Amazon S3) y Amazon Simple Email Service (Amazon SES).	16 de enero de 2025
AWSConfigServiceRolePolicy: añadir "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "ec2:GetSnapshotBlockPublicAccessState", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", and "ses:ListDedicatedIpPools"	Esta política ahora admite permisos adicionales para Amazon Comprehend AWS Clean Rooms, Amazon Elastic Compute Cloud (Amazon EC2),AWS HealthOmics Amazon Simple Storage Service (Amazon S3) y Amazon Simple Email Service (Amazon SES).	16 de enero de 2025
AWSConfigServiceRolePolicy: añadir "organizations:ListAWSServiceAccessForOrganization"	Esta política ahora admite permisos adicionales para AWS Organizations.	18 de diciembre de 2024
AWS_ConfigRole: añadir "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"	Esta política ahora admite permisos adicionales para Amazon Connect AWS AppConfig, Amazon AWS CloudTrail, Amazon DevOps Guru, Identity Store DataZone,,AWS Glue, Amazon Interactive Video Service (Amazon IVS)AWS IoTAWS IoT FleetWiseAWS IoT Wireless, Amazon Logs, Amazon Observability Access AWS Payment Cryptography Manager, CloudWatch Amazon Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3)) Simple Storage S3), Amazon Scheduler y Amazon VPC Lattice. EventBridge AWS Systems Manager	7 de noviembre de 2024
AWSConfigServiceRolePolicy: añadir "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets"	Esta política ahora admite permisos adicionales para Amazon Connect AWS AppConfig, Amazon AWS CloudTrail, Amazon DevOps Guru, Identity Store DataZone,,AWS Glue, Amazon Interactive Video Service (Amazon IVS)AWS IoTAWS IoT FleetWiseAWS IoT Wireless, Amazon Logs, Amazon Observability Access AWS Payment Cryptography Manager, CloudWatch Amazon Relational Database Service ( CloudWatch Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3)) Simple Storage S3), Amazon Scheduler y Amazon VPC Lattice. EventBridge AWS Systems Manager	7 de noviembre de 2024
AWS_ConfigRole: añadir "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"	Esta política ahora admite permisos adicionales para Amazon OpenSearch Service Severless, Amazon, AppStream,AWS Backup,AWS CloudTrailAWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon IVS),,AWS Elemental MediaConnectAWS Elemental MediaTailor,AWS HealthOmics y Amazon Scheduler. EventBridge	16 de septiembre de 2024
AWSConfigServiceRolePolicy: añadir "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules"	Esta política ahora admite permisos adicionales para Amazon OpenSearch Service Severless, Amazon, AppStream,AWS Backup,AWS CloudTrailAWS Glue, EC2 Image Builder AWS IoT, Amazon Interactive Video Service (Amazon IVS),,AWS Elemental MediaConnectAWS Elemental MediaTailor,AWS HealthOmics y Amazon Scheduler. EventBridge	16 de septiembre de 2024
AWS_ConfigRole: añadir "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Elastic File System (Amazon EFS), Amazon Redshift y.AWS Systems Manager para SAP	17 de junio de 2024
AWSConfigServiceRolePolicy: añadir "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Elastic File System (Amazon EFS), Amazon Redshift y.AWS Systems Manager para SAP	17 de junio de 2024
AWS_ConfigRole: añadir "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"	Esta política ahora admite permisos adicionales para Amazon Managed Service para Prometheus, CloudWatch Amazon, Amazon Cognito, Amazon, ElastiCache Amazon, (IAM)AWS Identity and Access Management,, FSx AWS Glue Amazon Redshift Serverless AWS LambdaAWS RAM, Amazon AI y Amazon Simple Notification Service ( SageMaker Amazon SNS).	22 de febrero de 2024
AWSConfigServiceRolePolicy: añadir "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus"	Esta política ahora admite permisos adicionales para Amazon Managed Service para Prometheus, CloudWatch Amazon, Amazon Cognito, Amazon, ElastiCache Amazon, (IAM)AWS Identity and Access Management,, FSx AWS Glue Amazon Redshift Serverless AWS LambdaAWS RAM, Amazon AI y Amazon Simple Notification Service ( SageMaker Amazon SNS).	22 de febrero de 2024
AWSConfigUserAccess—AWS Config comienza a realizar un seguimiento de los cambios de esta política gestionada AWS	Esta política proporciona acceso al uso AWS Config, incluida la búsqueda por etiquetas en los recursos y la lectura de todas las etiquetas. Esto no proporciona permiso de configuración AWS Config, lo que requiere privilegios administrativos.	22 de febrero de 2024
AWS_ConfigRole: añadir "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"	Esta política ahora admite permisos adicionales para AWS AppConfig Amazon Managed Service for Prometheus AWS Database Migration Service,AWS DMS(), () IAM, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management(Amazon MSK)AWS Organizations, Amazon Logs y CloudWatch Amazon Simple Storage Service (Amazon S3).	5 de diciembre de 2023
AWSConfigServiceRolePolicy: añadir "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets"	Esta política ahora admite permisos adicionales para AWS AppConfig Amazon Managed Service for Prometheus AWS Database Migration Service,AWS DMS(), () IAM, Amazon Managed Streaming for Apache Kafka AWS Identity and Access Management(Amazon MSK)AWS Organizations, Amazon Logs y CloudWatch Amazon Simple Storage Service (Amazon S3).	5 de diciembre de 2023
AWS_ConfigRole: añadir "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"	Esta política ahora admite permisos adicionales para Amazon Cognito, Amazon Connect, Amazon EMR, Amazon MemoryDB AWS Ground Station,AWS Mainframe Modernization Amazon Quick Suite AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53 y.AWS Service CatalogAWS Transfer Family	17 de noviembre de 2023
AWS_ConfigRole: añadir "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"	Esta política ahora añade identificadores de seguridad (SID) para `AWSConfigServiceRolePolicyStatementID`, `AWSConfigSLRLogStatementID`, `AWSConfigSLRLogEventStatementID` y `AWSConfigSLRApiGatewayStatementID`.	17 de noviembre de 2023
AWSConfigServiceRolePolicy: añadir "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles"	Esta política ahora admite permisos adicionales para Amazon Cognito, Amazon Connect, Amazon EMR, Amazon MemoryDB AWS Ground Station,AWS Mainframe Modernization Amazon Quick Suite AWS Organizations, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53 y.AWS Service CatalogAWS Transfer Family	17 de noviembre de 2023
AWSConfigServiceRolePolicy: añadir "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID"	Esta política ahora añade identificadores de seguridad (SID) para `AWSConfigServiceRolePolicyStatementID`, `AWSConfigSLRLogStatementID`, `AWSConfigSLRLogEventStatementID` y `AWSConfigSLRApiGatewayStatementID`.	17 de noviembre de 2023
AWS_ConfigRole: añadir "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"	Esta política ahora admite permisos adicionales para Amazon Connect AWS Private CAAWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon Evidentemente, CloudWatch Amazon Managed Grafana, Amazon, GuardDuty Amazon AWS IoT Inspector AWS IoT TwinMaker,, Amazon Managed Streaming for Apache Kafka (Amazon AWS Lambda MSK AWS Network Manager)AWS Organizations,,, y Amazon AI. SageMaker	4 de octubre de 2023
AWSConfigServiceRolePolicy: añadir "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob"	Esta política ahora admite permisos adicionales para Amazon Connect AWS Private CAAWS App Mesh, Amazon Elastic Container Service (Amazon ECS), Amazon Evidentemente, CloudWatch Amazon Managed Grafana, Amazon, GuardDuty Amazon AWS IoT Inspector AWS IoT TwinMaker,, Amazon Managed Streaming for Apache Kafka (Amazon AWS Lambda MSK AWS Network Manager)AWS Organizations,,, y Amazon AI. SageMaker	4 de octubre de 2023
AWSConfigServiceRolePolicy: elimina "ssm:GetParameter"	Esta política ahora elimina los permisos para AWS Systems Manager(Systems Manager).	6 de septiembre de 2023
AWS_ConfigRole: añadir "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy"	Esta política ahora admite permisos adicionales para AWS App Mesh, Amazon AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact, Amazon AWS CodeBuild,AWS Identity and Access Management(IAM)AWS Glue GuardDuty, Amazon Inspector,,, Amazon Managed Streaming for Apache Kafka AWS IoTAWS IoT TwinMakerAWS IoT Wireless, Amazon Macie,,,, Amazon Route 53 AWS Elemental MediaConnectAWS Network ManagerAWS OrganizationsExplorador de recursos de AWS, Amazon Simple Storage Service (Amazon S3) y Amazon Simple Notification Service (Amazon SNS) Simple Service SNS).	28 de julio de 2023
AWSConfigServiceRolePolicy: añadir "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon WorkSpaces Applications AWS App Mesh, Amazon,AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact, Amazon AWS CodeBuild,AWS Identity and Access Management(IAM)AWS Glue GuardDuty, Amazon Inspector,,, Amazon Managed Streaming for Apache Kafka AWS IoTAWS IoT TwinMakerAWS IoT Wireless, Amazon Macie,,,,, Amazon Route 53 AWS Elemental MediaConnectAWS Network ManagerAWS OrganizationsExplorador de recursos de AWS, Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Simple Notification (SNS) y Amazon Systems Manager (SSM). EC2	28 de julio de 2023
AWS_ConfigRole: añadir "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Connect AWS Amplify, Amazon Managed Service for Prometheus AWS App Mesh, Amazon Athena,,,, Amazon, Amazon AWS Directory Service DynamoDB AWS BatchAWS CloudFormationAWS CloudTrail, Amazon Elastic Compute Cloud (Amazon)AWS CodeArtifact CodeGuru, Amazon CloudWatch Evidentemente, Amazon Forecast,,,, (IAM) EC2, Amazon Managed Streaming for Apache Kafka Streaming for Apache Kafka (Amazon MSK)AWS IoT GreengrassAWS Ground StationAWS Identity and Access Management, Amazon Lightsail, Amazon Logs, Amazon Pinpoint, Amazon Virtual Private Cloud (AWS Organizations CloudWatch AWS Elemental MediaConnectAWS Elemental MediaTailor Amazon VPC), Amazon Personalize, Amazon Quick Suite,AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family	13 de junio de 2023
AWSConfigServiceRolePolicy: añadir "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource"	Esta política ahora admite permisos adicionales para Amazon Connect AWS Amplify, Amazon Managed Service for Prometheus AWS App Mesh, Amazon Athena,,,, Amazon, Amazon AWS Directory Service DynamoDB AWS BatchAWS CloudFormationAWS CloudTrail, Amazon Elastic Compute Cloud (Amazon)AWS CodeArtifact CodeGuru, Amazon CloudWatch Evidentemente, Amazon Forecast,,,, (IAM) EC2, Amazon Managed Streaming for Apache Kafka Streaming for Apache Kafka (Amazon MSK)AWS IoT GreengrassAWS Ground StationAWS Identity and Access Management, Amazon Lightsail, Amazon Logs, Amazon Pinpoint, Amazon Virtual Private Cloud (AWS Organizations CloudWatch AWS Elemental MediaConnectAWS Elemental MediaTailor Amazon VPC), Amazon Personalize, Amazon Quick Suite,AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family	13 de junio de 2023
AWSConfigServiceRolePolicy: añadir amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para AWS Amplify,AWS App MeshAWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, SageMaker Amazon AWS Transfer Family AI, Amazon AWS Migration Hub Pinpoint AWS, Resilience Hub, Amazon CloudWatch,AWS Directory Service y.AWS WAF	13 de abril de 2023
AWS_ConfigRole: añadir amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para AWS Amplify,AWS App MeshAWS App Runner, Amazon CloudFront AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, SageMaker Amazon AWS Transfer Family AI, Amazon AWS Migration Hub Pinpoint AWS, Resilience Hub, Amazon CloudWatch,AWS Directory Service y.AWS WAF	13 de abril de 2023
AWSConfigServiceRolePolicy: añadir appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para Amazon AppFlow AWS App Runner, Amazon WorkSpaces Applications, Amazon CloudFront, Amazon, CloudWatch,,AWS CodeArtifactAWS CodeCommitAWS Device Farm, Amazon CloudWatch Evidentemente, Amazon Forecast,AWS Ground Station,AWS Identity and Access Management(IAM),AWS IoT Amazon MemoryDB, Amazon Pinpoint,, Amazon AWS Network Manager Relational AWS Panorama Database Service (Amazon RDS), Amazon Redshift y Amazon AI. SageMaker	30 de marzo de 2023
AWS_ConfigRole: añadir appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions	Esta política ahora admite permisos adicionales para Amazon Managed Workflows for Amazon AppFlow AWS App Runner, Amazon WorkSpaces Applications, Amazon AWS CloudFormation, Amazon CloudFront, Amazon CloudWatch,,AWS CodeArtifactAWS CodeCommitAWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidentemente, Amazon Forecast,AWS Ground Station,AWS Identity and Access Management(IAM),AWS IoT Amazon MemoryDB, Amazon Pinpoint,, Amazon AWS Network Manager Relational AWS Panorama Database Service (Amazon RDS), Amazon Redshift y Amazon AI. SageMaker	30 de marzo de 2023
AWSConfigRulesExecutionRole— comienza a realizar un seguimiento de los cambios de esta política gestionada AWS ConfigAWS	Esta política permite a AWS Lambda las funciones acceder a la AWS Config API y a las instantáneas de configuración que se AWS Config envían periódicamente a Amazon S3. Las funciones que evalúan los cambios de configuración de las reglas Lambda AWS personalizadas requieren este acceso.	7 de marzo de 2023
AWSConfigRoleForOrganizations—AWS Config comienza a realizar un seguimiento de los cambios de esta política AWS gestionada	Esta política permite AWS Config realizar llamadas de solo lectura AWS Organizations APIs.	7 de marzo de 2023
AWSConfigRemediationServiceRolePolicy—AWS Config comienza a realizar un seguimiento de los cambios de esta política gestionada AWS	Esta política permite AWS Config corregir `NON_COMPLIANT` los recursos en su nombre.	7 de marzo de 2023
AWSConfigServiceRolePolicy: añadir auditmanager:GetAccountStatus	Esta política ahora permite devolver el estado de registro de una cuenta en AWS Audit Manager.	3 de marzo de 2023
AWS_ConfigRole: añadir auditmanager:GetAccountStatus	Esta política ahora permite devolver el estado de registro de una cuenta en AWS Audit Manager.	3 de marzo de 2023
AWSConfigMultiAccountSetupPolicy—AWS Config comienza a realizar un seguimiento de los cambios de esta política AWS gestionada	Esta política permite llamar AWS Config a AWS los servicios e implementar AWS Config recursos en una organización con AWS Organizations.	27 de febrero de 2023
AWSConfigServiceRolePolicy: añadir airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para Apache Airflow,AWS IoT Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC),AWS Device Farm Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Pinpoint (AWS Identity and Access Management IAM), Amazon y Amazon Logs. GuardDuty CloudWatch	1 de febrero de 2023
AWS_ConfigRole: añadir airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para Apache Airflow,AWS IoT Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC),AWS Device Farm Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Pinpoint (AWS Identity and Access Management IAM), Amazon y Amazon Logs. GuardDuty CloudWatch	1 de febrero de 2023
ConfigConformsServiceRolePolicy: actualizar config:DescribeConfigRules	Como práctica recomendada de seguridad, ahora esta política elimina el permiso amplio en el nivel de los recursos para `config:DescribeConfigRules`.	12 de enero de 2023
AWSConfigServiceRolePolicy: añadir APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon Managed Service for Prometheus AWS Audit Manager,,,AWS DMS()AWS Device Farm,AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon)AWS Glue,, EC2 Amazon Lightsail,,AWS IoT Amazon Quick Suite AWS Elemental MediaPackage,AWS Network Manager Amazon Application Recovery Controller (ARC)AWS Resource Access Manager, Amazon Simple Storage Service (Amazon S3) y Amazon Timestream.AWS Directory Service	15 de diciembre de 2022
AWS_ConfigRole: añadir APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon Managed Service for Prometheus AWS Audit Manager,,,AWS DMS()AWS Device Farm,AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon)AWS Glue,, EC2 Amazon Lightsail,,AWS IoT Amazon Quick Suite AWS Elemental MediaPackage,AWS Network Manager Amazon Application Recovery Controller (ARC)AWS Resource Access Manager, Amazon Simple Storage Service (Amazon S3) y Amazon Timestream.AWS Directory Service	15 de diciembre de 2022
AWSConfigServiceRolePolicy: añadir cloudformation:ListStackResources and cloudformation:ListStacks	Esta política ahora otorga permiso para devolver descripciones de todos los recursos de una AWS CloudFormation pila específica y devolver la información resumida de las pilas cuyo estado coincida con el especificadoStackStatusFilter.	7 de noviembre de 2022
AWS_ConfigRole: añadir cloudformation:ListStackResources and cloudformation:ListStacks	Esta política ahora permite devolver las descripciones de todos los recursos de una AWS CloudFormation pila específica y devolver la información resumida de las pilas cuyo estado coincida con el especificado. StackStatusFilter	7 de noviembre de 2022
AWSConfigServiceRolePolicy: añadir acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Esta política ahora admite permisos adicionales para AWS Certificate Manager Amazon Managed Workflows for Apache Airflow, Amazon Keyspaces,AWS AppConfig Amazon AWS Amplify, Amazon Connect, Amazon Elastic Compute Cloud ( CloudWatchAmazon)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), EC2 Amazon, Amazon Fraud Detector, Amazon, Amazon, Amazon Servers AWS Fault Injection Service, EventBridge Amazon Location Service, Amazon Location Service, FSx Amazon, Amazon GameLift Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite, Amazon Relational Database OpsWorksAWS PanoramaAWS Resource Access Manager Service (Amazon RDS), Amazon AWS RoboMaker Rekognition,, Amazon Route 53 Grupos de recursos de AWS, Amazon Simple Storage Service (Amazon S3) (Simple Storage Service) (Amazon S3) y.AWS Cloud MapAWS Security Token Service	19 de octubre de 2022
AWS_ConfigRole: añadir acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Esta política ahora admite permisos adicionales para AWS Certificate Manager Amazon Managed Workflows for Apache Airflow, Amazon Keyspaces,AWS AppConfig Amazon AWS Amplify, Amazon Connect, Amazon Elastic Compute Cloud ( CloudWatchAmazon)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), EC2 Amazon, Amazon Fraud Detector, Amazon, Amazon, Amazon Servers AWS Fault Injection Service, EventBridge Amazon Location Service, Amazon Location Service, FSx Amazon, Amazon GameLift Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite, Amazon Relational Database OpsWorksAWS PanoramaAWS Resource Access Manager Service (Amazon RDS), Amazon AWS RoboMaker Rekognition,, Amazon Route 53 Grupos de recursos de AWS, Amazon Simple Storage Service (Amazon S3) (Simple Storage Service) (Amazon S3) y.AWS Cloud MapAWS Security Token Service	19 de octubre de 2022
AWSConfigServiceRolePolicy: añadir Glue::GetTable	Esta política ahora otorga permiso para recuperar la definición de AWS Glue tabla en un catálogo de datos para una tabla específica.	14 de septiembre de 2022
AWS_ConfigRole: añadir Glue::GetTable	Esta política ahora otorga permiso para recuperar la definición de AWS Glue tabla en un catálogo de datos para una tabla específica.	14 de septiembre de 2022
AWSConfigServiceRolePolicy: añadir appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon AppFlow, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector EventBridge, EventBridge Amazon Servers Amazon FinSpace, Amazon Interactive Video Service ( GameLift Amazon IVS) Amazon Video IVS), Amazon Managed Service para Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC Amazon Route 53 Resolver), Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,AWS AppConfigAWS AppSyncAWS Auto ScalingAWS BackupAWS BudgetsAWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake Formation,AWS License ManagerAWS Resilience Hub,AWS Signer, y AWS Transfer Family.	7 de septiembre de 2022
AWS_ConfigRole: añadir appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon AppFlow, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector EventBridge, EventBridge Amazon Servers Amazon FinSpace, Amazon Interactive Video Service ( GameLift Amazon IVS) Amazon Video IVS), Amazon Managed Service para Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC Amazon Route 53 Resolver), Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,AWS AppConfigAWS AppSyncAWS Auto ScalingAWS BackupAWS BudgetsAWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake FormationAWS License Manager,AWS Resilience Hub,AWS Signer, y AWS Transfer Family	7 de septiembre de 2022
AWSConfigServiceRolePolicy: añadir airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para Apache Airflow,AWS IoT Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC),AWS Device Farm Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Pinpoint (AWS Identity and Access Management IAM), Amazon y Amazon Logs. GuardDuty CloudWatch	1 de febrero de 2023
AWS_ConfigRole: añadir airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries	Esta política ahora admite permisos adicionales para Amazon Managed Workflows para Apache Airflow,AWS IoT Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC),AWS Device Farm Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Pinpoint (AWS Identity and Access Management IAM), Amazon y Amazon Logs. GuardDuty CloudWatch	1 de febrero de 2023
ConfigConformsServiceRolePolicy: actualizar config:DescribeConfigRules	Como práctica recomendada de seguridad, ahora esta política elimina el permiso amplio en el nivel de los recursos para `config:DescribeConfigRules`.	12 de enero de 2023
AWSConfigServiceRolePolicy: añadir APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile,AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon Managed Service for Prometheus AWS Audit Manager,,,AWS DMS()AWS Device Farm,AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon)AWS Glue,, EC2 Amazon Lightsail,,AWS IoT Amazon Quick Suite AWS Elemental MediaPackage,AWS Network Manager Amazon Application Recovery Controller (ARC)AWS Resource Access Manager, Amazon Simple Storage Service (Amazon S3) y Amazon Timestream.AWS Directory Service	15 de diciembre de 2022
AWS_ConfigRole: añadir APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon Managed Service for Prometheus AWS Audit Manager,,,AWS DMS()AWS Device Farm,AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon)AWS Glue,, EC2 Amazon Lightsail,,AWS IoT Amazon Quick Suite AWS Elemental MediaPackage,AWS Network Manager Amazon Application Recovery Controller (ARC)AWS Resource Access Manager, Amazon Simple Storage Service (Amazon S3) y Amazon Timestream.AWS Directory Service	15 de diciembre de 2022
AWSConfigServiceRolePolicy: añadir cloudformation:ListStackResources and cloudformation:ListStacks	Esta política ahora otorga permiso para devolver descripciones de todos los recursos de una AWS CloudFormation pila específica y devolver la información resumida de las pilas cuyo estado coincida con el especificadoStackStatusFilter.	7 de noviembre de 2022
AWS_ConfigRole: añadir cloudformation:ListStackResources and cloudformation:ListStacks	Esta política ahora permite devolver las descripciones de todos los recursos de una AWS CloudFormation pila específica y devolver la información resumida de las pilas cuyo estado coincida con el especificado. StackStatusFilter	7 de noviembre de 2022
AWSConfigServiceRolePolicy: añadir acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Esta política ahora admite permisos adicionales para AWS Certificate Manager Amazon Managed Workflows for Apache Airflow, Amazon Keyspaces,AWS AppConfig Amazon AWS Amplify, Amazon Connect, Amazon Elastic Compute Cloud ( CloudWatchAmazon)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), EC2 Amazon, Amazon Fraud Detector, Amazon, Amazon, Amazon Servers AWS Fault Injection Service, EventBridge Amazon Location Service, Amazon Location Service, FSx Amazon, Amazon GameLift Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite, Amazon Relational Database OpsWorksAWS PanoramaAWS Resource Access Manager Service (Amazon RDS), Amazon AWS RoboMaker Rekognition,, Amazon Route 53 Grupos de recursos de AWS, Amazon Simple Storage Service (Amazon S3) (Simple Storage Service) (Amazon S3) y.AWS Cloud MapAWS Security Token Service	19 de octubre de 2022
AWS_ConfigRole: añadir acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups	Esta política ahora admite permisos adicionales para AWS Certificate Manager Amazon Managed Workflows for Apache Airflow, Amazon Keyspaces,AWS AppConfig Amazon AWS Amplify, Amazon Connect, Amazon Elastic Compute Cloud ( CloudWatchAmazon)AWS Glue DataBrew, Amazon Elastic Kubernetes Service (Amazon EKS), EC2 Amazon, Amazon Fraud Detector, Amazon, Amazon, Amazon Servers AWS Fault Injection Service, EventBridge Amazon Location Service, Amazon Location Service, FSx Amazon, Amazon GameLift Amazon Lex, Amazon Lightsail AWS IoT, Amazon Pinpoint,,,, Amazon Quick Suite, Amazon Relational Database OpsWorksAWS PanoramaAWS Resource Access Manager Service (Amazon RDS), Amazon AWS RoboMaker Rekognition,, Amazon Route 53 Grupos de recursos de AWS, Amazon Simple Storage Service (Amazon S3) (Simple Storage Service) (Amazon S3) y.AWS Cloud MapAWS Security Token Service	19 de octubre de 2022
AWSConfigServiceRolePolicy: añadir Glue::GetTable	Esta política ahora otorga permiso para recuperar la definición de AWS Glue tabla en un catálogo de datos para una tabla específica.	14 de septiembre de 2022
AWS_ConfigRole: añadir Glue::GetTable	Esta política ahora otorga permiso para recuperar la definición de AWS Glue tabla en un catálogo de datos para una tabla específica.	14 de septiembre de 2022
AWSConfigServiceRolePolicy: añadir appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon AppFlow, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector EventBridge, EventBridge Amazon Servers Amazon FinSpace, Amazon Interactive Video Service ( GameLift Amazon IVS) Amazon Video IVS), Amazon Managed Service para Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC Amazon Route 53 Resolver), Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,AWS AppConfigAWS AppSyncAWS Auto ScalingAWS BackupAWS BudgetsAWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake Formation,AWS License ManagerAWS Resilience Hub,AWS Signer, y AWS Transfer Family.	7 de septiembre de 2022
AWS_ConfigRole: añadir appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource	Esta política ahora admite permisos adicionales para Amazon AppFlow, Amazon CloudWatch RUM CloudWatch, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon, Amazon Schemas, Amazon Fraud Detector EventBridge, EventBridge Amazon Servers Amazon FinSpace, Amazon Interactive Video Service ( GameLift Amazon IVS) Amazon Video IVS), Amazon Managed Service para Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick Suite, Amazon Application Recovery Controller (ARC Amazon Route 53 Resolver), Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream,,,,,,,,,,,,,AWS AppConfigAWS AppSyncAWS Auto ScalingAWS BackupAWS BudgetsAWS Cost ExplorerAWS Cloud9AWS Directory ServiceAWS DataSyncAWS Elemental MediaPackageAWS GlueAWS IoTAWS IoT AnalyticsAWS IoT EventsAWS IoT SiteWise,AWS IoT TwinMaker,AWS Lake FormationAWS License Manager,AWS Resilience Hub,AWS Signer, y AWS Transfer Family	7 de septiembre de 2022
AWSConfigServiceRolePolicy: añadir datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists	Esta política ahora otorga permiso para devolver una lista de AWS DataSync agentes, ubicaciones de DataSync origen y destino y DataSync tareas en una Cuenta de AWS; enumerar información resumida sobre los AWS Cloud Map espacios de nombres y servicios que están asociados a uno o más espacios de nombres específicos en una Cuenta de AWS; y enumerar todas las listas de contactos de Amazon Simple Email Service (Amazon SES) disponibles en.Cuenta de AWS	22 de agosto de 2022
AWS_ConfigRole: añadir datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists	Esta política ahora otorga permiso para devolver una lista de AWS DataSync agentes, ubicaciones de DataSync origen y destino y DataSync tareas en una Cuenta de AWS; enumerar información resumida sobre los AWS Cloud Map espacios de nombres y servicios que están asociados a uno o más espacios de nombres específicos en una Cuenta de AWS; y enumerar todas las listas de contactos de Amazon Simple Email Service (Amazon SES) disponibles en.Cuenta de AWS	22 de agosto de 2022
ConfigConformsServiceRolePolicy: añadir cloudwatch:PutMetricData	Esta política ahora otorga permiso para publicar puntos de datos métricos en Amazon CloudWatch.	25 de julio de 2022
AWSConfigServiceRolePolicy: añadir amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet	Esta política ahora admite permisos adicionales para Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon, Amazon ElastiCache EventBridge, Amazon Managed Service for Apache Flink FSx, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition, Amazon Simple Storage Service (AWS RoboMaker Amazon S3) S3), Amazon Simple Email Service (Amazon SES),,,,,,, (IAM Identity Center AWS Amplify)AWS AppConfigAWS Firewall ManagerAWS GlueAWS IAM Identity Center, Image Builder y Elastic Load AWS AppSyncAWS Billing ConductorAWS DataSync EC2	15 de julio de 2022
AWS_ConfigRole: añadir amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet	Esta política ahora admite permisos adicionales para Amazon Elastic Container Service (Amazon ECS), Amazon, Amazon, Amazon ElastiCache EventBridge, Amazon Managed Service for Apache Flink FSx, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick Suite, Amazon Rekognition, Amazon Simple Storage Service (AWS RoboMaker Amazon S3) S3), Amazon Simple Email Service (Amazon SES),,,,,,, (IAM Identity Center AWS Amplify)AWS AppConfigAWS Firewall ManagerAWS GlueAWS IAM Identity Center, Image Builder y Elastic Load AWS AppSyncAWS Billing ConductorAWS DataSync EC2	15 de julio de 2022
AWSConfigServiceRolePolicy: añadir athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource	Esta política ahora otorga permiso para obtener un catálogo de datos de Amazon Athena específico, enumerar los catálogos de datos de Athena en un recurso y enumerar las etiquetas asociadas a un Cuenta de AWS grupo de trabajo o catálogo de datos de Athena; para obtener una lista de gráficos de comportamiento de Amazon Detective y etiquetas de lista para un gráfico de comportamiento de Detective; obtener una lista de metadatos de recursos para una lista determinada de nombres de puntos de enlace de desarrollo, obtener información sobre un punto final de AWS Glue desarrollo específico, obtener todo el AWS GlueAWS Glue desarrollo puntos finales en un, recuperan una seguridad específica Cuenta de AWSAWS Glue configuración, obtener todas las configuraciones de AWS Glue seguridad, obtener una lista de etiquetas asociadas a un AWS Glue recurso, obtener información sobre un AWS Glue grupo de trabajo con el nombre especificado, recuperar los nombres de todos los recursos del AWS Glue rastreador de una AWS cuenta, obtener los nombres de todos los AWS Glue`DevEndpoint` recursos de una Cuenta de AWS, enumerar los nombres de todos los recursos de AWS Glue trabajo en una Cuenta de AWS, obtener detalles sobre las cuentas de los AWS Glue miembros, enumerar los nombres de los AWS Glue flujos de trabajo creados en una cuenta y enumerar AWS Glue los grupos de trabajo disponibles para una cuenta; recuperar detalles sobre un GuardDuty filtro de Amazon, recuperar un GuardDuty IPSet, recuperar cuentas de GuardDuty miembros, obtener una lista de GuardDuty filtros, obtener el GuardDuty servicio, recuperar las etiquetas IPSets del Servicio y obtener el ThreatIntelSets del GuardDuty GuardDuty servicio; obtener el estado actual y los ajustes de configuración de una cuenta de Amazon Macie; recuperar el recurso y las asociaciones principales para AWS Resource Access Manager(AWS RAM) recursos compartidos y recuperar detalles sobre el recurso GuardDuty ThreatIntelSet AWS RAM shares; para obtener información sobre un conjunto de configuraciones existente de Amazon Simple Email Service (Amazon SES), obtener una lista de los destinos de eventos que están asociados a un conjunto de configuraciones de Amazon SES y una lista de todos los conjuntos de configuraciones asociados a una cuenta de Amazon SES; y para obtener una lista de los atributos del directorio de Identity Center, obtener los detalles de AWS IAM Identity Center un conjunto de permisos, obtener la política gestionada de IAM que se adjunta a una identidad de IAM específica Centrar el conjunto de permisos, obtener los permisos establecidos para una instancia del IAM Identity Center y obtener etiquetas para la identidad de IAM Recursos del centro.	31 de mayo de 2022
AWS_ConfigRole: añadir athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource	Esta política ahora otorga permiso para obtener un catálogo de datos de Amazon Athena específico, enumerar los catálogos de datos de Athena en un recurso y enumerar las etiquetas asociadas a un Cuenta de AWS grupo de trabajo o catálogo de datos de Athena; para obtener una lista de gráficos de comportamiento de Amazon Detective y etiquetas de lista para un gráfico de comportamiento de Detective; obtener una lista de metadatos de recursos para una lista determinada de nombres de puntos de enlace de desarrollo, obtener información sobre un punto final de AWS Glue desarrollo específico, obtener todo el AWS GlueAWS Glue desarrollo puntos finales en un, recuperan una seguridad específica Cuenta de AWSAWS Glue configuración, obtener todas las configuraciones de AWS Glue seguridad, obtener una lista de etiquetas asociadas a un AWS Glue recurso, obtener información sobre un AWS Glue grupo de trabajo con el nombre especificado, recuperar los nombres de todos los recursos del AWS Glue rastreador de una AWS cuenta, obtener los nombres de todos los AWS Glue`DevEndpoint` recursos de una Cuenta de AWS, enumerar los nombres de todos los recursos de AWS Glue trabajo en una Cuenta de AWS, obtener detalles sobre las cuentas de los AWS Glue miembros, enumerar los nombres de los AWS Glue flujos de trabajo creados en una cuenta y enumerar AWS Glue los grupos de trabajo disponibles para una cuenta; recuperar detalles sobre un GuardDuty filtro de Amazon, recuperar un GuardDuty IPSet, recuperar cuentas de GuardDuty miembros, obtener una lista de GuardDuty filtros, obtener el GuardDuty servicio, recuperar las etiquetas IPSets del Servicio y obtener el ThreatIntelSets del GuardDuty GuardDuty servicio; obtener el estado actual y los ajustes de configuración de una cuenta de Amazon Macie; recuperar el recurso y las asociaciones principales para AWS Resource Access Manager(AWS RAM) recursos compartidos y recuperar detalles sobre el recurso GuardDuty ThreatIntelSet AWS RAM shares; para obtener información sobre un conjunto de configuraciones existente de Amazon Simple Email Service (Amazon SES), obtener una lista de los destinos de eventos que están asociados a un conjunto de configuraciones de Amazon SES y una lista de todos los conjuntos de configuraciones asociados a una cuenta de Amazon SES; y para obtener una lista de los atributos del directorio de Identity Center, obtener los detalles de AWS IAM Identity Center un conjunto de permisos, obtener la política gestionada de IAM que se adjunta a una identidad de IAM específica Centrar el conjunto de permisos, obtener los permisos establecidos para una instancia del IAM Identity Center y obtener etiquetas para la identidad de IAM Recursos del centro.	31 de mayo de 2022
AWSConfigServiceRolePolicy: añadir cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies	Esta política ahora otorga permiso para obtener información sobre todos los almacenes de datos de AWS CloudTrail eventos (EDS) o sobre uno específico, obtener información sobre todos o un AWS CloudFormation recurso específico, obtener una lista de un grupo de parámetros o un grupo de subredes de DynamoDB Accelerator (DAX), obtener información AWS Database Migration Service sobre AWS DMS() las tareas de replicación de su cuenta en la región actual a la que se está accediendo y obtener una lista de todas las políticas de un tipo específico.AWS Organizations	7 de abril de 2022
AWS_ConfigRole: añadir cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies	Esta política ahora otorga permiso para obtener información sobre todos los almacenes de datos de AWS CloudTrail eventos (EDS) o sobre uno específico, obtener información sobre todos o un AWS CloudFormation recurso específico, obtener una lista de un grupo de parámetros o un grupo de subredes de DynamoDB Accelerator (DAX), obtener información AWS Database Migration Service sobre AWS DMS() las tareas de replicación de su cuenta en la región actual a la que se está accediendo y obtener una lista de todas las políticas de un tipo específico.AWS Organizations	7 de abril de 2022
AWSConfigServiceRolePolicy: añadir backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces	Esta política ahora admite permisos adicionales para DynamoDB Accelerator AWS BackupAWS Batch, Amazon DynamoDB,AWS Database Migration Service Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon,, Amazon Relational Database Service, FSx V2 y Amazon. GuardDuty AWS Key Management ServiceAWS OpsWorksAWS WAF WorkSpaces	14 de marzo de 2022
AWS_ConfigRole: añadir backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces	Esta política ahora admite permisos adicionales para DynamoDB Accelerator AWS BackupAWS Batch, Amazon DynamoDB,AWS Database Migration Service Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon,, Amazon Relational Database Service, FSx V2 y Amazon. GuardDuty AWS Key Management ServiceAWS OpsWorksAWS WAF WorkSpaces	14 de marzo de 2022
AWSConfigServiceRolePolicy: añadir elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies	Esta política ahora otorga permiso para obtener detalles sobre los entornos de Elastic Beanstalk y una descripción de los ajustes del conjunto de configuraciones de Elastic Beanstalk especificado, obtener un mapa o las versiones de Elasticsearch, describir los grupos de opciones OpenSearch de Amazon RDS disponibles para una base de datos y obtener información sobre una configuración de implementación. CodeDeploy Esta política ahora también otorga permiso para recuperar el contacto alternativo especificado adjunto a una Cuenta de AWS, recuperar información sobre una AWS Organizations política, recuperar una política de repositorio de Amazon ECR, recuperar información sobre una AWS Config regla archivada, recuperar una lista de familias de definiciones de tareas de Amazon ECS, enumerar las unidades organizativas raíz o principal (OUs) de la OU o cuenta secundaria especificada y enumerar las políticas que se adjuntan a la raíz, unidad organizativa o cuenta de destino especificada.	10 de febrero de 2022
AWS_ConfigRole: añadir elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies	Esta política ahora otorga permiso para obtener detalles sobre los entornos de Elastic Beanstalk y una descripción de los ajustes del conjunto de configuraciones de Elastic Beanstalk especificado, obtener un mapa o las versiones de Elasticsearch, describir los grupos de opciones OpenSearch de Amazon RDS disponibles para una base de datos y obtener información sobre una configuración de implementación. CodeDeploy Esta política ahora también otorga permiso para recuperar el contacto alternativo especificado adjunto a una Cuenta de AWS, recuperar información sobre una AWS Organizations política, recuperar una política de repositorio de Amazon ECR, recuperar información sobre una AWS Config regla archivada, recuperar una lista de familias de definiciones de tareas de Amazon ECS, enumerar las unidades organizativas raíz o principal (OUs) de la OU o cuenta secundaria especificada y enumerar las políticas que se adjuntan a la raíz, unidad organizativa o cuenta de destino especificada.	10 de febrero de 2022
AWSConfigServiceRolePolicy: añadir logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent	Esta política ahora otorga permiso para crear grupos de CloudWatch registros y transmisiones de Amazon y para escribir registros en transmisiones de registros creadas.	15 de diciembre de 2021
AWS_ConfigRole: añadir logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent	Esta política ahora otorga permiso para crear grupos de CloudWatch registros y transmisiones de Amazon y para escribir registros en transmisiones de registros creadas.	15 de diciembre de 2021
AWSConfigServiceRolePolicy: añadir es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots	Esta política ahora otorga permiso para obtener detalles sobre un Amazon OpenSearch Service (OpenSearch Servicio) domain/domains y obtener una lista de parámetros detallada para un grupo de parámetros de base de datos de Amazon Relational Database Service (Amazon RDS) concreto. Esta política también otorga permiso para obtener detalles sobre las instantáneas de Amazon ElastiCache .	8 de septiembre de 2021
AWS_ConfigRole: añadir es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots	Esta política ahora otorga permiso para obtener detalles sobre un Amazon OpenSearch Service (OpenSearch Servicio) domain/domains y obtener una lista de parámetros detallada para un grupo de parámetros de base de datos de Amazon Relational Database Service (Amazon RDS) concreto. Esta política también otorga permiso para obtener detalles sobre las instantáneas de Amazon ElastiCache .	8 de septiembre de 2021
AWSConfigServiceRolePolicy— Añadir logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine permisos y permisos adicionales para los tipos de recursos AWS	Esta política ahora otorga permiso para enumerar las etiquetas de un grupo de registro, enumerar las etiquetas de una máquina de estado y enumerar todas las máquinas de estado. Esta política ahora otorga permiso para obtener información sobre una máquina de estado. Esta política ahora también admite permisos adicionales para Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon AI, Amazon Simple SageMaker Notification Service, y.AWS Database Migration ServiceAWS Global AcceleratorAWS Storage Gateway	28 de julio de 2021
AWS_ConfigRole— Agregue l y permisos adicionales para los tipos de ogs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine recursos AWS	Esta política ahora otorga permiso para enumerar las etiquetas de un grupo de registro, enumerar las etiquetas de una máquina de estado y enumerar todas las máquinas de estado. Esta política ahora otorga permiso para obtener información sobre una máquina de estado. Esta política ahora también admite permisos adicionales para Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon AI, Amazon Simple SageMaker Notification Service, y.AWS Database Migration ServiceAWS Global AcceleratorAWS Storage Gateway	28 de julio de 2021
AWSConfigServiceRolePolicy— Añadir ssm:DescribeDocumentPermission permisos y permisos adicionales para los tipos de recursos AWS	Esta política ahora otorga permiso para ver los permisos de los documentos y la información de AWS Systems Manager sobre el Analizador de acceso de IAM. Esta política ahora admite tipos de AWS recursos adicionales para Amazon Kinesis, Amazon, ElastiCache Amazon EMR, Amazon Route 53 y AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Estos cambios de permisos permiten AWS Config invocar el código de solo lectura necesario para admitir estos tipos de recursosAPIs . Esta política ahora también admite el filtrado de funciones de Lambda @Edge para la regla lambda-inside-vpcAWS Config administrada.	8 de junio de 2021
AWS_ConfigRole— Añadir ssm:DescribeDocumentPermission permisos adicionales para los tipos de AWS recursos	Esta política ahora otorga permiso para ver los permisos de los documentos y la información de AWS Systems Manager sobre el Analizador de acceso de IAM. Esta política ahora admite tipos de AWS recursos adicionales para Amazon Kinesis, Amazon, ElastiCache Amazon EMR, Amazon Route 53 y AWS Network Firewall Amazon Relational Database Service (Amazon RDS). Estos cambios de permisos permiten AWS Config invocar el código de solo lectura necesario para admitir estos tipos de recursosAPIs . Esta política ahora también admite el filtrado de funciones de Lambda @Edge para la regla lambda-inside-vpcAWS Config administrada.	8 de junio de 2021
AWSConfigServiceRolePolicy— Añadir apigateway:GET permiso para realizar llamadas GET de solo lectura a API Gateway y s3:GetAccessPointPolicy permiso y s3:GetAccessPointPolicyStatus permiso para invocar Amazon S3 de solo lectura APIs	Esta política ahora otorga permisos que permiten AWS Config realizar llamadas GET de solo lectura a API Gateway para admitir una AWS Config regla para API Gateway. La política también añade permisos que permiten AWS Config invocar Amazon Simple Storage Service (Amazon S3) en modo de APIs solo lectura, que son necesarios para admitir el nuevo tipo de recurso. `AWS::S3::AccessPoint`	10 de mayo de 2021
AWS_ConFigrole: añade apigateway:GET permiso para realizar llamadas GET de solo lectura a API Gateway y s3:GetAccessPointPolicy permiso y permiso para s3:GetAccessPointPolicyStatus invocar Amazon S3 de solo lectura APIs	Esta política ahora otorga permisos que permiten AWS Config realizar llamadas GET de solo lectura a API Gateway para admitir una AWS Config API Gateway. La política también añade permisos que permiten AWS Config invocar Amazon Simple Storage Service (Amazon S3) en modo de APIs solo lectura, que son necesarios para admitir el nuevo tipo de recurso. `AWS::S3::AccessPoint`	10 de mayo de 2021
AWSConfigServiceRolePolicy— Añadir ssm:ListDocuments permisos y permisos adicionales para los tipos de recursos AWS	Esta política ahora otorga permisos para ver información sobre los documentos específicos de AWS Systems Manager. Esta política ahora también admite tipos de AWS recursos adicionales para AWS Backup Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Kinesis, Amazon AI y SageMaker Amazon Route AWS Database Migration Service 53. Estos cambios de permisos permiten AWS Config invocar el código de solo lectura APIs necesario para admitir estos tipos de recursos.	1 de abril de 2021
AWS_ConfigRole— Añadir ssm:ListDocuments permisos y permisos adicionales para los tipos de recursos AWS	Esta política ahora otorga permisos para ver información sobre los documentos específicos de AWS Systems Manager. Esta política ahora también admite tipos de AWS recursos adicionales para AWS Backup Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon), EC2 Amazon Kinesis, Amazon AI y SageMaker Amazon Route AWS Database Migration Service 53. Estos cambios de permisos permiten AWS Config invocar el código de solo lectura APIs necesario para admitir estos tipos de recursos.	1 de abril de 2021
`AWSConfigRole` está obsoleto.	`AWSConfigRole` está obsoleto. La política de reemplazo es `AWS_ConfigRole`.	1 de abril de 2021
AWS Config comenzó a rastrear los cambios	AWS Config comenzó a realizar un seguimiento de los cambios de sus políticas AWS gestionadas.	1 de abril de 2021

Aviso JavaScript está desactivado o no está disponible en su navegador.

Para utilizar la documentación de AWS, debe estar habilitado JavaScript. Para obtener más información, consulte las páginas de ayuda de su navegador.

Convenciones del documento

Ejemplos de políticas basadas en identidades

Permisos para el rol de IAM