[no ci] Data update on 2025-01-11T04:08:59

tobilg · Jan 11, 2025 · 8377858 · 8377858
1 parent 0f1ee02
commit 8377858
Show file tree

Hide file tree

Showing 8 changed files with 1,553 additions and 102 deletions.
diff --git a/data/json/AWSCleanRoomsMLFullAccess/v2/policy.json b/data/json/AWSCleanRoomsMLFullAccess/v2/policy.json
@@ -0,0 +1,170 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "CleanRoomsMLFullAccess",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms-ml:*"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "PassServiceRole",
+      "Effect": "Allow",
+      "Action": [
+        "iam:PassRole"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:role/cleanrooms-ml*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "iam:PassedToService": "cleanrooms-ml.amazonaws.com"
+        }
+      }
+    },
+    {
+      "Sid": "CleanRoomsConsoleNavigation",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:GetCollaboration",
+        "cleanrooms:BatchGetSchema",
+        "cleanrooms:GetConfiguredAudienceModelAssociation",
+        "cleanrooms:GetMembership",
+        "cleanrooms:ListAnalysisTemplates",
+        "cleanrooms:ListCollaborationAnalysisTemplates",
+        "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations",
+        "cleanrooms:ListCollaborations",
+        "cleanrooms:ListConfiguredTableAssociations",
+        "cleanrooms:ListConfiguredTables",
+        "cleanrooms:ListMembers",
+        "cleanrooms:ListMemberships",
+        "cleanrooms:ListProtectedQueries",
+        "cleanrooms:ListSchemas",
+        "cleanrooms:ListTagsForResource"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "CollaborationMembershipCheck",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:ListMembers"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "ForAnyValue:StringEquals": {
+          "aws:CalledVia": [
+            "cleanrooms-ml.amazonaws.com"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "AssociateModels",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:CreateConfiguredAudienceModelAssociation"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "TagAssociations",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:TagResource"
+      ],
+      "Resource": "arn:aws:cleanrooms:*:*:membership/*/configuredaudiencemodelassociation/*"
+    },
+    {
+      "Sid": "ListRolesToPickServiceRole",
+      "Effect": "Allow",
+      "Action": [
+        "iam:ListRoles"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "GetRoleAndListRolePoliciesToInspectServiceRole",
+      "Effect": "Allow",
+      "Action": [
+        "iam:GetRole",
+        "iam:ListRolePolicies",
+        "iam:ListAttachedRolePolicies"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:role/service-role/cleanrooms-ml*",
+        "arn:aws:iam::*:role/role/cleanrooms-ml*"
+      ]
+    },
+    {
+      "Sid": "ListPoliciesToInspectServiceRolePolicy",
+      "Effect": "Allow",
+      "Action": [
+        "iam:ListPolicies"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "GetPolicyToInspectServiceRolePolicy",
+      "Effect": "Allow",
+      "Action": [
+        "iam:GetPolicy",
+        "iam:GetPolicyVersion"
+      ],
+      "Resource": "arn:aws:iam::*:policy/*cleanroomsml*"
+    },
+    {
+      "Sid": "ConsoleDisplayTables",
+      "Effect": "Allow",
+      "Action": [
+        "glue:GetDatabase",
+        "glue:GetDatabases",
+        "glue:GetTable",
+        "glue:GetTables",
+        "glue:GetPartition",
+        "glue:GetPartitions",
+        "glue:GetSchema",
+        "glue:GetSchemaVersion",
+        "glue:BatchGetPartition"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "ConsolePickOutputBucket",
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "ConsolePickS3Location",
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListBucket",
+        "s3:GetBucketLocation"
+      ],
+      "Resource": "arn:aws:s3:::*cleanrooms-ml*"
+    },
+    {
+      "Sid": "ConsoleDescribeECRRepositories",
+      "Effect": "Allow",
+      "Action": [
+        "ecr:DescribeRepositories",
+        "ecr:ListImages"
+      ],
+      "Resource": "arn:aws:ecr:*:*:repository/*"
+    },
+    {
+      "Sid": "PassCleanRoomsResources",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:PassMembership",
+        "cleanrooms:PassCollaboration"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
diff --git a/data/json/AWSCleanRoomsMLReadOnlyAccess/v2/policy.json b/data/json/AWSCleanRoomsMLReadOnlyAccess/v2/policy.json
@@ -0,0 +1,44 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "CleanRoomsConsoleNavigation",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:GetCollaboration",
+        "cleanrooms:GetConfiguredAudienceModelAssociation",
+        "cleanrooms:GetMembership",
+        "cleanrooms:ListAnalysisTemplates",
+        "cleanrooms:ListCollaborationAnalysisTemplates",
+        "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations",
+        "cleanrooms:ListCollaborations",
+        "cleanrooms:ListConfiguredTableAssociations",
+        "cleanrooms:ListConfiguredTables",
+        "cleanrooms:ListMembers",
+        "cleanrooms:ListMemberships",
+        "cleanrooms:ListProtectedQueries",
+        "cleanrooms:ListSchemas",
+        "cleanrooms:ListTagsForResource"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "CleanRoomsMLRead",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms-ml:Get*",
+        "cleanrooms-ml:List*"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "PassCleanRoomsResources",
+      "Effect": "Allow",
+      "Action": [
+        "cleanrooms:PassMembership",
+        "cleanrooms:PassCollaboration"
+      ],
+      "Resource": "*"
+    }
+  ]
+}