Merge pull request #1084 from udondan/update-aws-managed-policies

udondan · Jan 17, 2025 · 3ba4ca4 · 3ba4ca4
2 parents d754d30 + 3a466ad
commit 3ba4ca4
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 1 deletion.
diff --git a/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json
@@ -167,6 +167,8 @@
         "cassandra:Select",
         "ce:GetAnomalyMonitors",
         "ce:GetAnomalySubscriptions",
+        "cleanrooms-ml:GetTrainingDataset",
+        "cleanrooms-ml:ListTrainingDatasets",
         "cloud9:DescribeEnvironmentMemberships",
         "cloud9:DescribeEnvironments",
         "cloud9:ListEnvironments",
@@ -244,6 +246,9 @@
         "cognito-idp:ListTagsForResource",
         "cognito-idp:ListUserPoolClients",
         "cognito-idp:ListUserPools",
+        "comprehend:DescribeFlywheel",
+        "comprehend:ListFlywheels",
+        "comprehend:ListTagsForResource",
         "config:BatchGet*",
         "config:Describe*",
         "config:Get*",
@@ -376,6 +381,7 @@
         "ec2:GetManagedPrefixListEntries",
         "ec2:GetNetworkInsightsAccessScopeAnalysisFindings",
         "ec2:GetNetworkInsightsAccessScopeContent",
+        "ec2:GetSnapshotBlockPublicAccessState",
         "ecr-public:DescribeRepositories",
         "ecr-public:GetRepositoryCatalogData",
         "ecr-public:GetRepositoryPolicy",
@@ -1025,7 +1031,16 @@
         "oam:GetSink",
         "oam:GetSinkPolicy",
         "oam:ListSinks",
+        "omics:GetAnnotationStore",
+        "omics:GetRunGroup",
+        "omics:GetSequenceStore",
+        "omics:GetVariantStore",
         "omics:GetWorkflow",
+        "omics:ListAnnotationStores",
+        "omics:ListRunGroups",
+        "omics:ListSequenceStores",
+        "omics:ListTagsForResource",
+        "omics:ListVariantStores",
         "omics:ListWorkflows",
         "opsworks:DescribeInstances",
         "opsworks:DescribeLayers",
@@ -1279,6 +1294,8 @@
         "s3:ListStorageLensGroups",
         "s3:ListTagsForResource",
         "s3express:GetBucketPolicy",
+        "s3express:GetEncryptionConfiguration",
+        "s3express:GetLifecycleConfiguration",
         "s3express:ListAllMyDirectoryBuckets",
         "sagemaker:DescribeAppImageConfig",
         "sagemaker:DescribeCodeRepository",
@@ -1353,10 +1370,13 @@
         "ses:GetConfigurationSet",
         "ses:GetConfigurationSetEventDestinations",
         "ses:GetContactList",
+        "ses:GetDedicatedIpPool",
+        "ses:GetDedicatedIps",
         "ses:GetEmailTemplate",
         "ses:GetTemplate",
         "ses:ListConfigurationSets",
         "ses:ListContactLists",
+        "ses:ListDedicatedIpPools",
         "ses:ListEmailTemplates",
         "ses:ListReceiptFilters",
         "ses:ListReceiptRuleSets",

diff --git a/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json b/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json
@@ -2,6 +2,7 @@
   "Version": "2012-10-17",
   "Statement": [
     {
+      "Sid": "LogDeliveryToFirehose",
       "Effect": "Allow",
       "Action": [
         "firehose:PutRecord",

diff --git a/docs/source/_static/managed-policies/AWS_ConfigRole.json b/docs/source/_static/managed-policies/AWS_ConfigRole.json
@@ -168,6 +168,8 @@
         "cassandra:Select",
         "ce:GetAnomalyMonitors",
         "ce:GetAnomalySubscriptions",
+        "cleanrooms-ml:GetTrainingDataset",
+        "cleanrooms-ml:ListTrainingDatasets",
         "cloud9:DescribeEnvironmentMemberships",
         "cloud9:DescribeEnvironments",
         "cloud9:ListEnvironments",
@@ -245,6 +247,9 @@
         "cognito-idp:ListTagsForResource",
         "cognito-idp:ListUserPoolClients",
         "cognito-idp:ListUserPools",
+        "comprehend:DescribeFlywheel",
+        "comprehend:ListFlywheels",
+        "comprehend:ListTagsForResource",
         "config:BatchGet*",
         "config:Describe*",
         "config:Get*",
@@ -378,6 +383,7 @@
         "ec2:GetManagedPrefixListEntries",
         "ec2:GetNetworkInsightsAccessScopeAnalysisFindings",
         "ec2:GetNetworkInsightsAccessScopeContent",
+        "ec2:GetSnapshotBlockPublicAccessState",
         "ecr-public:DescribeRepositories",
         "ecr-public:GetRepositoryCatalogData",
         "ecr-public:GetRepositoryPolicy",
@@ -1027,7 +1033,16 @@
         "oam:GetSink",
         "oam:GetSinkPolicy",
         "oam:ListSinks",
+        "omics:GetAnnotationStore",
+        "omics:GetRunGroup",
+        "omics:GetSequenceStore",
+        "omics:GetVariantStore",
         "omics:GetWorkflow",
+        "omics:ListAnnotationStores",
+        "omics:ListRunGroups",
+        "omics:ListSequenceStores",
+        "omics:ListTagsForResource",
+        "omics:ListVariantStores",
         "omics:ListWorkflows",
         "opsworks:DescribeInstances",
         "opsworks:DescribeLayers",
@@ -1280,6 +1295,8 @@
         "s3:ListStorageLensGroups",
         "s3:ListTagsForResource",
         "s3express:GetBucketPolicy",
+        "s3express:GetEncryptionConfiguration",
+        "s3express:GetLifecycleConfiguration",
         "s3express:ListAllMyDirectoryBuckets",
         "sagemaker:DescribeAppImageConfig",
         "sagemaker:DescribeCodeRepository",
@@ -1354,10 +1371,13 @@
         "ses:GetConfigurationSet",
         "ses:GetConfigurationSetEventDestinations",
         "ses:GetContactList",
+        "ses:GetDedicatedIpPool",
+        "ses:GetDedicatedIps",
         "ses:GetEmailTemplate",
         "ses:GetTemplate",
         "ses:ListConfigurationSets",
         "ses:ListContactLists",
+        "ses:ListDedicatedIpPools",
         "ses:ListEmailTemplates",
         "ses:ListReceiptFilters",
         "ses:ListReceiptRuleSets",

diff --git a/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json b/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json
@@ -177,7 +177,35 @@
         "wisdom:ListMessageTemplateVersions",
         "wisdom:CreateMessageTemplateAttachment",
         "wisdom:DeleteMessageTemplateAttachment",
-        "wisdom:RenderMessageTemplate"
+        "wisdom:RenderMessageTemplate",
+        "wisdom:CreateAIAgent",
+        "wisdom:CreateAIAgentVersion",
+        "wisdom:DeleteAIAgent",
+        "wisdom:DeleteAIAgentVersion",
+        "wisdom:UpdateAIAgent",
+        "wisdom:UpdateAssistantAIAgent",
+        "wisdom:RemoveAssistantAIAgent",
+        "wisdom:GetAIAgent",
+        "wisdom:ListAIAgents",
+        "wisdom:ListAIAgentVersions",
+        "wisdom:CreateAIPrompt",
+        "wisdom:CreateAIPromptVersion",
+        "wisdom:DeleteAIPrompt",
+        "wisdom:DeleteAIPromptVersion",
+        "wisdom:UpdateAIPrompt",
+        "wisdom:GetAIPrompt",
+        "wisdom:ListAIPrompts",
+        "wisdom:ListAIPromptVersions",
+        "wisdom:CreateAIGuardrail",
+        "wisdom:CreateAIGuardrailVersion",
+        "wisdom:DeleteAIGuardrail",
+        "wisdom:DeleteAIGuardrailVersion",
+        "wisdom:UpdateAIGuardrail",
+        "wisdom:GetAIGuardrail",
+        "wisdom:ListAIGuardrails",
+        "wisdom:ListAIGuardrailVersions",
+        "wisdom:CreateAssistant",
+        "wisdom:ListTagsForResource"
       ],
       "Resource": "*",
       "Condition": {