From 3a466ad072be5f376067b0b5d882675cbe2ee9b2 Mon Sep 17 00:00:00 2001 From: udondan Date: Fri, 17 Jan 2025 01:36:06 +0000 Subject: [PATCH] Updates AWS managed policies --- .../AWSConfigServiceRolePolicy.json | 20 +++++++++++++ .../AWSServiceRoleForLogDeliveryPolicy.json | 1 + .../managed-policies/AWS_ConfigRole.json | 20 +++++++++++++ .../AmazonConnectServiceLinkedRolePolicy.json | 30 ++++++++++++++++++- 4 files changed, 70 insertions(+), 1 deletion(-) diff --git a/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json index 4d2be40e3..b432eb0f9 100644 --- a/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json @@ -167,6 +167,8 @@ "cassandra:Select", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", + "cleanrooms-ml:GetTrainingDataset", + "cleanrooms-ml:ListTrainingDatasets", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", @@ -244,6 +246,9 @@ "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", + "comprehend:DescribeFlywheel", + "comprehend:ListFlywheels", + "comprehend:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", @@ -376,6 +381,7 @@ "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", + "ec2:GetSnapshotBlockPublicAccessState", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", @@ -1025,7 +1031,16 @@ "oam:GetSink", "oam:GetSinkPolicy", "oam:ListSinks", + "omics:GetAnnotationStore", + "omics:GetRunGroup", + "omics:GetSequenceStore", + "omics:GetVariantStore", "omics:GetWorkflow", + "omics:ListAnnotationStores", + "omics:ListRunGroups", + "omics:ListSequenceStores", + "omics:ListTagsForResource", + "omics:ListVariantStores", "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", @@ -1279,6 +1294,8 @@ "s3:ListStorageLensGroups", "s3:ListTagsForResource", "s3express:GetBucketPolicy", + "s3express:GetEncryptionConfiguration", + "s3express:GetLifecycleConfiguration", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", @@ -1353,10 +1370,13 @@ "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", + "ses:ListDedicatedIpPools", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", diff --git a/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json b/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json index c84d3a7ee..464ce0eb1 100644 --- a/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json +++ b/docs/source/_static/managed-policies/AWSServiceRoleForLogDeliveryPolicy.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "LogDeliveryToFirehose", "Effect": "Allow", "Action": [ "firehose:PutRecord", diff --git a/docs/source/_static/managed-policies/AWS_ConfigRole.json b/docs/source/_static/managed-policies/AWS_ConfigRole.json index d67d00629..d9f2c75d5 100644 --- a/docs/source/_static/managed-policies/AWS_ConfigRole.json +++ b/docs/source/_static/managed-policies/AWS_ConfigRole.json @@ -168,6 +168,8 @@ "cassandra:Select", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", + "cleanrooms-ml:GetTrainingDataset", + "cleanrooms-ml:ListTrainingDatasets", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", @@ -245,6 +247,9 @@ "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", + "comprehend:DescribeFlywheel", + "comprehend:ListFlywheels", + "comprehend:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", @@ -378,6 +383,7 @@ "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", + "ec2:GetSnapshotBlockPublicAccessState", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", @@ -1027,7 +1033,16 @@ "oam:GetSink", "oam:GetSinkPolicy", "oam:ListSinks", + "omics:GetAnnotationStore", + "omics:GetRunGroup", + "omics:GetSequenceStore", + "omics:GetVariantStore", "omics:GetWorkflow", + "omics:ListAnnotationStores", + "omics:ListRunGroups", + "omics:ListSequenceStores", + "omics:ListTagsForResource", + "omics:ListVariantStores", "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", @@ -1280,6 +1295,8 @@ "s3:ListStorageLensGroups", "s3:ListTagsForResource", "s3express:GetBucketPolicy", + "s3express:GetEncryptionConfiguration", + "s3express:GetLifecycleConfiguration", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", @@ -1354,10 +1371,13 @@ "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", + "ses:ListDedicatedIpPools", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", diff --git a/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json b/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json index 3ac991ad6..468fb3ccb 100644 --- a/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json @@ -177,7 +177,35 @@ "wisdom:ListMessageTemplateVersions", "wisdom:CreateMessageTemplateAttachment", "wisdom:DeleteMessageTemplateAttachment", - "wisdom:RenderMessageTemplate" + "wisdom:RenderMessageTemplate", + "wisdom:CreateAIAgent", + "wisdom:CreateAIAgentVersion", + "wisdom:DeleteAIAgent", + "wisdom:DeleteAIAgentVersion", + "wisdom:UpdateAIAgent", + "wisdom:UpdateAssistantAIAgent", + "wisdom:RemoveAssistantAIAgent", + "wisdom:GetAIAgent", + "wisdom:ListAIAgents", + "wisdom:ListAIAgentVersions", + "wisdom:CreateAIPrompt", + "wisdom:CreateAIPromptVersion", + "wisdom:DeleteAIPrompt", + "wisdom:DeleteAIPromptVersion", + "wisdom:UpdateAIPrompt", + "wisdom:GetAIPrompt", + "wisdom:ListAIPrompts", + "wisdom:ListAIPromptVersions", + "wisdom:CreateAIGuardrail", + "wisdom:CreateAIGuardrailVersion", + "wisdom:DeleteAIGuardrail", + "wisdom:DeleteAIGuardrailVersion", + "wisdom:UpdateAIGuardrail", + "wisdom:GetAIGuardrail", + "wisdom:ListAIGuardrails", + "wisdom:ListAIGuardrailVersions", + "wisdom:CreateAssistant", + "wisdom:ListTagsForResource" ], "Resource": "*", "Condition": {