From 2296995e7a43338fa71111fecbb83c96e91f5f54 Mon Sep 17 00:00:00 2001 From: viren-nadkarni <5170829+viren-nadkarni@users.noreply.github.com> Date: Wed, 1 Apr 2026 06:39:42 +0000 Subject: [PATCH] chore: update IAM Managed Policies --- moto/iam/aws_managed_policies.py | 4131 ++++++++++++++++++++++++++---- 1 file changed, 3608 insertions(+), 523 deletions(-) diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py index 28caa7b3f72f..d7837d8da4dd 100644 --- a/moto/iam/aws_managed_policies.py +++ b/moto/iam/aws_managed_policies.py @@ -1,6 +1,1142 @@ # Imported via `make aws_managed_policies` aws_managed_policies_data = """ { + "AIDevOpsAgentAccessPolicy":{ + "CreateDate":"2026-03-26T03:42:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:GetAnalyzer", + "access-analyzer:List*", + "acm-pca:Describe*", + "acm-pca:GetCertificate", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:List*", + "acm:DescribeCertificate", + "acm:GetAccountConfiguration", + "aidevops:GetKnowledgeItem", + "aidevops:ListKnowledgeItems", + "airflow:List*", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:GetDomainAssociation", + "amplify:List*", + "aoss:BatchGetCollection", + "aoss:BatchGetLifecyclePolicy", + "aoss:BatchGetVpcEndpoint", + "aoss:GetAccessPolicy", + "aoss:GetSecurityConfig", + "aoss:GetSecurityPolicy", + "aoss:List*", + "appconfig:GetApplication", + "appconfig:GetConfigurationProfile", + "appconfig:GetEnvironment", + "appconfig:GetHostedConfigurationVersion", + "appconfig:List*", + "appflow:Describe*", + "appflow:List*", + "application-autoscaling:Describe*", + "application-signals:BatchGetServiceLevelObjectiveBudgetReport", + "application-signals:GetService", + "application-signals:GetServiceLevelObjective", + "application-signals:List*", + "applicationinsights:Describe*", + "applicationinsights:List*", + "apprunner:Describe*", + "apprunner:List*", + "appstream:Describe*", + "appstream:List*", + "appsync:GetApiAssociation", + "appsync:GetDataSource", + "appsync:GetDomainName", + "appsync:GetFunction", + "appsync:GetGraphqlApi", + "appsync:GetGraphqlApiEnvironmentVariables", + "appsync:GetIntrospectionSchema", + "appsync:GetResolver", + "appsync:GetSourceApiAssociation", + "appsync:List*", + "aps:Describe*", + "aps:List*", + "arc-zonal-shift:GetManagedResource", + "arc-zonal-shift:List*", + "athena:GetCapacityAssignmentConfiguration", + "athena:GetCapacityReservation", + "athena:GetDataCatalog", + "athena:GetNamedQuery", + "athena:GetPreparedStatement", + "athena:GetWorkGroup", + "athena:List*", + "auditmanager:GetAssessment", + "auditmanager:List*", + "autoscaling:Describe*", + "backup-gateway:GetHypervisor", + "backup-gateway:List*", + "backup:Describe*", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:GetRestoreTestingPlan", + "backup:GetRestoreTestingSelection", + "backup:List*", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobQueues", + "batch:DescribeSchedulingPolicies", + "batch:List*", + "bedrock:GetAgent", + "bedrock:GetAgentActionGroup", + "bedrock:GetAgentAlias", + "bedrock:GetAgentKnowledgeBase", + "bedrock:GetDataSource", + "bedrock:GetGuardrail", + "bedrock:GetKnowledgeBase", + "bedrock:List*", + "budgets:Describe*", + "budgets:List*", + "ce:Describe*", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:List*", + "chatbot:Describe*", + "chatbot:GetMicrosoftTeamsChannelConfiguration", + "chatbot:List*", + "cleanrooms-ml:GetTrainingDataset", + "cleanrooms-ml:List*", + "cleanrooms:GetAnalysisTemplate", + "cleanrooms:GetCollaboration", + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "cleanrooms:GetConfiguredTableAssociation", + "cleanrooms:GetMembership", + "cleanrooms:List*", + "cloudformation:Describe*", + "cloudformation:GetResource", + "cloudformation:GetStackPolicy", + "cloudformation:GetTemplate", + "cloudformation:List*", + "cloudfront:Describe*", + "cloudfront:GetCachePolicy", + "cloudfront:GetCloudFrontOriginAccessIdentity", + "cloudfront:GetContinuousDeploymentPolicy", + "cloudfront:GetDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:GetFunction", + "cloudfront:GetKeyGroup", + "cloudfront:GetMonitoringSubscription", + "cloudfront:GetOriginAccessControl", + "cloudfront:GetOriginRequestPolicy", + "cloudfront:GetPublicKey", + "cloudfront:GetRealtimeLogConfig", + "cloudfront:GetResponseHeadersPolicy", + "cloudfront:List*", + "cloudtrail:Describe*", + "cloudtrail:GetChannel", + "cloudtrail:GetEventConfiguration", + "cloudtrail:GetEventDataStore", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", + "cloudtrail:GetQueryResults", + "cloudtrail:GetResourcePolicy", + "cloudtrail:GetTrail", + "cloudtrail:GetTrailStatus", + "cloudtrail:List*", + "cloudtrail:LookupEvents", + "cloudtrail:StartQuery", + "cloudwatch:Describe*", + "cloudwatch:GenerateQuery", + "cloudwatch:GetDashboard", + "cloudwatch:GetInsightRuleReport", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricStream", + "cloudwatch:GetService", + "cloudwatch:GetServiceLevelObjective", + "cloudwatch:List*", + "codeartifact:Describe*", + "codeartifact:GetDomainPermissionsPolicy", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:List*", + "codebuild:BatchGetFleets", + "codebuild:List*", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codedeploy:BatchGetDeployments", + "codedeploy:BatchGetDeploymentTargets", + "codedeploy:GetApplication", + "codedeploy:GetDeploymentConfig", + "codedeploy:GetDeploymentTarget", + "codedeploy:List*", + "codeguru-profiler:Describe*", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy", + "codeguru-profiler:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:List*", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:List*", + "codestar-connections:GetConnection", + "codestar-connections:GetRepositoryLink", + "codestar-connections:GetSyncConfiguration", + "codestar-connections:List*", + "codestar-notifications:Describe*", + "codestar-notifications:List*", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:ListIdentityPools", + "cognito-identity:ListTagsForResource", + "cognito-idp:AdminListGroupsForUser", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeRiskConfiguration", + "cognito-idp:DescribeUserImportJob", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:GetGroup", + "cognito-idp:GetLogDeliveryConfiguration", + "cognito-idp:GetUICustomization", + "cognito-idp:GetUserPoolMfaConfig", + "cognito-idp:GetWebACLForResource", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListResourceServers", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListTagsForResource", + "comprehend:Describe*", + "comprehend:List*", + "config:Describe*", + "config:GetStoredQuery", + "config:List*", + "connect:Describe*", + "connect:GetTaskTemplate", + "connect:List*", + "databrew:Describe*", + "databrew:List*", + "datapipeline:Describe*", + "datapipeline:GetPipelineDefinition", + "datapipeline:List*", + "datasync:Describe*", + "datasync:List*", + "deadline:GetFarm", + "deadline:GetFleet", + "deadline:GetLicenseEndpoint", + "deadline:GetMonitor", + "deadline:GetQueue", + "deadline:GetQueueEnvironment", + "deadline:GetQueueFleetAssociation", + "deadline:GetStorageProfile", + "deadline:List*", + "detective:GetMembers", + "detective:List*", + "devicefarm:GetDevicePool", + "devicefarm:GetInstanceProfile", + "devicefarm:GetNetworkProfile", + "devicefarm:GetProject", + "devicefarm:GetTestGridProject", + "devicefarm:GetVPCEConfiguration", + "devicefarm:List*", + "devops-guru:Describe*", + "devops-guru:GetResourceCollection", + "devops-guru:List*", + "dms:Describe*", + "dms:List*", + "ds:Describe*", + "dynamodb:Describe*", + "dynamodb:GetResourcePolicy", + "dynamodb:List*", + "ec2:Describe*", + "ec2:GetAssociatedEnclaveCertificateIamRoles", + "ec2:GetIpamPoolAllocations", + "ec2:GetIpamPoolCidrs", + "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeContent", + "ec2:GetSnapshotBlockPublicAccessState", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:GetVerifiedAccessEndpointPolicy", + "ec2:GetVerifiedAccessGroupPolicy", + "ec2:GetVerifiedAccessInstanceWebAcl", + "ec2:SearchLocalGatewayRoutes", + "ec2:SearchTransitGatewayRoutes", + "ecr:Describe*", + "ecr:GetLifecyclePolicy", + "ecr:GetRegistryPolicy", + "ecr:GetRepositoryPolicy", + "ecr:List*", + "ecs:Describe*", + "ecs:List*", + "eks:AccessKubernetesApi", + "eks:Describe*", + "eks:List*", + "elasticache:Describe*", + "elasticache:List*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticfilesystem:Describe*", + "elasticloadbalancing:GetResourcePolicy", + "elasticloadbalancing:GetTrustStoreCaCertificatesBundle", + "elasticloadbalancing:GetTrustStoreRevocationContent", + "elasticloadbalancing:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:List*", + "emr-containers:Describe*", + "emr-containers:List*", + "emr-serverless:GetApplication", + "emr-serverless:List*", + "es:Describe*", + "es:List*", + "events:Describe*", + "events:List*", + "evidently:GetExperiment", + "evidently:GetFeature", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:GetSegment", + "evidently:List*", + "firehose:Describe*", + "firehose:List*", + "fis:GetExperimentTemplate", + "fis:GetTargetAccountConfiguration", + "fis:List*", + "fms:GetNotificationChannel", + "fms:GetPolicy", + "fms:List*", + "forecast:Describe*", + "forecast:List*", + "frauddetector:BatchGetVariable", + "frauddetector:Describe*", + "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", + "frauddetector:GetEntityTypes", + "frauddetector:GetEventTypes", + "frauddetector:GetExternalModels", + "frauddetector:GetLabels", + "frauddetector:GetListElements", + "frauddetector:GetListsMetadata", + "frauddetector:GetModelVersion", + "frauddetector:GetOutcomes", + "frauddetector:GetRules", + "frauddetector:GetVariables", + "frauddetector:List*", + "fsx:Describe*", + "gamelift:Describe*", + "gamelift:List*", + "globalaccelerator:Describe*", + "globalaccelerator:List*", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetJob", + "glue:GetRegistry", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTags", + "glue:GetTrigger", + "glue:List*", + "glue:querySchemaVersionMetadata", + "grafana:Describe*", + "grafana:List*", + "greengrass:Describe*", + "greengrass:GetDeployment", + "greengrass:List*", + "groundstation:GetConfig", + "groundstation:GetDataflowEndpointGroup", + "groundstation:GetMissionProfile", + "groundstation:List*", + "guardduty:GetDetector", + "guardduty:GetFilter", + "guardduty:GetIPSet", + "guardduty:GetMalwareProtectionPlan", + "guardduty:GetMasterAccount", + "guardduty:GetMembers", + "guardduty:GetThreatIntelSet", + "guardduty:List*", + "health:DescribeEvents", + "health:DescribeEventDetails", + "healthlake:Describe*", + "healthlake:List*", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetInstanceProfile", + "iam:GetLoginProfile", + "iam:GetOpenIDConnectProvider", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetSAMLProvider", + "iam:GetServerCertificate", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedRolePolicies", + "iam:ListOpenIDConnectProviders", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListServerCertificates", + "iam:ListVirtualMFADevices", + "identitystore:DescribeGroup", + "identitystore:DescribeGroupMembership", + "identitystore:ListGroupMemberships", + "identitystore:ListGroups", + "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", + "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImage", + "imagebuilder:GetImagePipeline", + "imagebuilder:GetImageRecipe", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetLifecyclePolicy", + "imagebuilder:GetWorkflow", + "imagebuilder:List*", + "inspector2:List*", + "inspector:Describe*", + "inspector:List*", + "internetmonitor:GetMonitor", + "internetmonitor:List*", + "iot:Describe*", + "iot:GetPackage", + "iot:GetPackageVersion", + "iot:GetPolicy", + "iot:GetThingShadow", + "iot:GetTopicRule", + "iot:GetTopicRuleDestination", + "iot:GetV2LoggingOptions", + "iot:List*", + "iotanalytics:Describe*", + "iotanalytics:List*", + "iotevents:Describe*", + "iotevents:List*", + "iotsitewise:Describe*", + "iotsitewise:List*", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", + "iotwireless:GetFuotaTask", + "iotwireless:GetMulticastGroup", + "iotwireless:GetNetworkAnalyzerConfiguration", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGateway", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:List*", + "ivs:GetChannel", + "ivs:GetEncoderConfiguration", + "ivs:GetPlaybackRestrictionPolicy", + "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:List*", + "ivschat:GetLoggingConfiguration", + "ivschat:GetRoom", + "ivschat:List*", + "kafka:Describe*", + "kafka:GetClusterPolicy", + "kafka:List*", + "kafkaconnect:Describe*", + "kafkaconnect:List*", + "kendra:Describe*", + "kendra:List*", + "kinesis:Describe*", + "kinesis:GetResourcePolicy", + "kinesis:List*", + "kinesisanalytics:Describe*", + "kinesisanalytics:List*", + "kinesisvideo:Describe*", + "kms:DescribeKey", + "kms:ListResourceTags", + "kms:ListKeys", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListAliases", + "kms:ListKeyRotations", + "lakeformation:Describe*", + "lakeformation:GetLFTag", + "lakeformation:GetResourceLFTags", + "lakeformation:List*", + "lambda:GetAlias", + "lambda:GetCodeSigningConfig", + "lambda:GetEventSourceMapping", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetFunctionConfiguration", + "lambda:GetFunctionEventInvokeConfig", + "lambda:GetFunctionRecursionConfig", + "lambda:GetFunctionUrlConfig", + "lambda:GetLayerVersion", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:GetRuntimeManagementConfig", + "lambda:List*", + "launchwizard:GetDeployment", + "launchwizard:List*", + "license-manager:GetLicense", + "license-manager:List*", + "lightsail:GetAlarms", + "lightsail:GetBuckets", + "lightsail:GetCertificates", + "lightsail:GetContainerServices", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetInstance", + "lightsail:GetInstances", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:GetStaticIp", + "lightsail:GetStaticIps", + "logs:Describe*", + "logs:FilterLogEvents", + "logs:GetDataProtectionPolicy", + "logs:GetDelivery", + "logs:GetDeliveryDestination", + "logs:GetDeliveryDestinationPolicy", + "logs:GetDeliverySource", + "logs:GetLogAnomalyDetector", + "logs:GetLogDelivery", + "logs:GetLogGroupFields", + "logs:GetQueryResults", + "logs:List*", + "logs:StartQuery", + "logs:StopLiveTail", + "logs:StopQuery", + "logs:TestMetricFilter", + "m2:GetApplication", + "m2:GetEnvironment", + "m2:List*", + "macie2:GetAllowList", + "macie2:GetCustomDataIdentifier", + "macie2:GetFindingsFilter", + "macie2:GetMacieSession", + "macie2:List*", + "mediaconnect:Describe*", + "mediaconnect:List*", + "medialive:Describe*", + "medialive:GetCloudWatchAlarmTemplate", + "medialive:GetCloudWatchAlarmTemplateGroup", + "medialive:GetEventBridgeRuleTemplate", + "medialive:GetEventBridgeRuleTemplateGroup", + "medialive:GetSignalMap", + "medialive:List*", + "mediapackage-vod:Describe*", + "mediapackage-vod:List*", + "mediapackage:Describe*", + "mediapackage:List*", + "mediapackagev2:GetChannel", + "mediapackagev2:GetChannelGroup", + "mediapackagev2:GetChannelPolicy", + "mediapackagev2:GetOriginEndpoint", + "mediapackagev2:GetOriginEndpointPolicy", + "mediapackagev2:List*", + "memorydb:Describe*", + "memorydb:List*", + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:List*", + "mq:Describe*", + "mq:List*", + "network-firewall:Describe*", + "network-firewall:List*", + "networkmanager:Describe*", + "networkmanager:GetConnectAttachment", + "networkmanager:GetConnectPeer", + "networkmanager:GetCoreNetwork", + "networkmanager:GetCoreNetworkPolicy", + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:GetDevices", + "networkmanager:GetLinkAssociations", + "networkmanager:GetLinks", + "networkmanager:GetSites", + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:GetTransitGatewayPeering", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:GetTransitGatewayRouteTableAttachment", + "networkmanager:GetVpcAttachment", + "networkmanager:List*", + "oam:GetLink", + "oam:GetSink", + "oam:GetSinkPolicy", + "oam:List*", + "omics:GetAnnotationStore", + "omics:GetReferenceStore", + "omics:GetRunGroup", + "omics:GetSequenceStore", + "omics:GetVariantStore", + "omics:GetWorkflow", + "omics:List*", + "organizations:Describe*", + "organizations:List*", + "osis:GetPipeline", + "osis:List*", + "payment-cryptography:GetAlias", + "payment-cryptography:GetKey", + "payment-cryptography:List*", + "pca-connector-ad:GetConnector", + "pca-connector-ad:GetDirectoryRegistration", + "pca-connector-ad:GetServicePrincipalName", + "pca-connector-ad:GetTemplate", + "pca-connector-ad:GetTemplateGroupAccessControlEntry", + "pca-connector-ad:List*", + "pca-connector-scep:GetChallengeMetadata", + "pca-connector-scep:GetConnector", + "pca-connector-scep:List*", + "personalize:Describe*", + "personalize:List*", + "pi:DescribeDimensionKeys", + "pi:GetResourceMetadata", + "pi:GetResourceMetrics", + "pi:ListAvailableResourceDimensions", + "pi:ListAvailableResourceMetrics", + "pipes:Describe*", + "pipes:List*", + "proton:GetEnvironmentTemplate", + "proton:GetServiceTemplate", + "proton:List*", + "qbusiness:GetApplication", + "qbusiness:GetDataSource", + "qbusiness:GetIndex", + "qbusiness:GetPlugin", + "qbusiness:GetRetriever", + "qbusiness:GetWebExperience", + "qbusiness:List*", + "ram:GetPermission", + "ram:GetResourceShares", + "ram:List*", + "rds:Describe*", + "rds:List*", + "redshift-serverless:GetNamespace", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:List*", + "redshift:Describe*", + "refactor-spaces:GetApplication", + "refactor-spaces:GetEnvironment", + "refactor-spaces:GetRoute", + "refactor-spaces:List*", + "rekognition:Describe*", + "rekognition:List*", + "resiliencehub:Describe*", + "resiliencehub:List*", + "resource-explorer-2:GetDefaultView", + "resource-explorer-2:GetIndex", + "resource-explorer-2:GetView", + "resource-explorer-2:List*", + "resource-explorer-2:Search", + "resource-groups:GetGroup", + "resource-groups:GetGroupConfiguration", + "resource-groups:GetGroupQuery", + "resource-groups:GetTags", + "resource-groups:List*", + "route53-recovery-control-config:Describe*", + "route53-recovery-control-config:List*", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:List*", + "route53:GetDNSSEC", + "route53:GetHealthCheck", + "route53:GetHealthCheckStatus", + "route53:GetHostedZone", + "route53:List*", + "route53profiles:GetProfile", + "route53profiles:GetProfileAssociation", + "route53profiles:GetProfileResourceAssociation", + "route53profiles:List*", + "route53resolver:GetFirewallDomainList", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:GetOutpostResolver", + "route53resolver:GetResolverConfig", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:GetResolverQueryLogConfigAssociation", + "route53resolver:GetResolverRule", + "route53resolver:GetResolverRuleAssociation", + "route53resolver:List*", + "rum:GetAppMonitor", + "rum:List*", + "s3-outposts:ListEndpoints", + "s3-outposts:ListOutpostsWithS3", + "s3:GetAccessGrant", + "s3:GetAccessGrantsInstance", + "s3:GetAccessGrantsLocation", + "s3:GetAccessPoint", + "s3:GetAccessPointConfigurationForObjectLambda", + "s3:GetAccessPointForObjectLambda", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyForObjectLambda", + "s3:GetAccessPointPolicyStatusForObjectLambda", + "s3:GetBucketAbac", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketMetadataTableConfiguration", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketOwnershipControls", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus", + "s3:GetReplicationConfiguration", + "s3:GetStorageLensConfiguration", + "s3:GetStorageLensConfigurationTagging", + "s3:GetStorageLensGroup", + "s3:ListAllMyBuckets", + "sagemaker:Describe*", + "sagemaker:List*", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:List*", + "schemas:Describe*", + "schemas:GetResourcePolicy", + "schemas:List*", + "secretsmanager:Describe*", + "secretsmanager:GetResourcePolicy", + "secretsmanager:List*", + "securityhub:BatchGetAutomationRules", + "securityhub:BatchGetSecurityControls", + "securityhub:Describe*", + "securityhub:GetConfigurationPolicy", + "securityhub:GetConfigurationPolicyAssociation", + "securityhub:GetEnabledStandards", + "securityhub:GetFindingAggregator", + "securityhub:GetInsights", + "securityhub:List*", + "securitylake:GetSubscriber", + "securitylake:List*", + "servicecatalog:Describe*", + "servicecatalog:GetApplication", + "servicecatalog:GetAttributeGroup", + "servicecatalog:List*", + "servicequotas:GetServiceQuota", + "ses:Describe*", + "ses:GetAccount", + "ses:GetAddonInstance", + "ses:GetAddonSubscription", + "ses:GetArchive", + "ses:GetConfigurationSet", + "ses:GetConfigurationSetEventDestinations", + "ses:GetContactList", + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps", + "ses:GetEmailIdentity", + "ses:GetEmailTemplate", + "ses:GetIngressPoint", + "ses:GetRelay", + "ses:GetRuleSet", + "ses:GetTemplate", + "ses:GetTrafficPolicy", + "ses:List*", + "shield:Describe*", + "shield:List*", + "signer:GetSigningProfile", + "signer:List*", + "sns:GetDataProtectionPolicy", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:List*", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:List*", + "ssm-contacts:GetContact", + "ssm-contacts:GetContactChannel", + "ssm-contacts:List*", + "ssm-incidents:GetReplicationSet", + "ssm-incidents:GetResponsePlan", + "ssm-incidents:List*", + "ssm-sap:GetApplication", + "ssm-sap:List*", + "ssm:Describe*", + "ssm:GetDefaultPatchBaseline", + "ssm:GetDocument", + "ssm:GetParameters", + "ssm:GetPatchBaseline", + "ssm:GetResourcePolicies", + "ssm:List*", + "sso:GetInlinePolicyForPermissionSet", + "sso:GetManagedApplicationInstance", + "sso:GetPermissionsBoundaryForPermissionSet", + "sso:GetSharedSsoConfiguration", + "sso:ListAccountAssignments", + "sso:ListApplicationAssignments", + "sso:ListApplications", + "sso:ListCustomerManagedPolicyReferencesInPermissionSet", + "sso:ListInstances", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListTagsForResource", + "states:GetExecutionHistory", + "states:Describe*", + "states:List*", + "support:CreateCase", + "support:DescribeCases", + "synthetics:Describe*", + "synthetics:GetCanary", + "synthetics:GetCanaryRuns", + "synthetics:GetGroup", + "synthetics:List*", + "tag:GetResources", + "timestream:Describe*", + "timestream:List*", + "transfer:Describe*", + "transfer:List*", + "verifiedpermissions:GetIdentitySource", + "verifiedpermissions:GetPolicy", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetPolicyTemplate", + "verifiedpermissions:GetSchema", + "verifiedpermissions:List*", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:GetAuthPolicy", + "vpc-lattice:GetListener", + "vpc-lattice:GetResourcePolicy", + "vpc-lattice:GetRule", + "vpc-lattice:GetService", + "vpc-lattice:GetServiceNetwork", + "vpc-lattice:GetServiceNetworkServiceAssociation", + "vpc-lattice:GetServiceNetworkVpcAssociation", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:List*", + "wafv2:GetIPSet", + "wafv2:GetLoggingConfiguration", + "wafv2:GetRegexPatternSet", + "wafv2:GetRuleGroup", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:List*", + "workspaces-web:GetBrowserSettings", + "workspaces-web:GetIdentityProvider", + "workspaces-web:GetNetworkSettings", + "workspaces-web:GetPortal", + "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetTrustStore", + "workspaces-web:GetUserAccessLoggingSettings", + "workspaces-web:GetUserSettings", + "workspaces-web:List*", + "workspaces:Describe*", + "xray:BatchGetTraces", + "xray:GetGroup", + "xray:GetGroups", + "xray:GetSamplingRules", + "xray:GetServiceGraph", + "xray:GetTraceSummaries", + "xray:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIOPSServiceAccess" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/restapis/*/deployments", + "arn:aws:apigateway:*::/restapis/*/deployments/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations/*", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/apis/*/deployments", + "arn:aws:apigateway:*::/apis/*/deployments/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*", + "arn:aws:apigateway:*::/domainnames/*" + ], + "Sid":"AIOPSAPIGatewayAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-26T03:42:09+00:00" + }, + "AIDevOpsAgentFullAccess":{ + "CreateDate":"2026-03-26T03:42:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aidevops:CreateAgentSpace", + "aidevops:DeleteAgentSpace", + "aidevops:GetAgentSpace", + "aidevops:ListAgentSpaces", + "aidevops:UpdateAgentSpace" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsAgentSpaceAccess" + }, + { + "Action":[ + "aidevops:DeregisterService", + "aidevops:GetService", + "aidevops:ListServices", + "aidevops:RegisterService", + "aidevops:SearchServiceAccessibleResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsServiceAccess" + }, + { + "Action":[ + "aidevops:AssociateService", + "aidevops:DisassociateService", + "aidevops:GetAssociation", + "aidevops:ListAssociations", + "aidevops:UpdateAssociation", + "aidevops:ValidateAwsAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsAssociationAccess" + }, + { + "Action":[ + "aidevops:ListWebhooks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsWebhookAccess" + }, + { + "Action":[ + "aidevops:DisableOperatorApp", + "aidevops:EnableOperatorApp", + "aidevops:GetOperatorApp", + "aidevops:UpdateOperatorAppIdpConfig" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsOperatorAppAccess" + }, + { + "Action":[ + "aidevops:CreateKnowledgeItem", + "aidevops:DeleteKnowledgeItem", + "aidevops:GetKnowledgeItem", + "aidevops:ListKnowledgeItems", + "aidevops:ListKnowledgeItemVersions", + "aidevops:UpdateKnowledgeItem" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsKnowledgeAccess" + }, + { + "Action":[ + "aidevops:CreateBacklogTask", + "aidevops:GetBacklogTask", + "aidevops:ListBacklogTasks", + "aidevops:ListGoals", + "aidevops:UpdateBacklogTask", + "aidevops:UpdateGoal" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsBacklogAccess" + }, + { + "Action":[ + "aidevops:GetRecommendation", + "aidevops:ListRecommendations", + "aidevops:UpdateRecommendation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsRecommendationAccess" + }, + { + "Action":[ + "aidevops:CreateChat", + "aidevops:ListChats", + "aidevops:ListPendingMessages", + "aidevops:SendMessage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsAgentChatAccess" + }, + { + "Action":[ + "aidevops:ListExecutions", + "aidevops:ListJournalRecords" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsJournalAccess" + }, + { + "Action":[ + "aidevops:DiscoverTopology" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsTopologyAccess" + }, + { + "Action":[ + "aidevops:DescribeSupportLevel", + "aidevops:EndChatForCase", + "aidevops:InitiateChatForCase" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsSupportAccess" + }, + { + "Action":[ + "aidevops:GetAccountUsage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsUsageAccess" + }, + { + "Action":[ + "aidevops:ListTagsForResource", + "aidevops:TagResource", + "aidevops:UntagResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsTaggingAccess" + }, + { + "Action":[ + "aidevops:AllowVendedLogDeliveryForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsVendedLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-26T03:42:16+00:00" + }, + "AIDevOpsAgentReadOnlyAccess":{ + "CreateDate":"2026-03-26T03:42:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aidevops:Get*", + "aidevops:List*", + "aidevops:SearchServiceAccessibleResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIDevOpsAgentReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-26T03:42:07+00:00" + }, + "AIDevOpsOperatorAppAccessPolicy":{ + "CreateDate":"2026-03-26T03:42:13+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "aidevops:GetAgentSpace", + "aidevops:GetAssociation", + "aidevops:ListAssociations", + "aidevops:CreateBacklogTask", + "aidevops:GetBacklogTask", + "aidevops:UpdateBacklogTask", + "aidevops:ListBacklogTasks", + "aidevops:ListJournalRecords", + "aidevops:DiscoverTopology", + "aidevops:ListGoals", + "aidevops:UpdateGoal", + "aidevops:ListRecommendations", + "aidevops:ListExecutions", + "aidevops:GetRecommendation", + "aidevops:UpdateRecommendation", + "aidevops:CreateKnowledgeItem", + "aidevops:ListKnowledgeItems", + "aidevops:ListKnowledgeItemVersions", + "aidevops:GetKnowledgeItem", + "aidevops:UpdateKnowledgeItem", + "aidevops:DeleteKnowledgeItem", + "aidevops:ListPendingMessages", + "aidevops:InitiateChatForCase", + "aidevops:EndChatForCase", + "aidevops:DescribeSupportLevel", + "aidevops:ListChats", + "aidevops:CreateChat", + "aidevops:SendMessage" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:aidevops:*:*:agentspace/${aws:PrincipalTag/AgentSpaceId}", + "Sid":"AllowOperatorAgentSpaceActions" + }, + { + "Action":[ + "aidevops:GetAccountUsage" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowOperatorAccountActions" + }, + { + "Action":[ + "support:DescribeCases", + "support:InitiateChatForCase", + "support:DescribeSupportLevel" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowSupportOperatorActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-29T03:57:08+00:00" + }, "AIOpsAssistantIncidentReportPolicy":{ "CreateDate":"2025-10-10T22:04:07+00:00", "DefaultVersionId":"v3", @@ -10671,6 +11807,78 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-07-15T21:37:06+00:00" }, + "AWSBedrockAgentCoreGatewayNetworkServiceRolePolicy":{ + "CreateDate":"2026-03-28T22:12:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"vpc-lattice.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice" + ], + "Sid":"AllowSLRActionsForLattice" + }, + { + "Action":[ + "vpc-lattice:CreateResourceGateway", + "vpc-lattice:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/BedrockAgentCoreGatewayManaged":"true", + "aws:ResourceTag/BedrockAgentCoreGatewayManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:vpc-lattice:*:*:resourcegateway/*" + ], + "Sid":"AllowResourceGatewayCreate" + }, + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowEC2PermissionsForResourceGatewayCreate" + }, + { + "Action":[ + "vpc-lattice:DeleteResourceGateway", + "vpc-lattice:GetResourceGateway" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/BedrockAgentCoreGatewayManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowResourceGatewayDelete" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-28T22:12:08+00:00" + }, "AWSBillingConductorFullAccess":{ "CreateDate":"2022-04-13T18:02:29+00:00", "DefaultVersionId":"v7", @@ -11314,12 +12522,13 @@ }, "AWSCertificateManagerReadOnly":{ "CreateDate":"2016-01-21T17:07:33+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":{ "Action":[ "acm:DescribeCertificate", "acm:ListCertificates", + "acm:SearchCertificates", "acm:GetCertificate", "acm:ListTagsForCertificate", "acm:GetAccountConfiguration" @@ -11331,7 +12540,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-15T16:25:21+00:00" + "UpdateDate":"2026-03-31T18:57:22+00:00" }, "AWSChatbotServiceLinkedRolePolicy":{ "CreateDate":"2019-11-18T16:39:50+00:00", @@ -15142,7 +16351,7 @@ }, "AWSCompromisedKeyQuarantineV3":{ "CreateDate":"2024-08-21T17:36:49+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -15151,6 +16360,9 @@ "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", + "ec2:PurchaseReservedInstancesOffering", + "ec2:AcceptReservedInstancesExchangeQuote", + "ec2:CreateReservedInstancesListing", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", @@ -15174,6 +16386,9 @@ "iam:UpdateAssumeRolePolicy", "iam:UpdateLoginProfile", "iam:UpdateUser", + "iam:DeleteRole", + "iam:DeleteAccessKey", + "iam:ListUsers", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateFunction", @@ -15183,6 +16398,7 @@ "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", + "lambda:GetEventSourceMapping", "lightsail:Create*", "lightsail:Delete*", "lightsail:DownloadDefaultKeyPair", @@ -15192,6 +16408,8 @@ "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", + "organizations:LeaveOrganization", + "organizations:AcceptHandshake", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteObjectVersion", @@ -15203,9 +16421,11 @@ "s3:PutAccountPublicAccessBlock", "s3:PutBucketPolicy", "s3:ListAllMyBuckets", - "ec2:PurchaseReservedInstancesOffering", - "ec2:AcceptReservedInstancesExchangeQuote", - "ec2:CreateReservedInstancesListing", + "s3:CreateBucket", + "s3:PutBucketCors", + "s3:GetObject", + "s3:ListBucket", + "s3:PutEncryptionConfiguration", "savingsplans:CreateSavingsPlan", "ecs:CreateService", "ecs:CreateCluster", @@ -15216,10 +16436,6 @@ "bedrock:CreateFoundationModelAgreement", "bedrock:PutFoundationModelEntitlement", "bedrock:InvokeModel", - "s3:CreateBucket", - "s3:PutBucketCors", - "s3:GetObject", - "s3:ListBucket", "sagemaker:CreateEndpointConfig", "sagemaker:CreateProcessingJob", "ses:GetSendQuota", @@ -15230,24 +16446,38 @@ "amplify:CreateBackendEnvironment", "codebuild:CreateProject", "glue:CreateJob", - "iam:DeleteRole", - "iam:DeleteAccessKey", - "iam:ListUsers", - "lambda:GetEventSourceMapping", "sns:GetSMSAttributes", - "mediapackagev2:CreateChannel" + "mediapackagev2:CreateChannel", + "logs:PutLogEvents", + "kms:PutKeyPolicy", + "kms:RetireGrant", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:DeleteImportedKeyMaterial" ], "Effect":"Deny", "Resource":[ "*" ] + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Null":{ + "kms:ViaService":"true" + } + }, + "Effect":"Deny", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-10-02T16:52:27+00:00" + "UpdateDate":"2026-03-16T16:27:14+00:00" }, "AWSConfigMultiAccountSetupPolicy":{ "CreateDate":"2019-06-17T18:03:16+00:00", @@ -18084,7 +19314,7 @@ }, "AWSControlTowerServiceRolePolicy":{ "CreateDate":"2019-05-03T18:19:11+00:00", - "DefaultVersionId":"v19", + "DefaultVersionId":"v20", "Document":{ "Statement":[ { @@ -18275,7 +19505,8 @@ "Action":[ "cloudformation:SetTypeConfiguration", "cloudformation:DeactivateType", - "cloudformation:ActivateType" + "cloudformation:ActivateType", + "cloudformation:BatchDescribeTypeConfigurations" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:type/hook/AWS-ControlTower*", @@ -18295,7 +19526,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:01:58+00:00" + "UpdateDate":"2026-03-23T18:42:11+00:00" }, "AWSCostAndUsageReportAutomationPolicy":{ "CreateDate":"2021-11-01T21:27:29+00:00", @@ -22414,6 +23645,113 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-11-13T01:34:10+00:00" }, + "AWSEC2VssRestorePolicy":{ + "CreateDate":"2026-03-25T23:12:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateVolume", + "Condition":{ + "ArnLike":{ + "ec2:ParentSnapshot":"arn:aws:ec2:*:*:snapshot/*" + }, + "StringLike":{ + "aws:RequestTag/AwsVssConfig":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"CreateVolumeAccessVolume" + }, + { + "Action":"ec2:CreateVolume", + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/AwsVssConfig":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"CreateVolumeAccessSnapshot" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVolume" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"CreateVolumeWithTagging" + }, + { + "Action":"ec2:AttachVolume", + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/AwsVssConfig":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AttachVolumeAccessVolume" + }, + { + "Action":"ec2:AttachVolume", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"AttachVolumeAccessInstance" + }, + { + "Action":"ec2:DescribeVolumes", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeVolumes" + }, + { + "Action":"ec2:DescribeSnapshots", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeSnapshots" + }, + { + "Action":"ec2:DescribeInstanceAttribute", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DescribeInstanceAttribute" + }, + { + "Action":[ + "ssm:DescribeInstanceInformation", + "ssm:ListCommandInvocations", + "ssm:ListCommands" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SsmAutomationRead" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "arn:aws:ssm:*:*:document/AWSEC2-PrepareVssRestore", + "arn:aws:ssm:*:*:document/AWSEC2-RunVssRestoreForSqlDatabase" + ], + "Sid":"SsmRunCommand" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-25T23:12:16+00:00" + }, "AWSEC2VssSnapshotPolicy":{ "CreateDate":"2024-03-27T16:32:53+00:00", "DefaultVersionId":"v2", @@ -23060,247 +24398,262 @@ ], "Version":"2012-10-17" }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:35+00:00" - }, - "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ - "CreateDate":"2019-11-21T22:35:06+00:00", - "DefaultVersionId":"v9", - "Document":{ - "Statement":[ - { - "Action":"iam:PassRole", - "Condition":{ - "StringLikeIfExists":{ - "iam:PassedToService":[ - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "autoscaling.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "ecs.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" - }, - { - "Action":[ - "ec2:releaseAddress", - "ec2:allocateAddress", - "ec2:DisassociateAddress", - "ec2:AssociateAddress" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"SingleInstanceAPIs" - }, - { - "Action":[ - "ecs:RegisterTaskDefinition", - "ecs:DeRegisterTaskDefinition", - "ecs:List*", - "ecs:Describe*" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"ECS" - }, - { - "Action":[ - "elasticbeanstalk:*" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"ElasticBeanstalkAPIs" - }, - { - "Action":[ - "cloudformation:Describe*", - "cloudformation:List*", - "ec2:Describe*", - "autoscaling:Describe*", - "elasticloadbalancing:Describe*", - "logs:DescribeLogGroups", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"ReadOnlyAPIs" - }, - { - "Action":[ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:CreateOrUpdateTags", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteScheduledAction", - "autoscaling:DetachInstances", - "autoscaling:PutNotificationConfiguration", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:ResumeProcesses", - "autoscaling:SuspendProcesses", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup" - ], - "Effect":"Allow", - "Resource":[ - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" - ], - "Sid":"ASG" - }, - { - "Action":[ - "cloudformation:CreateStack", - "cloudformation:CancelUpdateStack", - "cloudformation:DeleteStack", - "cloudformation:GetTemplate", - "cloudformation:UpdateStack", - "cloudformation:TagResource", - "cloudformation:UntagResource" - ], - "Effect":"Allow", - "Resource":[ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid":"CFN" - }, - { - "Action":[ - "ec2:TerminateInstances" - ], - "Condition":{ - "StringLike":{ - "ec2:ResourceTag/aws:cloudformation:stack-id":[ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - } - }, - "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*", - "Sid":"EC2" - }, - { - "Action":[ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectVersion", - "s3:GetObjectVersionAcl", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutObjectVersionAcl" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", - "Sid":"S3Obj" - }, - { - "Action":[ - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:ListBucket", - "s3:PutBucketPolicy" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::elasticbeanstalk-*", - "Sid":"S3Bucket" - }, - { - "Action":[ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", - "Sid":"CWL" - }, - { - "Action":[ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeRegisterTargets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" - ], - "Effect":"Allow", - "Resource":[ - "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" - ], - "Sid":"ELB" - }, - { - "Action":[ - "sns:CreateTopic" - ], - "Effect":"Allow", - "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", - "Sid":"SNS" - }, - { - "Action":[ - "ec2:CreateLaunchTemplate", - "ec2:DeleteLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:DeleteLaunchTemplateVersions" - ], - "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:launch-template/*", - "Sid":"EC2LaunchTemplate" - }, - { - "Action":"ec2:RunInstances", - "Condition":{ - "ArnLike":{ - "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"AllowLaunchTemplateRunInstances" - }, - { - "Action":[ - "ecs:TagResource" - ], - "Condition":{ - "StringEquals":{ - "ecs:CreateAction":[ - "RegisterTaskDefinition" - ] - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"AllowECSTagResource" - } - ], - "Version":"2012-10-17" - }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-02-12T17:58:35+00:00" + }, + "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ + "CreateDate":"2019-11-21T22:35:06+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" + }, + { + "Action":[ + "ec2:releaseAddress", + "ec2:allocateAddress", + "ec2:DisassociateAddress", + "ec2:AssociateAddress" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SingleInstanceAPIs" + }, + { + "Action":[ + "ecs:RegisterTaskDefinition", + "ecs:DeRegisterTaskDefinition", + "ecs:List*", + "ecs:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECS" + }, + { + "Action":[ + "elasticbeanstalk:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ElasticBeanstalkAPIs" + }, + { + "Action":[ + "cloudformation:Describe*", + "cloudformation:List*", + "ec2:Describe*", + "autoscaling:Describe*", + "elasticloadbalancing:Describe*", + "logs:DescribeLogGroups", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyAPIs" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ], + "Sid":"ASG" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:CancelUpdateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:UpdateStack", + "cloudformation:TagResource", + "cloudformation:UntagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"CFN" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"EC2" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", + "Sid":"S3Obj" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*", + "Sid":"S3Bucket" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid":"CWL" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeRegisterTargets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" + ], + "Sid":"ELB" + }, + { + "Action":[ + "sns:CreateTopic" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", + "Sid":"SNS" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate", + "ec2:DeleteLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DeleteLaunchTemplateVersions" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"EC2LaunchTemplate" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowLaunchTemplateRunInstances" + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" + }, + { + "Action":"ec2:createTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateLaunchTemplate", + "RunInstances", + "AllocateAddress" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"LaunchTemplateTagPropagationPermissions" + } + ], + "Version":"2012-10-17" + }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-04-29T23:11:34+00:00" + "UpdateDate":"2026-03-13T16:12:13+00:00" }, "AWSElasticBeanstalkMulticontainerDocker":{ "CreateDate":"2016-02-08T23:15:29+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -23335,13 +24688,40 @@ "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" + }, + { + "Action":"bedrock:InvokeModel", + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*::foundation-model/anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeFoundationModel" + }, + { + "Action":"bedrock:InvokeModel", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*:*:inference-profile/*anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeInferenceProfile" + }, + { + "Action":[ + "bedrock:ListFoundationModels", + "elasticbeanstalk:DescribeEvents", + "elasticbeanstalk:DescribeEnvironmentHealth" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIEnvironmentAnalysisReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2023-03-23T22:04:20+00:00" + "UpdateDate":"2026-03-12T14:12:13+00:00" }, "AWSElasticBeanstalkReadOnly":{ "CreateDate":"2021-01-22T19:02:37+00:00", @@ -24065,7 +25445,7 @@ }, "AWSElasticBeanstalkWebTier":{ "CreateDate":"2016-02-08T23:08:54+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -24116,17 +25496,44 @@ "arn:aws:elasticbeanstalk:*:*:environment/*" ], "Sid":"ElasticBeanstalkHealthAccess" + }, + { + "Action":"bedrock:InvokeModel", + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*::foundation-model/anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeFoundationModel" + }, + { + "Action":"bedrock:InvokeModel", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*:*:inference-profile/*anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeInferenceProfile" + }, + { + "Action":[ + "bedrock:ListFoundationModels", + "elasticbeanstalk:DescribeEvents", + "elasticbeanstalk:DescribeEnvironmentHealth" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIEnvironmentAnalysisReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-09T19:38:36+00:00" + "UpdateDate":"2026-03-12T14:27:13+00:00" }, "AWSElasticBeanstalkWorkerTier":{ "CreateDate":"2016-02-08T23:12:02+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -24211,13 +25618,40 @@ "arn:aws:elasticbeanstalk:*:*:environment/*" ], "Sid":"ElasticBeanstalkHealthAccess" + }, + { + "Action":"bedrock:InvokeModel", + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*::foundation-model/anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeFoundationModel" + }, + { + "Action":"bedrock:InvokeModel", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:bedrock:*:*:inference-profile/*anthropic.claude-*", + "Sid":"AIEnvironmentAnalysisInvokeInferenceProfile" + }, + { + "Action":[ + "bedrock:ListFoundationModels", + "elasticbeanstalk:DescribeEvents", + "elasticbeanstalk:DescribeEnvironmentHealth" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AIEnvironmentAnalysisReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-09T19:53:40+00:00" + "UpdateDate":"2026-03-12T14:27:08+00:00" }, "AWSElasticDisasterRecoveryAgentInstallationPolicy":{ "CreateDate":"2021-11-17T10:37:54+00:00", @@ -26896,6 +28330,129 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-02-12T17:58:08+00:00" }, + "AWSElementalMediaConnectCreateBridge":{ + "CreateDate":"2026-03-19T16:57:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconnect:CreateBridge", + "mediaconnect:AddBridgeSources", + "mediaconnect:AddBridgeOutputs" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:mediaconnect:*:*:bridge:*:*", + "arn:aws:mediaconnect:*:*:bridge:*:*/bridgeSource/*", + "arn:aws:mediaconnect:*:*:bridge:*:*/bridgeOutput/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-19T16:57:15+00:00" + }, + "AWSElementalMediaConnectCreateFlow":{ + "CreateDate":"2026-03-19T16:57:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"mediaconnect.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "mediaconnect:CreateFlow", + "mediaconnect:AddFlowSources", + "mediaconnect:AddFlowOutputs", + "mediaconnect:GrantFlowEntitlements", + "mediaconnect:AddFlowMediaStreams", + "mediaconnect:AddFlowVpcInterfaces", + "mediaconnect:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:mediaconnect:*:*:flow:*:*", + "arn:aws:mediaconnect:*:*:source:*:*", + "arn:aws:mediaconnect:*:*:output:*:*", + "arn:aws:mediaconnect:*:*:entitlement:*:*", + "arn:aws:mediaconnect:*:*:flow:*:*/vpcInterface/*", + "arn:aws:mediaconnect:*:*:flow:*:*/mediaStream/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-19T16:57:07+00:00" + }, + "AWSElementalMediaConnectDeleteBridge":{ + "CreateDate":"2026-03-19T19:57:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconnect:DeleteBridge", + "mediaconnect:RemoveBridgeSource", + "mediaconnect:RemoveBridgeOutput" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:mediaconnect:*:*:bridge:*:*", + "arn:aws:mediaconnect:*:*:bridge:*:*/bridgeSource/*", + "arn:aws:mediaconnect:*:*:bridge:*:*/bridgeOutput/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-19T19:57:17+00:00" + }, + "AWSElementalMediaConnectDeleteFlow":{ + "CreateDate":"2026-03-19T19:57:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconnect:DeleteFlow", + "mediaconnect:RemoveFlowSource", + "mediaconnect:RemoveFlowOutput", + "mediaconnect:RevokeFlowEntitlement", + "mediaconnect:RemoveFlowMediaStream", + "mediaconnect:RemoveFlowVpcInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:mediaconnect:*:*:flow:*:*", + "arn:aws:mediaconnect:*:*:source:*:*", + "arn:aws:mediaconnect:*:*:output:*:*", + "arn:aws:mediaconnect:*:*:entitlement:*:*", + "arn:aws:mediaconnect:*:*:flow:*:*/vpcInterface/*", + "arn:aws:mediaconnect:*:*:flow:*:*/mediaStream/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-19T19:57:09+00:00" + }, "AWSElementalMediaConnectFullAccess":{ "CreateDate":"2025-02-12T20:07:07+00:00", "DefaultVersionId":"v3", @@ -29647,6 +31204,96 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-01-30T18:34:13+00:00" }, + "AWSHealthOmicsServiceLinkedRolePolicy":{ + "CreateDate":"2026-03-04T22:57:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowEC2DescribeActions" + }, + { + "Action":[ + "ec2:GetSecurityGroupsForVpc" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*", + "Sid":"AllowVpcGetActions" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Service":"HealthOmics" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"AllowCreateNetworkInterfaceWithTag" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"AllowCreateNetworkInterfaceSubnetSecurityGroup" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"AllowCreateTags" + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Service":"HealthOmics" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"AllowDeleteNetworkInterface" + }, + { + "Action":[ + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Service":"HealthOmics" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"AllowAssignUnassignPrivateIpAddresses" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-04T22:57:11+00:00" + }, "AWSHealth_EventProcessorServiceRolePolicy":{ "CreateDate":"2023-01-13T19:24:56+00:00", "DefaultVersionId":"v1", @@ -33994,7 +35641,7 @@ }, "AWSManagementConsoleAdministratorAccess":{ "CreateDate":"2025-08-14T21:19:07+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -34002,6 +35649,9 @@ "uxc:GetAccountColor", "uxc:PutAccountColor", "uxc:DeleteAccountColor", + "uxc:GetAccountCustomizations", + "uxc:UpdateAccountCustomizations", + "uxc:ListServices", "ec2:DescribeRegions", "notifications:GetFeatureOptInStatus", "notifications:AssociateChannel", @@ -34089,16 +35739,18 @@ }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:01:55+00:00" + "UpdateDate":"2026-03-23T16:42:15+00:00" }, "AWSManagementConsoleBasicUserAccess":{ "CreateDate":"2025-08-14T20:34:08+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "uxc:GetAccountColor", + "uxc:GetAccountCustomizations", + "uxc:ListServices", "ec2:DescribeRegions", "notifications:GetFeatureOptInStatus", "notifications:ListManagedNotificationEvents", @@ -34135,7 +35787,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:57:14+00:00" + "UpdateDate":"2026-03-17T22:12:09+00:00" }, "AWSMarketplaceAmiIngestion":{ "CreateDate":"2020-09-25T20:55:10+00:00", @@ -34360,7 +36012,7 @@ }, "AWSMarketplaceManageSubscriptions":{ "CreateDate":"2015-02-06T18:40:32+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -34447,13 +36099,35 @@ "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceEntityReadAccess" + }, + { + "Action":[ + "aws-marketplace:ListAgreementCancellationRequests", + "aws-marketplace:GetAgreementCancellationRequest", + "aws-marketplace:AcceptAgreementCancellationRequest", + "aws-marketplace:CancelAgreement", + "aws-marketplace:RejectAgreementCancellationRequest" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws-marketplace:AgreementType":[ + "PurchaseAgreement" + ] + }, + "StringEquals":{ + "aws-marketplace:PartyType":"Acceptor" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSMarketplaceAgreementCancellationRequestAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:49+00:00" + "UpdateDate":"2026-03-31T17:12:11+00:00" }, "AWSMarketplaceMeteringFullAccess":{ "CreateDate":"2016-03-17T22:39:22+00:00", @@ -34542,7 +36216,7 @@ }, "AWSMarketplaceRead-only":{ "CreateDate":"2015-02-06T18:40:31+00:00", - "DefaultVersionId":"v11", + "DefaultVersionId":"v12", "Document":{ "Statement":[ { @@ -34587,13 +36261,21 @@ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListAgreementCancellationRequests", + "aws-marketplace:GetAgreementCancellationRequest" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:01:12+00:00" + "UpdateDate":"2026-03-31T16:42:07+00:00" }, "AWSMarketplaceResaleAuthorizationServiceRolePolicy":{ "CreateDate":"2024-03-05T18:47:54+00:00", @@ -34700,7 +36382,7 @@ }, "AWSMarketplaceSellerFullAccess":{ "CreateDate":"2019-07-02T20:40:09+00:00", - "DefaultVersionId":"v24", + "DefaultVersionId":"v26", "Document":{ "Statement":[ { @@ -34875,17 +36557,51 @@ "Effect":"Allow", "Resource":"*", "Sid":"AmazonQPartnerAssistantAccess" + }, + { + "Action":[ + "partnercentral:StartVerification", + "partnercentral:GetVerification" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VerificationAccess" + }, + { + "Action":[ + "aws-marketplace:ListAgreementInvoiceLineItems", + "aws-marketplace:ListBillingAdjustmentRequests", + "aws-marketplace:GetBillingAdjustmentRequest", + "aws-marketplace:BatchCreateBillingAdjustmentRequest", + "aws-marketplace:ListAgreementCancellationRequests", + "aws-marketplace:GetAgreementCancellationRequest", + "aws-marketplace:SendAgreementCancellationRequest", + "aws-marketplace:CancelAgreementCancellationRequest" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws-marketplace:AgreementType":[ + "PurchaseAgreement" + ] + }, + "StringEquals":{ + "aws-marketplace:PartyType":"Proposer" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSMarketplaceAgreementsCancellationAndAdjustmentAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-19T18:27:11+00:00" + "UpdateDate":"2026-03-31T17:42:16+00:00" }, "AWSMarketplaceSellerOfferManagement":{ "CreateDate":"2024-11-19T00:41:38+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -34963,13 +36679,35 @@ "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceAgreementsReadAccess" + }, + { + "Action":[ + "aws-marketplace:ListAgreementInvoiceLineItems", + "aws-marketplace:ListBillingAdjustmentRequests", + "aws-marketplace:GetBillingAdjustmentRequest", + "aws-marketplace:ListAgreementCancellationRequests", + "aws-marketplace:GetAgreementCancellationRequest" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws-marketplace:AgreementType":[ + "PurchaseAgreement" + ] + }, + "StringEquals":{ + "aws-marketplace:PartyType":"Proposer" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSMarketplaceAgreementsCancellationAndAdjustmentReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-11-19T00:41:38+00:00" + "UpdateDate":"2026-03-31T16:57:09+00:00" }, "AWSMarketplaceSellerProductsFullAccess":{ "CreateDate":"2019-07-02T21:06:25+00:00", @@ -37540,7 +39278,7 @@ }, "AWSObservabilityAdminTelemetryEnablementServiceRolePolicy":{ "CreateDate":"2025-08-01T18:04:06+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -37549,7 +39287,9 @@ "ec2:DescribeVpcs", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", - "logs:ListLogGroups" + "logs:ListLogGroups", + "ec2:MonitorInstances", + "logs:DescribeDeliverySources" ], "Condition":{ "StringEquals":{ @@ -37788,6 +39528,33 @@ "Resource":"*", "Sid":"TelemetryOperationsForBedrock" }, + { + "Action":[ + "securityhub:AllowVendedLogDeliveryForResource", + "securityhub:DescribeHub" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"TelemetryOperationsForSecurityHub" + }, + { + "Action":[ + "cloudfront:AllowVendedLogDeliveryForResource" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"TelemetryOperationsForCloudfront" + }, { "Action":[ "cloudtrail:CreateServiceLinkedChannel", @@ -37968,7 +39735,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:01:51+00:00" + "UpdateDate":"2026-03-31T18:27:09+00:00" }, "AWSOrganizationsFullAccess":{ "CreateDate":"2018-11-06T20:31:57+00:00", @@ -38051,7 +39818,7 @@ }, "AWSOrganizationsServiceTrustPolicy":{ "CreateDate":"2017-10-10T23:04:07+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -38071,13 +39838,19 @@ "Effect":"Allow", "Resource":"*", "Sid":"AllowCreationOfServiceLinkedRoles" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/*", + "Sid":"ListRolesSLR" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2017-11-01T06:01:18+00:00" + "UpdateDate":"2026-03-05T19:12:09+00:00" }, "AWSOutpostsAuthorizeServerPolicy":{ "CreateDate":"2023-01-04T19:23:22+00:00", @@ -39281,7 +41054,7 @@ }, "AWSPartnerCentralFullAccess":{ "CreateDate":"2024-11-18T23:33:28+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -39442,13 +41215,32 @@ "Effect":"Allow", "Resource":"*", "Sid":"AmazonQPartnerAssistantAccess" + }, + { + "Action":[ + "partnercentral:UseSession" + ], + "Condition":{ + "Bool":{ + "aws:IsMcpServiceAction":"true" + }, + "StringEquals":{ + "partnercentral:Catalog":[ + "AWS", + "Sandbox" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PartnerCentralAgentsSessionAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:12+00:00" + "UpdateDate":"2026-03-12T17:12:13+00:00" }, "AWSPartnerCentralMarketingManagement":{ "CreateDate":"2025-12-01T00:34:10+00:00", @@ -39561,7 +41353,7 @@ }, "AWSPartnerCentralOpportunityManagement":{ "CreateDate":"2024-11-14T19:09:05+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { @@ -39720,17 +41512,36 @@ "Effect":"Allow", "Resource":"*", "Sid":"AmazonQPartnerAssistantAccess" + }, + { + "Action":[ + "partnercentral:UseSession" + ], + "Condition":{ + "Bool":{ + "aws:IsMcpServiceAction":"true" + }, + "StringEquals":{ + "partnercentral:Catalog":[ + "AWS", + "Sandbox" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PartnerCentralAgentsSessionAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-14T00:57:09+00:00" + "UpdateDate":"2026-03-12T17:12:09+00:00" }, "AWSPartnerCentralSandboxFullAccess":{ "CreateDate":"2024-11-14T19:10:37+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -39746,6 +41557,22 @@ "Resource":"*", "Sid":"AWSPartnerCentralSandboxAccess" }, + { + "Action":[ + "partnercentral:UseSession" + ], + "Condition":{ + "Bool":{ + "aws:IsMcpServiceAction":"true" + }, + "StringEquals":{ + "partnercentral:Catalog":"Sandbox" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PartnerCentralAgentsSandboxSessionAccess" + }, { "Action":[ "iam:PassRole" @@ -39766,7 +41593,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:18+00:00" + "UpdateDate":"2026-03-12T17:12:12+00:00" }, "AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy":{ "CreateDate":"2024-12-10T18:21:15+00:00", @@ -41425,6 +43252,85 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-02-12T18:01:04+00:00" }, + "AWSPartnerProServeToolsFullAccess":{ + "CreateDate":"2026-03-23T21:57:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"partnercentral-account-management:AccessProServeTools", + "Condition":{ + "ForAllValues:StringEquals":{ + "partnercentral-account-management:ProServeRole":[ + "AssessmentIndividualContributor", + "AssessmentOrganizationReader", + "AssessmentOrganizationContributor", + "OrganizationAdmin" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowProServeToolsFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-23T21:57:10+00:00" + }, + "AWSPartnerProServeToolsIndividualContributor":{ + "CreateDate":"2026-03-23T21:57:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"partnercentral-account-management:AccessProServeTools", + "Condition":{ + "ForAllValues:StringEquals":{ + "partnercentral-account-management:ProServeRole":[ + "AssessmentIndividualContributor" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowProServeToolsIndividualContributorAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-23T21:57:09+00:00" + }, + "AWSPartnerProServeToolsOrganizationReaderIndividualContributor":{ + "CreateDate":"2026-03-23T22:12:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"partnercentral-account-management:AccessProServeTools", + "Condition":{ + "ForAllValues:StringEquals":{ + "partnercentral-account-management:ProServeRole":[ + "AssessmentOrganizationReader", + "AssessmentIndividualContributor" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowProServeToolsOrgReaderIndividualContributorAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-23T22:12:10+00:00" + }, "AWSPriceListServiceFullAccess":{ "CreateDate":"2017-11-22T00:36:27+00:00", "DefaultVersionId":"v2", @@ -44124,7 +46030,7 @@ }, "AWSQuickSetupPatchPolicyPermissionsBoundary":{ "CreateDate":"2024-06-26T09:46:54+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -44358,6 +46264,7 @@ { "Action":[ "logs:CreateLogStream", + "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", @@ -44478,7 +46385,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:13+00:00" + "UpdateDate":"2026-03-05T16:57:14+00:00" }, "AWSQuickSetupSSMDeploymentRolePolicy":{ "CreateDate":"2024-11-15T22:53:20+00:00", @@ -45545,7 +47452,7 @@ }, "AWSQuickSetupStartSSMAssociationsExecutionPolicy":{ "CreateDate":"2025-08-08T12:04:07+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -45565,6 +47472,7 @@ "ArnLike":{ "iam:AssociatedResourceARN":[ "arn:aws:ssm:*:*:document/AWSQuickSetupType-Scheduler-ChangeCalendarState", + "arn:aws:ssm:*:*:automation-execution/*", "arn:aws:ssm:*:*:automation-definition/AWSQuickSetupType-Scheduler-ChangeCalendarState*" ] }, @@ -45584,7 +47492,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:02:11+00:00" + "UpdateDate":"2026-03-05T16:57:14+00:00" }, "AWSQuickSetupStartStopInstancesExecutionPolicy":{ "CreateDate":"2025-08-08T12:04:07+00:00", @@ -50051,13 +51959,15 @@ }, "AWSSecurityAgentWebAppPolicy":{ "CreateDate":"2026-02-05T23:19:09+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "securityagent:ListAgentSpaces", - "securityagent:ListSecurityRequirements" + "securityagent:ListSecurityRequirements", + "securityagent:ListTargetDomains", + "securityagent:BatchGetTargetDomains" ], "Condition":{ "StringEquals":{ @@ -50087,7 +51997,6 @@ "securityagent:GetDesignReview", "securityagent:GetDesignReviewArtifact", "securityagent:ListArtifacts", - "securityagent:ListSecurityRequirements", "securityagent:ListDiscoveredEndpoints", "securityagent:ListDesignReviewComments", "securityagent:ListDesignReviews", @@ -50100,7 +52009,9 @@ "securityagent:StartPentestJob", "securityagent:StopPentestJob", "securityagent:UpdateFinding", - "securityagent:UpdatePentest" + "securityagent:UpdatePentest", + "securityagent:GetDesignReviewFeedback", + "securityagent:PutDesignReviewFeedback" ], "Condition":{ "StringEquals":{ @@ -50116,7 +52027,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:32+00:00" + "UpdateDate":"2026-03-20T17:27:10+00:00" }, "AWSSecurityHubFullAccess":{ "CreateDate":"2018-11-27T23:54:34+00:00", @@ -51493,7 +53404,7 @@ }, "AWSServiceRoleForAIDevOpsPolicy":{ "CreateDate":"2026-02-16T14:27:07+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -51510,13 +53421,86 @@ "Effect":"Allow", "Resource":"*", "Sid":"sid1" + }, + { + "Action":[ + "vpc-lattice:CreateResourceGateway" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSAIDevOpsManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:vpc-lattice:*:*:resourcegateway/*", + "Sid":"LatticeCreateResourceGateway" + }, + { + "Action":[ + "vpc-lattice:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSAIDevOpsManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:vpc-lattice:*:*:resourcegateway/*", + "Sid":"LatticeTagResourceGateway" + }, + { + "Action":[ + "vpc-lattice:DeleteResourceGateway" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSAIDevOpsManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:vpc-lattice:*:*:resourcegateway/*", + "Sid":"LatticeManageTaggedResourceGateways" + }, + { + "Action":[ + "vpc-lattice:GetResourceGateway" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSAIDevOpsManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:vpc-lattice:*:*:resourcegateway/*", + "Sid":"LatticeGetResourceGateway" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeApis" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"vpc-lattice.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice", + "Sid":"CreateLatticeServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-16T14:27:07+00:00" + "UpdateDate":"2026-03-27T00:42:09+00:00" }, "AWSServiceRoleForAWSTransform":{ "CreateDate":"2025-05-15T13:37:07+00:00", @@ -51615,6 +53599,31 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-02-12T18:03:10+00:00" }, + "AWSServiceRoleForAWSTransformCustom":{ + "CreateDate":"2026-03-25T02:57:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/TransformCustom" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PublishCloudWatchMetrics" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-25T02:57:08+00:00" + }, "AWSServiceRoleForAmazonEKSNodegroup":{ "CreateDate":"2019-11-07T01:34:26+00:00", "DefaultVersionId":"v11", @@ -52091,7 +54100,7 @@ }, "AWSServiceRoleForImageBuilder":{ "CreateDate":"2019-11-29T22:02:13+00:00", - "DefaultVersionId":"v26", + "DefaultVersionId":"v27", "Document":{ "Statement":[ { @@ -52537,13 +54546,33 @@ ], "Effect":"Allow", "Resource":"arn:aws:ssm:*::parameter/aws/service/*" + }, + { + "Action":"imagebuilder:StartImagePipelineExecution", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:imagebuilder:*:*:image-pipeline/*" + }, + { + "Action":"imagebuilder:TagResource", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:imagebuilder:*:*:image-pipeline/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-23T22:27:06+00:00" + "UpdateDate":"2026-03-17T20:42:10+00:00" }, "AWSServiceRoleForIoTSiteWise":{ "CreateDate":"2018-11-14T19:19:17+00:00", @@ -53257,7 +55286,7 @@ }, "AWSServiceRolePolicyForBackupRestoreTesting":{ "CreateDate":"2023-11-10T23:37:45+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -53319,6 +55348,7 @@ "elasticfilesystem:DeleteMountTarget", "rds:DeleteDBCluster", "rds:DeleteDBInstance", + "rds:DeleteTenantDatabase", "fsx:DeleteFileSystem", "fsx:DeleteVolume" ], @@ -53377,7 +55407,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-02-14T22:42:37+00:00" + "UpdateDate":"2026-03-18T22:12:13+00:00" }, "AWSServiceRolePolicyForWorkspacesInstances":{ "CreateDate":"2025-06-11T20:37:06+00:00", @@ -61536,6 +63566,62 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-02-12T17:57:08+00:00" }, + "AWSTransformSecretsManagerConnectorPolicy":{ + "CreateDate":"2026-03-04T21:12:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:${aws:PrincipalTag/SecretId}", + "Sid":"ReadSecretsManagerSecret" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:EncryptionContext:SecretARN":"arn:aws:secretsmanager:${aws:RequestedRegion}:${aws:PrincipalAccount}:secret:${aws:PrincipalTag/SecretId}", + "kms:ViaService":"secretsmanager.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KMSKeyId}", + "Sid":"DecryptWithCustomerProvidedKMSKey" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DescribeKMSKey" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-04T21:12:11+00:00" + }, "AWSTrustedAdvisorPriorityFullAccess":{ "CreateDate":"2022-08-16T16:08:24+00:00", "DefaultVersionId":"v1", @@ -67736,7 +69822,7 @@ }, "AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy":{ "CreateDate":"2025-11-03T19:34:08+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -67770,7 +69856,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:31+00:00" + "UpdateDate":"2026-03-05T19:27:12+00:00" }, "AmazonAthenaFullAccess":{ "CreateDate":"2016-11-30T16:46:01+00:00", @@ -68559,7 +70645,7 @@ }, "AmazonBedrockLimitedAccess":{ "CreateDate":"2025-06-29T22:22:06+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -68568,6 +70654,10 @@ "bedrock:List*", "bedrock:CallWithBearerToken", "bedrock:BatchDeleteEvaluationJob", + "bedrock:CancelAutomatedReasoningPolicyBuildWorkflow", + "bedrock:CreateAutomatedReasoningPolicy", + "bedrock:CreateAutomatedReasoningPolicyTestCase", + "bedrock:CreateAutomatedReasoningPolicyVersion", "bedrock:CreateEvaluationJob", "bedrock:CreateGuardrail", "bedrock:CreateGuardrailVersion", @@ -68578,20 +70668,30 @@ "bedrock:CreateModelInvocationJob", "bedrock:CreatePromptRouter", "bedrock:CreateProvisionedModelThroughput", + "bedrock:DeleteAutomatedReasoningPolicy", + "bedrock:DeleteAutomatedReasoningPolicyBuildWorkflow", + "bedrock:DeleteAutomatedReasoningPolicyTestCase", "bedrock:DeleteCustomModel", "bedrock:DeleteGuardrail", "bedrock:DeleteImportedModel", "bedrock:DeleteInferenceProfile", "bedrock:DeletePromptRouter", "bedrock:DeleteProvisionedModelThroughput", + "bedrock:ExportAutomatedReasoningPolicyVersion", + "bedrock:StartAutomatedReasoningPolicyBuildWorkflow", + "bedrock:StartAutomatedReasoningPolicyTestWorkflow", "bedrock:StopEvaluationJob", "bedrock:StopModelCustomizationJob", "bedrock:StopModelInvocationJob", "bedrock:TagResource", "bedrock:UntagResource", + "bedrock:UpdateAutomatedReasoningPolicy", + "bedrock:UpdateAutomatedReasoningPolicyAnnotations", + "bedrock:UpdateAutomatedReasoningPolicyTestCase", "bedrock:UpdateGuardrail", "bedrock:UpdateProvisionedModelThroughput", "bedrock:ApplyGuardrail", + "bedrock:InvokeAutomatedReasoningPolicy", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], @@ -68649,7 +70749,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:28+00:00" + "UpdateDate":"2026-03-23T19:42:09+00:00" }, "AmazonBedrockMantleFullAccess":{ "CreateDate":"2025-12-04T07:19:09+00:00", @@ -74369,7 +76469,7 @@ }, "AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary":{ "CreateDate":"2024-04-23T23:01:14+00:00", - "DefaultVersionId":"v10", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -75554,13 +77654,21 @@ ], "Resource":"*", "Sid":"DenyNotAction" + }, + { + "Action":[ + "sagemaker:UpdateNotebookInstanceLifecycleConfig" + ], + "Effect":"Deny", + "Resource":"*", + "Sid":"DenyUpdateNotebookInstanceLifecycleConfig" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:02:52+00:00" + "UpdateDate":"2026-03-11T21:12:10+00:00" }, "AmazonDataZoneSageMakerManageAccessRolePolicy":{ "CreateDate":"2024-04-23T23:34:52+00:00", @@ -82116,7 +84224,7 @@ }, "AmazonEKS_CNI_Policy":{ "CreateDate":"2018-05-27T21:07:42+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -82130,6 +84238,7 @@ "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:UnassignPrivateIpAddresses" @@ -82153,7 +84262,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-03-04T20:20:55+00:00" + "UpdateDate":"2026-03-04T19:12:14+00:00" }, "AmazonEMRCleanupPolicy":{ "CreateDate":"2017-09-26T23:54:19+00:00", @@ -82954,7 +85063,7 @@ }, "AmazonEVSServiceRolePolicy":{ "CreateDate":"2025-05-16T23:37:06+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -83116,13 +85225,68 @@ "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchPutMetricDataStatement" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/EvsAccess":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:*" + ], + "Sid":"AccessSecretStatement" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/EvsAccess":"false" + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:EncryptionContext:SecretARN":"arn:aws:secretsmanager:*:*:secret:*", + "kms:EncryptionContext:SecretVersionId":"*", + "kms:ViaService":"secretsmanager.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DecryptSecretWithKmsKeyStatement" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/EvsAccess":"false" + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:ViaService":"secretsmanager.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DescribeKmsKeyStatement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:28+00:00" + "UpdateDate":"2026-03-22T18:12:13+00:00" }, "AmazonElastiCacheFullAccess":{ "CreateDate":"2015-02-06T18:40:20+00:00", @@ -85808,75 +87972,6 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-08T23:10:33+00:00" }, - "AmazonGuardDutyFullAccess":{ - "CreateDate":"2017-11-28T22:31:30+00:00", - "DefaultVersionId":"v9", - "Document":{ - "Statement":[ - { - "Action":"guardduty:*", - "Effect":"Allow", - "Resource":"*", - "Sid":"AmazonGuardDutyFullAccessSid1" - }, - { - "Action":"iam:CreateServiceLinkedRole", - "Condition":{ - "StringLike":{ - "iam:AWSServiceName":[ - "guardduty.amazonaws.com", - "malware-protection.guardduty.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"CreateServiceLinkedRoleSid1" - }, - { - "Action":[ - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator", - "organizations:ListDelegatedAdministrators", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"ActionsForOrganizationsSid1" - }, - { - "Action":"iam:GetRole", - "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection", - "Sid":"IamGetRoleSid1" - }, - { - "Action":[ - "iam:PassRole" - ], - "Condition":{ - "StringEquals":{ - "iam:PassedToService":[ - "malware-protection-plan.guardduty.amazonaws.com", - "malware-protection.guardduty.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*", - "Sid":"AllowPassRoleToMalwareProtection" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:57:42+00:00" - }, "AmazonGuardDutyFullAccess_v2":{ "CreateDate":"2025-06-04T20:22:07+00:00", "DefaultVersionId":"v6", @@ -86193,7 +88288,7 @@ }, "AmazonGuardDutyServiceRolePolicy":{ "CreateDate":"2017-11-28T20:12:59+00:00", - "DefaultVersionId":"v10", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -86449,13 +88544,26 @@ "Effect":"Allow", "Resource":"*", "Sid":"SsmGetCommandStatus" + }, + { + "Action":[ + "cloudtrail:CreateServiceLinkedChannel" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudtrail:*:*:channel/aws-service-channel/guardduty/*", + "Sid":"CloudTrailCreateServiceLinkedChannelSid" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-08-12T20:01:11+00:00" + "UpdateDate":"2026-03-25T20:57:15+00:00" }, "AmazonHealthLakeFullAccess":{ "CreateDate":"2021-02-17T01:07:05+00:00", @@ -97106,6 +99214,112 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2026-02-12T18:00:40+00:00" }, + "AmazonRoute53GlobalResolverFullAccess":{ + "CreateDate":"2026-03-09T20:27:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeRegions", + "route53:GetHostedZone", + "route53:ListHostedZones", + "route53globalresolver:AllowVendedLogDeliveryForResource", + "route53globalresolver:AssociateHostedZone", + "route53globalresolver:BatchCreateFirewallRule", + "route53globalresolver:BatchDeleteFirewallRule", + "route53globalresolver:BatchUpdateFirewallRule", + "route53globalresolver:CreateAccessSource", + "route53globalresolver:CreateAccessToken", + "route53globalresolver:CreateDNSView", + "route53globalresolver:CreateFirewallDomainList", + "route53globalresolver:CreateFirewallRule", + "route53globalresolver:CreateGlobalResolver", + "route53globalresolver:DeleteAccessSource", + "route53globalresolver:DeleteAccessToken", + "route53globalresolver:DeleteDNSView", + "route53globalresolver:DeleteFirewallDomainList", + "route53globalresolver:DeleteFirewallRule", + "route53globalresolver:DeleteGlobalResolver", + "route53globalresolver:DisableDNSView", + "route53globalresolver:DisassociateHostedZone", + "route53globalresolver:EnableDNSView", + "route53globalresolver:GetAccessSource", + "route53globalresolver:GetAccessToken", + "route53globalresolver:GetDNSView", + "route53globalresolver:GetFirewallDomainList", + "route53globalresolver:GetFirewallRule", + "route53globalresolver:GetGlobalResolver", + "route53globalresolver:GetHostedZoneAssociation", + "route53globalresolver:GetManagedFirewallDomainList", + "route53globalresolver:ImportFirewallDomains", + "route53globalresolver:ListAccessSources", + "route53globalresolver:ListAccessTokens", + "route53globalresolver:ListDNSViews", + "route53globalresolver:ListFirewallDomainLists", + "route53globalresolver:ListFirewallDomains", + "route53globalresolver:ListFirewallRules", + "route53globalresolver:ListGlobalResolvers", + "route53globalresolver:ListHostedZoneAssociations", + "route53globalresolver:ListManagedFirewallDomainLists", + "route53globalresolver:ListTagsForResource", + "route53globalresolver:TagResource", + "route53globalresolver:UntagResource", + "route53globalresolver:UpdateAccessSource", + "route53globalresolver:UpdateAccessToken", + "route53globalresolver:UpdateDNSView", + "route53globalresolver:UpdateFirewallDomains", + "route53globalresolver:UpdateFirewallRule", + "route53globalresolver:UpdateGlobalResolver", + "route53globalresolver:UpdateHostedZoneAssociation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRoute53GlobalResolverFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-09T20:27:09+00:00" + }, + "AmazonRoute53GlobalResolverReadOnlyAccess":{ + "CreateDate":"2026-03-09T20:27:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53globalresolver:GetAccessSource", + "route53globalresolver:GetAccessToken", + "route53globalresolver:GetDNSView", + "route53globalresolver:GetFirewallDomainList", + "route53globalresolver:GetFirewallRule", + "route53globalresolver:GetGlobalResolver", + "route53globalresolver:GetHostedZoneAssociation", + "route53globalresolver:GetManagedFirewallDomainList", + "route53globalresolver:ListAccessSources", + "route53globalresolver:ListAccessTokens", + "route53globalresolver:ListDNSViews", + "route53globalresolver:ListFirewallDomainLists", + "route53globalresolver:ListFirewallDomains", + "route53globalresolver:ListFirewallRules", + "route53globalresolver:ListGlobalResolvers", + "route53globalresolver:ListHostedZoneAssociations", + "route53globalresolver:ListManagedFirewallDomainLists" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRoute53GlobalResolverReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-09T20:27:11+00:00" + }, "AmazonRoute53ProfilesFullAccess":{ "CreateDate":"2024-04-30T18:30:29+00:00", "DefaultVersionId":"v2", @@ -97971,7 +100185,7 @@ }, "AmazonSSMAutomationRole":{ "CreateDate":"2016-12-05T22:09:55+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { @@ -98002,7 +100216,9 @@ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", - "cloudformation:DeleteStack" + "cloudformation:DeleteStack", + "cloudformation:TagResource", + "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ @@ -98041,7 +100257,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:30+00:00" + "UpdateDate":"2026-03-20T17:42:14+00:00" }, "AmazonSSMDirectoryServiceAccess":{ "CreateDate":"2019-03-15T17:44:38+00:00", @@ -107966,6 +110182,157 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-14T19:09:39+00:00" }, + "AnthropicFullAccess":{ + "CreateDate":"2026-04-01T04:57:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-external-anthropic:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicFullAccess" + }, + { + "Action":[ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws-marketplace:ProductId":[ + "prod-3qbeiztufnva6" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicSubscriptionManagement" + }, + { + "Action":[ + "aws-marketplace:ViewSubscriptions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicSubscriptionView" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-04-01T04:57:18+00:00" + }, + "AnthropicInferenceAccess":{ + "CreateDate":"2026-04-01T04:57:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-external-anthropic:Get*", + "aws-external-anthropic:List*", + "aws-external-anthropic:CreateInference", + "aws-external-anthropic:CreateBatchInference", + "aws-external-anthropic:CancelBatchInference", + "aws-external-anthropic:DeleteBatchInference", + "aws-external-anthropic:CountTokens" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-external-anthropic:*:*:workspace/*", + "Sid":"AnthropicInferenceWorkspace" + }, + { + "Action":[ + "aws-external-anthropic:GetAccountStatus", + "aws-external-anthropic:CallWithBearerToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicInferenceResourceless" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-04-01T04:57:14+00:00" + }, + "AnthropicLimitedAccess":{ + "CreateDate":"2026-04-01T04:57:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-external-anthropic:Get*", + "aws-external-anthropic:List*", + "aws-external-anthropic:CancelBatchInference", + "aws-external-anthropic:CountTokens", + "aws-external-anthropic:CreateBatchInference", + "aws-external-anthropic:CreateFile", + "aws-external-anthropic:CreateInference", + "aws-external-anthropic:CreateSkill", + "aws-external-anthropic:CreateUserProfile", + "aws-external-anthropic:DeleteBatchInference", + "aws-external-anthropic:DeleteFile", + "aws-external-anthropic:DeleteSkill", + "aws-external-anthropic:UpdateSkill", + "aws-external-anthropic:UpdateUserProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-external-anthropic:*:*:workspace/*", + "Sid":"AnthropicLimitedWorkspace" + }, + { + "Action":[ + "aws-external-anthropic:GetAccountStatus", + "aws-external-anthropic:CallWithBearerToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicInferenceResourceless" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-04-01T04:57:18+00:00" + }, + "AnthropicReadOnlyAccess":{ + "CreateDate":"2026-04-01T04:57:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-external-anthropic:Get*", + "aws-external-anthropic:List*" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-external-anthropic:*:*:workspace/*", + "Sid":"AnthropicReadOnlyWorkspace" + }, + { + "Action":[ + "aws-external-anthropic:GetAccountStatus", + "aws-external-anthropic:CallWithBearerToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnthropicReadOnlyResourceless" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-04-01T04:57:09+00:00" + }, "AppIntegrationsServiceLinkedRolePolicy":{ "CreateDate":"2022-09-30T19:42:56+00:00", "DefaultVersionId":"v1", @@ -109846,7 +112213,7 @@ }, "BedrockAgentCoreFullAccess":{ "CreateDate":"2025-07-16T13:37:07+00:00", - "DefaultVersionId":"v15", + "DefaultVersionId":"v16", "Document":{ "Statement":[ { @@ -110229,13 +112596,22 @@ "arn:aws:bedrock:*:*:inference-profile/*" ], "Sid":"AgentCoreEvaluationBedrockInvokeAccess" + }, + { + "Action":[ + "lambda:InvokeFunction", + "lambda:GetFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:*", + "Sid":"AgentCoreEvaluationLambdaAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:03+00:00" + "UpdateDate":"2026-03-27T21:12:10+00:00" }, "BedrockAgentCoreNetworkServiceRolePolicy":{ "CreateDate":"2025-09-19T22:04:06+00:00", @@ -113423,7 +115799,7 @@ }, "CloudWatchSyntheticsFullAccess":{ "CreateDate":"2019-11-25T17:39:46+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -113448,12 +115824,23 @@ "iam:ListRoles", "s3:ListAllMyBuckets", "xray:GetTraceSummaries", - "xray:BatchGetTraces", - "apigateway:GET" + "xray:BatchGetTraces" ], "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*/exports/swagger", + "arn:aws:apigateway:*::/apis" + ] + }, { "Action":[ "s3:GetBucketLocation" @@ -113506,7 +115893,8 @@ { "Action":[ "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" @@ -113646,7 +116034,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:27+00:00" + "UpdateDate":"2026-03-31T21:12:14+00:00" }, "CloudWatchSyntheticsReadOnlyAccess":{ "CreateDate":"2019-11-25T17:45:40+00:00", @@ -114948,7 +117336,7 @@ }, "CustomerProfilesServiceLinkedRolePolicy":{ "CreateDate":"2023-03-07T22:56:52+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -114981,7 +117369,10 @@ }, { "Action":[ - "profile:BatchGetProfile" + "profile:BatchGetProfile", + "profile:GetRecommender", + "profile:GetCalculatedAttributeForProfile", + "profile:GetProfileRecommendations" ], "Effect":"Allow", "Resource":"*" @@ -114991,7 +117382,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-11-26T22:21:06+00:00" + "UpdateDate":"2026-03-05T21:12:08+00:00" }, "DAXServiceRolePolicy":{ "CreateDate":"2018-03-05T17:51:25+00:00", @@ -115023,6 +117414,388 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-05T17:51:25+00:00" }, + "DBModDiscoveryAndAssessment":{ + "CreateDate":"2026-03-25T20:27:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeInternetGateways", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBSubnetGroups", + "dms:DescribeEndpoints", + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationTasks", + "dms:DescribeReplicationSubnetGroups", + "dms:DescribeOrderableReplicationInstances", + "dms:ListDataProviders", + "dms:ListInstanceProfiles", + "dms:ListMigrationProjects", + "dms:ModifyReplicationSubnetGroup", + "secretsmanager:ListSecrets", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"rds:ModifyDBSubnetGroup", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:subgrp:*" + }, + { + "Action":[ + "rds:EnableHttpEndpoint", + "rds:DisableHttpEndpoint", + "rds-data:ExecuteStatement" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/Owner":"database-connector", + "aws:ResourceTag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:cluster:*" + }, + { + "Action":[ + "dms:DescribeTableStatistics", + "dms:DescribeReplicationTaskAssessmentRuns", + "dms:DescribeReplicationTaskIndividualAssessments", + "dms:DescribeApplicableIndividualAssessments" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/Owner":"database-connector", + "aws:ResourceTag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:task:*", + "arn:aws:dms:*:*:assessment-run:*", + "arn:aws:dms:*:*:instance-profile:*", + "arn:aws:dms:*:*:data-provider:*", + "arn:aws:dms:*:*:migration-project:*", + "arn:aws:dms:*:*:rep:*" + ] + }, + { + "Action":[ + "dms:ListMetadataModelAssessments", + "dms:ListMetadataModelConversions", + "dms:ListMetadataModelExports", + "dms:DescribeMetadataModelImports", + "dms:DescribeConversionConfiguration", + "dms:DescribeMetadataModelCreations", + "dms:DescribeMetadataModel", + "dms:DescribeMetadataModelChildren", + "dms:GetTargetSelectionRules" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:GetRolePolicy" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/dms-vpc-role", + "arn:aws:iam::*:role/dms-cloudwatch-logs-role", + "arn:aws:iam::*:role/dms-secrets-manager-role", + "arn:aws:iam::*:role/dms-s3-access-role", + "arn:aws:iam::*:role/aws-service-role/dms.amazonaws.com/AWSServiceRoleForDMSServerless" + ] + }, + { + "Action":[ + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:policy/*" + ] + }, + { + "Action":[ + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", + "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole" + ] + }, + { + "Action":"kms:Decrypt", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:EncryptionContext:SecretArn":"arn:aws:secretsmanager:*:${aws:PrincipalAccount}:secret:*", + "kms:ViaService":"secretsmanager.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-25T20:27:16+00:00" + }, + "DBModProvisioningAndMigration":{ + "CreateDate":"2026-03-25T20:42:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"secretsmanager:UpdateSecret", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/Owner":"database-connector", + "aws:ResourceTag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:atx-db-modernization-*" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Owner":"database-connector", + "aws:RequestTag/Project":"atx-db-modernization", + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/Owner":"database-connector", + "aws:ResourceTag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:atx-db-modernization-*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketTagging", + "s3:PutBucketVersioning", + "s3:ListBucket", + "s3:GetObject", + "s3:GetBucketLocation", + "s3:PutObject", + "s3:DeleteObject", + "s3:GetBucketVersioning" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::atx-db-modernization-*", + "arn:aws:s3:::atx-db-modernization-*/*" + ] + }, + { + "Action":[ + "dms:CreateReplicationSubnetGroup", + "dms:CreateInstanceProfile", + "dms:CreateDataProvider", + "dms:CreateMigrationProject", + "dms:CreateEndpoint", + "dms:AddTagsToResource", + "rds:CreateDBSubnetGroup", + "rds:CreateDBCluster", + "rds:CreateDBInstance", + "rds:AddTagsToResource", + "dms:CreateReplicationInstance", + "dms:CreateReplicationTask" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Owner":"database-connector", + "aws:RequestTag/Project":"atx-db-modernization", + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:subgrp:*", + "arn:aws:dms:*:*:instance-profile:*", + "arn:aws:dms:*:*:data-provider:*", + "arn:aws:dms:*:*:migration-project:*", + "arn:aws:rds:*:*:subgrp:*", + "arn:aws:rds:*:*:cluster:*", + "arn:aws:rds:*:*:db:*", + "arn:aws:ec2:*:*:vpc-endpoint:*", + "arn:aws:dms:*:*:endpoint:*", + "arn:aws:dms:*:*:rep:*", + "arn:aws:dms:*:*:task:*" + ] + }, + { + "Action":[ + "dms:ExportMetadataModelAssessment", + "dms:StartMetadataModelImport", + "dms:StartMetadataModelConversion", + "dms:StartMetadataModelExportToTarget", + "dms:StartMetadataModelExportAsScripts", + "dms:StartMetadataModelAssessment", + "dms:StartMetadataModelCreation", + "dms:UpdateConversionConfiguration", + "dms:UpdateMigrationProject", + "dms:AddTagsToResource", + "dms:ListTagsForResource", + "dms:DeleteMigrationProject", + "dms:DeleteEndpoint", + "dms:UpdateInstanceProfile", + "dms:UpdateDataProvider", + "dms:DeleteInstanceProfile", + "dms:DeleteDataProvider", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/Owner":"database-connector", + "aws:ResourceTag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:migration-project:*", + "arn:aws:dms:*:*:instance-profile:*", + "arn:aws:dms:*:*:data-provider:*", + "arn:aws:dms:*:*:endpoint:*", + "arn:aws:secretsmanager:*:*:secret:*" + ] + }, + { + "Action":[ + "dms:CreateReplicationInstance", + "dms:DeleteReplicationInstance", + "dms:ModifyReplicationInstance", + "dms:RebootReplicationInstance" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "dms:rep-tag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:dms:*:*:rep:*" + }, + { + "Action":[ + "dms:DeleteReplicationTask", + "dms:StartReplicationTask", + "dms:StopReplicationTask", + "dms:StartReplicationTaskAssessmentRun", + "dms:CancelReplicationTaskAssessmentRun" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "dms:task-tag/Project":"atx-db-modernization" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:task:*", + "arn:aws:dms:*:*:assessment-run:*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "iam:PassedToService":[ + "dms.amazonaws.com", + "dms.*.amazonaws.com", + "schema-conversion.dms.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/dms-vpc-role", + "arn:aws:iam::*:role/dms-cloudwatch-logs-role", + "arn:aws:iam::*:role/dms-secrets-manager-role", + "arn:aws:iam::*:role/dms-s3-access-role", + "arn:aws:iam::*:role/DMSPremigrationAssessmentS3Role" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "iam:AWSServiceName":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-03-25T20:42:12+00:00" + }, "DataScientist":{ "CreateDate":"2016-11-10T17:28:48+00:00", "DefaultVersionId":"v5", @@ -120505,7 +123278,7 @@ }, "PartnerCentralIncentiveBenefitManagement":{ "CreateDate":"2026-02-11T16:42:14+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -120640,13 +123413,32 @@ "Effect":"Allow", "Resource":"arn:aws:s3:::aws-partner-central-marketplace-ephemeral-writeonly-files/${aws:PrincipalAccount}/*", "Sid":"PartnerCentralEphemeralWriteS3Access" + }, + { + "Action":[ + "partnercentral:UseSession" + ], + "Condition":{ + "Bool":{ + "aws:IsMcpServiceAction":"true" + }, + "StringEquals":{ + "partnercentral:Catalog":[ + "AWS", + "Sandbox" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PartnerCentralAgentsSessionAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:02:55+00:00" + "UpdateDate":"2026-03-12T16:57:13+00:00" }, "PowerUserAccess":{ "CreateDate":"2015-02-06T18:39:47+00:00", @@ -122795,7 +125587,7 @@ }, "ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:48+00:00", - "DefaultVersionId":"v178", + "DefaultVersionId":"v181", "Document":{ "Statement":[ { @@ -122872,8 +125664,8 @@ "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:ListAccessPolicies", - "aoss:ListCollections", "aoss:ListCollectionGroups", + "aoss:ListCollections", "aoss:ListLifecyclePolicies", "aoss:ListSecurityConfigs", "aoss:ListSecurityPolicies", @@ -122986,10 +125778,15 @@ "apptest:ListTestRunTestCases", "apptest:ListTestSuites", "aps:DescribeAlertManagerDefinition", + "aps:DescribeAnomalyDetector", "aps:DescribeLoggingConfiguration", + "aps:DescribeQueryLoggingConfiguration", + "aps:DescribeResourcePolicy", "aps:DescribeRuleGroupsNamespace", "aps:DescribeScraper", + "aps:DescribeScraperLoggingConfiguration", "aps:DescribeWorkspace", + "aps:DescribeWorkspaceConfiguration", "aps:GetAlertManagerSilence", "aps:GetAlertManagerStatus", "aps:GetDefaultScraperConfiguration", @@ -123001,11 +125798,13 @@ "aps:ListAlertManagerReceivers", "aps:ListAlertManagerSilences", "aps:ListAlerts", + "aps:ListAnomalyDetectors", "aps:ListRuleGroupsNamespaces", "aps:ListRules", "aps:ListScrapers", "aps:ListTagsForResource", "aps:ListWorkspaces", + "aps:PreviewAnomalyDetector", "aps:QueryMetrics", "arc-region-switch:GetPlan", "arc-region-switch:GetPlanEvaluationStatus", @@ -123079,31 +125878,45 @@ "bedrock-agentcore:GetAgentRuntimeEndpoint", "bedrock-agentcore:GetApiKeyCredentialProvider", "bedrock-agentcore:GetBrowser", + "bedrock-agentcore:GetBrowserProfile", "bedrock-agentcore:GetBrowserSession", "bedrock-agentcore:GetCodeInterpreter", "bedrock-agentcore:GetCodeInterpreterSession", + "bedrock-agentcore:GetEvaluator", "bedrock-agentcore:GetEvent", "bedrock-agentcore:GetGateway", "bedrock-agentcore:GetGatewayTarget", "bedrock-agentcore:GetMemory", "bedrock-agentcore:GetMemoryRecord", "bedrock-agentcore:GetOauth2CredentialProvider", + "bedrock-agentcore:GetOnlineEvaluationConfig", + "bedrock-agentcore:GetPolicy", + "bedrock-agentcore:GetPolicyEngine", + "bedrock-agentcore:GetPolicyGeneration", "bedrock-agentcore:GetTokenVault", "bedrock-agentcore:GetWorkloadIdentity", "bedrock-agentcore:ListAgentRuntimeEndpoints", "bedrock-agentcore:ListAgentRuntimes", "bedrock-agentcore:ListAgentRuntimeVersions", "bedrock-agentcore:ListApiKeyCredentialProviders", + "bedrock-agentcore:ListBrowserProfiles", "bedrock-agentcore:ListBrowsers", "bedrock-agentcore:ListBrowserSessions", "bedrock-agentcore:ListCodeInterpreters", "bedrock-agentcore:ListCodeInterpreterSessions", + "bedrock-agentcore:ListEvaluators", "bedrock-agentcore:ListEvents", "bedrock-agentcore:ListGateways", "bedrock-agentcore:ListGatewayTargets", "bedrock-agentcore:ListMemories", "bedrock-agentcore:ListMemoryRecords", "bedrock-agentcore:ListOauth2CredentialProviders", + "bedrock-agentcore:ListOnlineEvaluationConfigs", + "bedrock-agentcore:ListPolicies", + "bedrock-agentcore:ListPolicyEngines", + "bedrock-agentcore:ListPolicyGenerationAssets", + "bedrock-agentcore:ListPolicyGenerations", + "bedrock-agentcore:ListTagsForResource", "bedrock-agentcore:ListWorkloadIdentities", "bedrock-agentcore:RetrieveMemoryRecords", "bedrock:GetAgent", @@ -123242,7 +126055,6 @@ "cleanrooms-ml:ListConfiguredAudienceModels", "cleanrooms-ml:ListTagsForResource", "cleanrooms-ml:ListTrainingDatasets", - "cloudformation:BatchDescribeTypeConfigurations", "cleanrooms:BatchGetCollaborationAnalysisTemplate", "cleanrooms:BatchGetSchema", "cleanrooms:BatchGetSchemaAnalysisRule", @@ -123294,6 +126106,7 @@ "clouddirectory:Get*", "clouddirectory:List*", "clouddirectory:LookupPolicy", + "cloudformation:BatchDescribeTypeConfigurations", "cloudformation:Describe*", "cloudformation:Detect*", "cloudformation:Estimate*", @@ -123354,6 +126167,18 @@ "codecommit:Get*", "codecommit:GitPull", "codecommit:List*", + "codeconnections:GetConnection", + "codeconnections:GetHost", + "codeconnections:GetRepositoryLink", + "codeconnections:GetRepositorySyncStatus", + "codeconnections:GetResourceSyncStatus", + "codeconnections:GetSyncConfiguration", + "codeconnections:ListConnections", + "codeconnections:ListHosts", + "codeconnections:ListRepositoryLinks", + "codeconnections:ListRepositorySyncDefinitions", + "codeconnections:ListSyncConfigurations", + "codeconnections:ListTagsForResource", "codedeploy:BatchGet*", "codedeploy:Get*", "codedeploy:List*", @@ -123739,6 +126564,8 @@ "elastictranscoder:Read*", "elemental-appliances-software:Get*", "elemental-appliances-software:List*", + "elemental-inference:GetFeed", + "elemental-inference:ListFeeds", "emr-containers:DescribeJobRun", "emr-containers:DescribeManagedEndpoint", "emr-containers:DescribeVirtualCluster", @@ -124235,8 +127062,8 @@ "kendra:DescribeThesaurus", "kendra:GetQuerySuggestions", "kendra:GetSnapshots", - "kendra:ListDataSourceSyncJobs", "kendra:ListDataSources", + "kendra:ListDataSourceSyncJobs", "kendra:ListEntityPersonas", "kendra:ListExperienceEntities", "kendra:ListExperiences", @@ -124313,21 +127140,21 @@ "lex:DescribeSlot", "lex:DescribeSlotType", "lex:Get*", - "lex:ListBotAliasReplicas", "lex:ListBotAliases", + "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotLocales", "lex:ListBotReplicas", + "lex:ListBots", "lex:ListBotVersionReplicas", "lex:ListBotVersions", - "lex:ListBots", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", - "lex:ListSlotTypes", "lex:ListSlots", + "lex:ListSlotTypes", "lex:ListTagsForResource", "license-manager:Get*", "license-manager:List*", @@ -124349,9 +127176,9 @@ "lightsail:GetContainerServicePowers", "lightsail:GetContainerServices", "lightsail:GetDisk", + "lightsail:GetDisks", "lightsail:GetDiskSnapshot", "lightsail:GetDiskSnapshots", - "lightsail:GetDisks", "lightsail:GetDistributionBundles", "lightsail:GetDistributionLatestCacheReset", "lightsail:GetDistributionMetricData", @@ -124362,16 +127189,16 @@ "lightsail:GetInstance", "lightsail:GetInstanceMetricData", "lightsail:GetInstancePortStates", + "lightsail:GetInstances", "lightsail:GetInstanceSnapshot", "lightsail:GetInstanceSnapshots", "lightsail:GetInstanceState", - "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetKeyPairs", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancerMetricData", - "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetOperation", "lightsail:GetOperations", "lightsail:GetOperationsForResource", @@ -124384,15 +127211,16 @@ "lightsail:GetRelationalDatabaseLogStreams", "lightsail:GetRelationalDatabaseMetricData", "lightsail:GetRelationalDatabaseParameters", + "lightsail:GetRelationalDatabases", "lightsail:GetRelationalDatabaseSnapshot", "lightsail:GetRelationalDatabaseSnapshots", - "lightsail:GetRelationalDatabases", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "lightsail:Is*", "logs:Describe*", "logs:FilterLogEvents", "logs:Get*", + "logs:ListAggregateLogGroupSummaries", "logs:ListAnomalies", "logs:ListEntitiesForLogGroup", "logs:ListIntegrations", @@ -124400,6 +127228,8 @@ "logs:ListLogDeliveries", "logs:ListLogGroupsForEntity", "logs:ListLogGroupsForQuery", + "logs:ListScheduledQueries", + "logs:ListSourcesForS3TableIntegration", "logs:ListTagsForResource", "logs:ListTagsLogGroup", "logs:StartLiveTail", @@ -124407,9 +127237,6 @@ "logs:StopLiveTail", "logs:StopQuery", "logs:TestMetricFilter", - "logs:ListAggregateLogGroupSummaries", - "logs:ListSourcesForS3TableIntegration", - "logs:ListScheduledQueries", "lookoutequipment:DescribeDataIngestionJob", "lookoutequipment:DescribeDataset", "lookoutequipment:DescribeInferenceScheduler", @@ -124426,8 +127253,8 @@ "lookoutequipment:ListInferenceSchedulers", "lookoutequipment:ListLabelGroups", "lookoutequipment:ListLabels", - "lookoutequipment:ListModelVersions", "lookoutequipment:ListModels", + "lookoutequipment:ListModelVersions", "lookoutequipment:ListRetrainingSchedulers", "lookoutequipment:ListSensorStatistics", "lookoutequipment:ListTagsForResource", @@ -124450,8 +127277,8 @@ "m2:GetDataSetImportTask", "m2:GetDeployment", "m2:GetEnvironment", - "m2:ListApplicationVersions", "m2:ListApplications", + "m2:ListApplicationVersions", "m2:ListBatchJobDefinitions", "m2:ListBatchJobExecutions", "m2:ListDataSetImportHistory", @@ -124473,10 +127300,10 @@ "macie2:GetClassificationExportConfiguration", "macie2:GetClassificationScope", "macie2:GetCustomDataIdentifier", - "macie2:GetFindingStatistics", "macie2:GetFindings", "macie2:GetFindingsFilter", "macie2:GetFindingsPublicationConfiguration", + "macie2:GetFindingStatistics", "macie2:GetInvitationsCount", "macie2:GetMacieSession", "macie2:GetMember", @@ -124509,8 +127336,8 @@ "managedblockchain:ListMembers", "managedblockchain:ListNetworks", "managedblockchain:ListNodes", - "managedblockchain:ListProposalVotes", "managedblockchain:ListProposals", + "managedblockchain:ListProposalVotes", "managedblockchain:ListTagsForResource", "mediaconnect:DescribeFlow", "mediaconnect:DescribeFlowSourceMetadata", @@ -124535,10 +127362,10 @@ "mediaconnect:ListRouterOutputs", "mediaconnect:ListTagsForResource", "mediaconvert:DescribeEndpoints", - "mediaconvert:Probe", - "mediaconvert:SearchJobs", "mediaconvert:Get*", "mediaconvert:List*", + "mediaconvert:Probe", + "mediaconvert:SearchJobs", "medialive:DescribeAccountConfiguration", "medialive:DescribeChannel", "medialive:DescribeChannelPlacementGroup", @@ -124677,9 +127504,9 @@ "networkflowmonitor:ListScopes", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectAttachment", + "networkmanager:GetConnections", "networkmanager:GetConnectPeer", "networkmanager:GetConnectPeerAssociations", - "networkmanager:GetConnections", "networkmanager:GetCoreNetwork", "networkmanager:GetCoreNetworkChangeEvents", "networkmanager:GetCoreNetworkChangeSet", @@ -124695,15 +127522,15 @@ "networkmanager:GetNetworkTelemetry", "networkmanager:GetResourcePolicy", "networkmanager:GetRouteAnalysis", - "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetSites", + "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetTransitGatewayConnectPeerAssociations", "networkmanager:GetTransitGatewayPeering", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:GetTransitGatewayRouteTableAttachment", "networkmanager:GetVpcAttachment", - "networkmanager:ListAttachments", "networkmanager:ListAttachmentRoutingPolicyAssociations", + "networkmanager:ListAttachments", "networkmanager:ListConnectPeers", "networkmanager:ListCoreNetworkPolicyVersions", "networkmanager:ListCoreNetworkPrefixListAssociations", @@ -124755,23 +127582,23 @@ "oam:ListLinks", "oam:ListSinks", "observabilityadmin:GetCentralizationRuleForOrganization", + "observabilityadmin:GetS3TableIntegration", "observabilityadmin:GetTelemetryEnrichmentStatus", "observabilityadmin:GetTelemetryEvaluationStatus", "observabilityadmin:GetTelemetryEvaluationStatusForOrganization", + "observabilityadmin:GetTelemetryPipeline", "observabilityadmin:GetTelemetryRule", "observabilityadmin:GetTelemetryRuleForOrganization", "observabilityadmin:ListCentralizationRulesForOrganization", "observabilityadmin:ListResourceTelemetry", "observabilityadmin:ListResourceTelemetryForOrganization", + "observabilityadmin:ListS3TableIntegrations", "observabilityadmin:ListTagsForResource", + "observabilityadmin:ListTelemetryPipelines", "observabilityadmin:ListTelemetryRules", "observabilityadmin:ListTelemetryRulesForOrganization", - "observabilityadmin:GetTelemetryPipeline", - "observabilityadmin:ListTelemetryPipelines", "observabilityadmin:TestTelemetryPipeline", "observabilityadmin:ValidateTelemetryPipelineConfiguration", - "observabilityadmin:ListS3TableIntegrations", - "observabilityadmin:GetS3TableIntegration", "omics:Get*", "omics:List*", "one:GetDeviceConfigurationTemplate", @@ -124864,11 +127691,11 @@ "proton:GetServiceTemplateVersion", "proton:ListDeployments", "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", "proton:ListEnvironments", + "proton:ListEnvironmentTemplates", "proton:ListServiceInstances", - "proton:ListServiceTemplates", "proton:ListServices", + "proton:ListServiceTemplates", "proton:ListTagsForResource", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", @@ -124884,8 +127711,8 @@ "qbusiness:GetUser", "qbusiness:GetWebExperience", "qbusiness:ListApplications", - "qbusiness:ListDataSourceSyncJobs", "qbusiness:ListDataSources", + "qbusiness:ListDataSourceSyncJobs", "qbusiness:ListGroups", "qbusiness:ListIndices", "qbusiness:ListPlugins", @@ -124943,15 +127770,15 @@ "refactor-spaces:GetRoute", "refactor-spaces:GetService", "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironmentVpcs", "refactor-spaces:ListEnvironments", + "refactor-spaces:ListEnvironmentVpcs", "refactor-spaces:ListRoutes", "refactor-spaces:ListServices", "refactor-spaces:ListTagsForResource", "rekognition:CompareFaces", "rekognition:DescribeDataset", - "rekognition:DescribeProjectVersions", "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", "rekognition:DescribeStreamProcessor", "rekognition:Detect*", "rekognition:GetCelebrityInfo", @@ -124984,11 +127811,11 @@ "resiliencehub:ListAppComponentCompliances", "resiliencehub:ListAppComponentRecommendations", "resiliencehub:ListAppInputSources", + "resiliencehub:ListApps", "resiliencehub:ListAppVersionAppComponents", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListAppVersionResources", "resiliencehub:ListAppVersions", - "resiliencehub:ListApps", "resiliencehub:ListMetrics", "resiliencehub:ListRecommendationTemplates", "resiliencehub:ListResiliencyPolicies", @@ -125047,6 +127874,22 @@ "route53domains:Get*", "route53domains:List*", "route53domains:View*", + "route53globalresolver:GetAccessSource", + "route53globalresolver:GetDNSView", + "route53globalresolver:GetFirewallDomainList", + "route53globalresolver:GetFirewallRule", + "route53globalresolver:GetGlobalResolver", + "route53globalresolver:GetHostedZoneAssociation", + "route53globalresolver:GetManagedFirewallDomainList", + "route53globalresolver:ListAccessSources", + "route53globalresolver:ListAccessTokens", + "route53globalresolver:ListDNSViews", + "route53globalresolver:ListFirewallDomainLists", + "route53globalresolver:ListFirewallDomains", + "route53globalresolver:ListFirewallRules", + "route53globalresolver:ListGlobalResolvers", + "route53globalresolver:ListHostedZoneAssociations", + "route53globalresolver:ListManagedFirewallDomainLists", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfileResourceAssociation", @@ -125096,14 +127939,16 @@ "s3:DescribeJob", "s3:Get*", "s3:List*", - "s3vectors:GetIndex", - "s3vectors:GetVectorBucket", - "s3vectors:GetVectorBucketPolicy", - "s3vectors:GetVectors", - "s3vectors:ListIndexes", - "s3vectors:ListVectorBuckets", - "s3vectors:ListVectors", - "s3vectors:QueryVectors", + "s3express:GetAccessPoint", + "s3express:GetAccessPointPolicy", + "s3express:GetAccessPointScope", + "s3express:GetBucketPolicy", + "s3express:GetEncryptionConfiguration", + "s3express:GetLifecycleConfiguration", + "s3express:ListAccessPointsForDirectoryBuckets", + "s3express:ListAllMyDirectoryBuckets", + "s3express:ListTagsForResource", + "s3tables:GetNamespace", "s3tables:GetTable", "s3tables:GetTableBucket", "s3tables:GetTableBucketEncryption", @@ -125126,7 +127971,14 @@ "s3tables:ListTableBuckets", "s3tables:ListTables", "s3tables:ListTagsForResource", - "s3tables:GetNamespace", + "s3vectors:GetIndex", + "s3vectors:GetVectorBucket", + "s3vectors:GetVectorBucketPolicy", + "s3vectors:GetVectors", + "s3vectors:ListIndexes", + "s3vectors:ListVectorBuckets", + "s3vectors:ListVectors", + "s3vectors:QueryVectors", "sagemaker:Describe*", "sagemaker:GetSearchSuggestions", "sagemaker:List*", @@ -125215,8 +128067,8 @@ "sms-voice:DescribeAccountLimits", "sms-voice:DescribeConfigurationSets", "sms-voice:DescribeKeywords", - "sms-voice:DescribeOptOutLists", "sms-voice:DescribeOptedOutNumbers", + "sms-voice:DescribeOptOutLists", "sms-voice:DescribePhoneNumbers", "sms-voice:DescribePools", "sms-voice:DescribeProtectConfigurations", @@ -125312,12 +128164,12 @@ "support:DescribeIssueTypes", "support:DescribeServices", "support:DescribeSeverityLevels", - "support:DescribeSupportLevel", "support:DescribeSupportedLanguages", + "support:DescribeSupportLevel", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", - "support:DescribeTrustedAdvisorCheckSummaries", "support:DescribeTrustedAdvisorChecks", + "support:DescribeTrustedAdvisorCheckSummaries", "support:SearchForCases", "supportplans:GetSupportPlan", "supportplans:GetSupportPlanUpdateStatus", @@ -125391,6 +128243,8 @@ "user-subscriptions:ListClaims", "user-subscriptions:ListUserSubscriptions", "uxc:GetAccountColor", + "uxc:GetAccountCustomizations", + "uxc:ListServices", "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", @@ -125404,6 +128258,7 @@ "verifiedpermissions:ListPolicyTemplates", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetAuthPolicy", + "vpc-lattice:GetDomainVerification", "vpc-lattice:GetListener", "vpc-lattice:GetResourceConfiguration", "vpc-lattice:GetResourceGateway", @@ -125416,15 +128271,16 @@ "vpc-lattice:GetServiceNetworkVpcAssociation", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", + "vpc-lattice:ListDomainVerifications", "vpc-lattice:ListListeners", "vpc-lattice:ListResourceConfigurations", "vpc-lattice:ListResourceEndpointAssociations", "vpc-lattice:ListResourceGateways", "vpc-lattice:ListRules", "vpc-lattice:ListServiceNetworkResourceAssociations", + "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServiceNetworkServiceAssociations", "vpc-lattice:ListServiceNetworkVpcAssociations", - "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServiceNetworkVpcEndpointAssociations", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", @@ -125488,13 +128344,26 @@ "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyActionsGroup2" + }, + { + "Action":[ + "s3express:CreateSession" + ], + "Condition":{ + "StringEquals":{ + "s3express:SessionMode":"ReadOnly" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ExpressReadOnlySessionObjectAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:01:33+00:00" + "UpdateDate":"2026-03-31T22:51:50+00:00" }, "ResourceGroupsServiceRolePolicy":{ "CreateDate":"2023-01-05T16:57:08+00:00", @@ -126383,7 +129252,7 @@ }, "SageMakerStudioAdminIAMConsolePolicy":{ "CreateDate":"2025-08-18T22:49:07+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -126846,17 +129715,59 @@ "Effect":"Allow", "Resource":"*", "Sid":"DataZoneKMSGrantPermissions" + }, + { + "Action":[ + "glue:GetCatalog" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"GlueCatalogPermissions" + }, + { + "Action":[ + "sso:DeleteApplication" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"datazone.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sso::*:application/*/*" + ], + "Sid":"SSOApplicationPermissions" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "Null":{ + "kms:EncryptionContext:aws:sso:instance-arn":"false" + }, + "StringLike":{ + "kms:ViaService":"sso.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOKMSPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:59:21+00:00" + "UpdateDate":"2026-03-27T17:42:13+00:00" }, "SageMakerStudioAdminIAMDefaultExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", - "DefaultVersionId":"v18", + "DefaultVersionId":"v20", "Document":{ "Statement":[ { @@ -127066,7 +129977,9 @@ "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", - "sagemaker-mlflow:*" + "sagemaker-mlflow:*", + "sagemaker:*Feature*", + "sagemaker:*Record" ], "Effect":"Allow", "Resource":"*", @@ -127115,7 +130028,8 @@ ], "Effect":"Allow", "Resource":[ - "arn:aws:cloudformation:*:*:stack/DataZone*" + "arn:aws:cloudformation:*:*:stack/DataZone*", + "arn:aws:cloudformation:*:*:transform/*" ], "Sid":"CfnManage" }, @@ -127128,6 +130042,7 @@ { "Action":[ "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:Describe*", @@ -127155,7 +130070,8 @@ "lakeformation:RevokePermissions", "lakeformation:ListLakeFormationOptIns", "lakeformation:CreateLakeFormationOptIn", - "lakeformation:DeleteLakeFormationOptIn" + "lakeformation:DeleteLakeFormationOptIn", + "lakeformation:*DataCellsFilter" ], "Effect":"Allow", "Resource":"*", @@ -127754,22 +130670,75 @@ { "Action":[ "emr-serverless:ListApplications", - "emr-serverless:GetApplication" + "emr-serverless:GetApplication", + "emr-serverless:GetDashboardForJobRun", + "emr-serverless:GetJobRun", + "emr-serverless:ListJobRunAttempts", + "emr-serverless:ListJobRuns", + "emr-serverless:ListTagsForResource", + "emr-serverless:StartApplication", + "emr-serverless:StartJobRun", + "emr-serverless:AccessLivyEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"EMRServerless" + }, + { + "Action":[ + "sso:CreateApplication", + "sso:PutApplicationGrant", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationAccessScope", + "sso:UpdateApplication", + "sso:CreateApplicationAssignment", + "sso:DeleteApplicationAssignment" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOApplicationPermissions" + }, + { + "Action":[ + "sso:ListInstances", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOReadOnlyPermissions" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "Null":{ + "kms:EncryptionContext:aws:sso:instance-arn":"false" + }, + "StringLike":{ + "kms:ViaService":"sso.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOKMSPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:00:15+00:00" + "UpdateDate":"2026-03-27T17:27:16+00:00" }, "SageMakerStudioAdminIAMPermissiveExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", - "DefaultVersionId":"v15", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -127780,7 +130749,8 @@ "redshift-data:*", "redshift-serverless:*", "redshift:*", - "s3:*" + "s3:*", + "s3tables:*" ], "Effect":"Allow", "Resource":"*", @@ -127811,7 +130781,8 @@ ], "Effect":"Allow", "Resource":[ - "arn:aws:cloudformation:*:*:stack/DataZone*" + "arn:aws:cloudformation:*:*:stack/DataZone*", + "arn:aws:cloudformation:*:*:transform/*" ], "Sid":"CfnManage" }, @@ -128010,7 +130981,8 @@ "lakeformation:RevokePermissions", "lakeformation:ListLakeFormationOptIns", "lakeformation:CreateLakeFormationOptIn", - "lakeformation:DeleteLakeFormationOptIn" + "lakeformation:DeleteLakeFormationOptIn", + "lakeformation:*DataCellsFilter" ], "Effect":"Allow", "Resource":"*", @@ -128440,13 +131412,58 @@ "Effect":"Deny", "Resource":"arn:aws:athena:*:*:workgroup/*/session/*", "Sid":"DenyTaggingUntaggingForeignAthenaSessions" + }, + { + "Action":[ + "sso:CreateApplication", + "sso:PutApplicationGrant", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationAccessScope", + "sso:UpdateApplication", + "sso:CreateApplicationAssignment", + "sso:DeleteApplicationAssignment" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOApplicationPermissions" + }, + { + "Action":[ + "sso:ListInstances", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOReadOnlyPermissions" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "Null":{ + "kms:EncryptionContext:aws:sso:instance-arn":"false" + }, + "StringLike":{ + "kms:ViaService":"sso.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SSOKMSPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T17:58:44+00:00" + "UpdateDate":"2026-03-27T17:27:08+00:00" }, "SageMakerStudioAdminProjectUserRolePolicy":{ "CreateDate":"2025-07-09T20:52:08+00:00", @@ -130670,7 +133687,7 @@ }, "SageMakerStudioProjectProvisioningRolePolicy":{ "CreateDate":"2024-11-20T21:58:39+00:00", - "DefaultVersionId":"v76", + "DefaultVersionId":"v78", "Document":{ "Statement":[ { @@ -131307,7 +134324,8 @@ "redshift-serverless.amazonaws.com", "redshift.amazonaws.com", "emr-serverless.amazonaws.com", - "airflow.amazonaws.com" + "airflow.amazonaws.com", + "athena.amazonaws.com" ] } }, @@ -132440,7 +135458,8 @@ "arn:aws:iam::*:role/aws-service-role/ops.emr-serverless.amazonaws.com/AWSServiceRoleForAmazonEMRServerless", "arn:aws:iam::*:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA", "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup", - "arn:aws:iam::*:role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers" + "arn:aws:iam::*:role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers", + "arn:aws:iam::*:role/aws-service-role/ops.athena.amazonaws.com/AWSServiceRoleForAmazonAthena" ], "Sid":"CreateSLR" }, @@ -133666,7 +136685,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:03:06+00:00" + "UpdateDate":"2026-03-11T16:27:10+00:00" }, "SageMakerStudioProjectRoleMachineLearningPolicy":{ "CreateDate":"2024-11-20T21:55:27+00:00", @@ -137348,7 +140367,7 @@ }, "SageMakerStudioProjectUserRolePolicy":{ "CreateDate":"2024-11-20T21:59:23+00:00", - "DefaultVersionId":"v61", + "DefaultVersionId":"v64", "Document":{ "Statement":[ { @@ -137422,7 +140441,7 @@ }, "Effect":"Allow", "Resource":"*", - "Sid":"CommonUserCodeCommitPermissions" + "Sid":"CodeCommit" }, { "Action":[ @@ -137448,7 +140467,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", - "Sid":"CodeCommitKmsPermissions" + "Sid":"CodeCommitKms" }, { "Action":[ @@ -137456,7 +140475,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"AllowCodeWhispererGenerateRecommendations" + "Sid":"CodeWhisperer" }, { "Action":[ @@ -137487,7 +140506,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", - "Sid":"AllowGlueCreateEniOnSecurityGroup" + "Sid":"GlueENIonSG" }, { "Action":[ @@ -137500,7 +140519,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:subnet/*", - "Sid":"AllowGlueCreateEniOnSubnet" + "Sid":"GlueENIonSubnet" }, { "Action":[ @@ -137518,7 +140537,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", - "Sid":"AllowManageGlueEni" + "Sid":"GlueNetwork" }, { "Action":[ @@ -137534,7 +140553,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", - "Sid":"AllowAttachGlueEniOnInstance" + "Sid":"GlueEniOnInstance" }, { "Action":[ @@ -137563,7 +140582,7 @@ }, "Effect":"Allow", "Resource":"*", - "Sid":"FederatedDataConnectionGlueSecret" + "Sid":"GlueSecret" }, { "Action":[ @@ -138176,10 +141195,10 @@ ], "Condition":{ "StringEquals":{ - "kms:EncryptionContext:aws:datazone:domainId":"${aws:PrincipalTag/AmazonDataZoneDomain}", - "kms:ViaService":[ - "datazone.*.amazonaws.com" - ] + "kms:EncryptionContext:aws:datazone:domainId":"${aws:PrincipalTag/AmazonDataZoneDomain}" + }, + "StringLike":{ + "kms:ViaService":"datazone.*.amazonaws.com" } }, "Effect":"Allow", @@ -138456,6 +141475,19 @@ "Resource":"*", "Sid":"GlueDatalakePermissions" }, + { + "Action":[ + "glue:*ColumnStatistics*", + "glue:*Database*", + "glue:*Partition*", + "glue:*Table*", + "glue:GetCatalog*", + "glue:GetUserDefinedFunction*" + ], + "Effect":"Allow", + "Resource":"arn:*:glue:*:*:catalog/s3tablescatalog", + "Sid":"S3TCatalogPermissions" + }, { "Action":"glue:ListCrawls", "Condition":{ @@ -138465,7 +141497,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:crawler/*", - "Sid":"GlueCrawlerPermissions" + "Sid":"GlueCrawler" }, { "Action":[ @@ -138478,7 +141510,7 @@ "arn:aws:glue:*:*:database/global_temp", "arn:aws:glue:*:*:catalog" ], - "Sid":"GlueGlobalTempDatabasePermissions" + "Sid":"GlueGlobalTempDb" }, { "Action":[ @@ -138494,7 +141526,7 @@ "Resource":[ "arn:aws:glue:*:*:catalog" ], - "Sid":"GlueDefaultCatalogsPermissions" + "Sid":"GlueDefaultCatalogs" }, { "Action":[ @@ -138511,7 +141543,7 @@ "Resource":[ "arn:aws:glue:*:*:catalog/*" ], - "Sid":"GlueNonDefaultCatalogsPermissions" + "Sid":"GlueNonDefaultCatalogs" }, { "Action":[ @@ -138524,7 +141556,7 @@ "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog/*" ], - "Sid":"GlueCatalogDatabasePermissions" + "Sid":"GlueCatalogDb" }, { "Action":[ @@ -138533,7 +141565,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"LakeFormationPermissionForDataLakeAccess" + "Sid":"LFforDL" }, { "Action":[ @@ -138613,7 +141645,7 @@ "Resource":[ "arn:aws:sts::*:self" ], - "Sid":"SetContextForTrustedIdentityPropagation" + "Sid":"SetContextForTIP" }, { "Action":"sts:SetContext", @@ -138663,7 +141695,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"GlueEntitiesAccessForFederatedDatabase" + "Sid":"GlueEntities" }, { "Action":[ @@ -138673,6 +141705,7 @@ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ + "airflow-serverless.amazonaws.com", "sagemaker.amazonaws.com", "glue.amazonaws.com", "airflow.amazonaws.com", @@ -138704,7 +141737,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"SQLWorkBenchActionsWithoutResourceType" + "Sid":"SQLWorkBench" }, { "Action":"sqlworkbench:AssociateNotebookWithTab", @@ -138764,7 +141797,7 @@ }, "Effect":"Allow", "Resource":"*", - "Sid":"RedshiftDataActionsForResources" + "Sid":"RedshiftDataActions" }, { "Action":[ @@ -138791,7 +141824,7 @@ }, "Effect":"Allow", "Resource":"*", - "Sid":"AllowAccessExistingRedshiftCompute" + "Sid":"ExistingRedshiftCompute" }, { "Action":[ @@ -138892,7 +141925,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:redshift-serverless:*:*:workgroup/*", - "Sid":"RedshifServerlessCredentialsForManagedWorkgroup" + "Sid":"RssCreds" }, { "Action":"tag:GetResources", @@ -139206,7 +142239,7 @@ "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], - "Sid":"InvokeBedrockModel" + "Sid":"InvokeBRModel" }, { "Action":[ @@ -139243,7 +142276,7 @@ }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", - "Sid":"InvokeBedrockModelAppInferenceProfilePermissions" + "Sid":"InvokeBedrockModel" }, { "Action":[ @@ -140139,7 +143172,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-17T06:57:11+00:00" + "UpdateDate":"2026-03-25T21:12:09+00:00" }, "SageMakerStudioQueryExecutionRolePolicy":{ "CreateDate":"2025-01-31T19:52:07+00:00", @@ -140222,7 +143255,7 @@ }, "SageMakerStudioUserIAMConsolePolicy":{ "CreateDate":"2025-08-18T22:49:07+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -140243,7 +143276,9 @@ "datazone:GetGroupProfile", "datazone:SearchGroupProfiles", "datazone:SearchUserProfiles", - "datazone:ListProjectMemberships" + "datazone:ListProjectMemberships", + "datazone:GetConnection", + "datazone:ListConnections" ], "Effect":"Allow", "Resource":[ @@ -140285,11 +143320,11 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:00:10+00:00" + "UpdateDate":"2026-03-31T21:12:16+00:00" }, "SageMakerStudioUserIAMDefaultExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", - "DefaultVersionId":"v21", + "DefaultVersionId":"v23", "Document":{ "Statement":[ { @@ -140346,7 +143381,9 @@ "datazone:StopNotebookCompute", "datazone:StartConversation", "datazone:GenerateCode", - "datazone:SendMessage" + "datazone:SendMessage", + "datazone:StartNotebookImport", + "datazone:StartNotebookExport" ], "Effect":"Allow", "Resource":"*", @@ -140532,7 +143569,9 @@ "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", - "sagemaker-mlflow:*" + "sagemaker-mlflow:*", + "sagemaker:*Feature*", + "sagemaker:*Record" ], "Effect":"Allow", "Resource":"*", @@ -140566,6 +143605,7 @@ { "Action":[ "cloudwatch:PutMetricData", + "cloudwatch:GetMetricData", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:Describe*", @@ -141213,7 +144253,15 @@ { "Action":[ "emr-serverless:ListApplications", - "emr-serverless:GetApplication" + "emr-serverless:GetApplication", + "emr-serverless:GetDashboardForJobRun", + "emr-serverless:GetJobRun", + "emr-serverless:ListJobRunAttempts", + "emr-serverless:ListJobRuns", + "emr-serverless:ListTagsForResource", + "emr-serverless:StartApplication", + "emr-serverless:StartJobRun", + "emr-serverless:AccessLivyEndpoints" ], "Effect":"Allow", "Resource":"*", @@ -141224,11 +144272,11 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:02:28+00:00" + "UpdateDate":"2026-03-27T17:27:15+00:00" }, "SageMakerStudioUserIAMPermissiveExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:08+00:00", - "DefaultVersionId":"v15", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -141239,7 +144287,8 @@ "redshift-data:*", "redshift-serverless:*", "redshift:*", - "s3:*" + "s3:*", + "s3tables:*" ], "Effect":"Allow", "Resource":"*", @@ -141354,7 +144403,9 @@ "datazone:StopNotebookCompute", "datazone:StartConversation", "datazone:GenerateCode", - "datazone:SendMessage" + "datazone:SendMessage", + "datazone:StartNotebookImport", + "datazone:StartNotebookExport" ], "Effect":"Allow", "Resource":"*", @@ -141840,7 +144891,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:00:47+00:00" + "UpdateDate":"2026-03-27T17:27:10+00:00" }, "SecretsManagerReadWrite":{ "CreateDate":"2018-04-04T18:05:29+00:00", @@ -142056,7 +145107,7 @@ }, "SecurityAudit":{ "CreateDate":"2015-02-06T18:41:01+00:00", - "DefaultVersionId":"v84", + "DefaultVersionId":"v85", "Document":{ "Statement":[ { @@ -142201,8 +145252,8 @@ "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborationIdNamespaceAssociations", - "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborationPrivacyBudgets", + "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredAudienceModelAssociations", "cleanrooms:ListConfiguredTableAssociations", @@ -142211,8 +145262,8 @@ "cleanrooms:ListIdNamespaceAssociations", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", - "cleanrooms:ListPrivacyBudgetTemplates", "cleanrooms:ListPrivacyBudgets", + "cleanrooms:ListPrivacyBudgetTemplates", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource", @@ -142466,9 +145517,9 @@ "glue:GetTags", "grafana:ListWorkspaces", "greengrass:List*", - "guardduty:DescribePublishingDestination", - "guardduty:DescribeOrganizationConfiguration", "guardduty:DescribeMalwareScans", + "guardduty:DescribeOrganizationConfiguration", + "guardduty:DescribePublishingDestination", "guardduty:Get*", "guardduty:List*", "health:DescribeAffectedAccountsForOrganization", @@ -142565,10 +145616,13 @@ "kms:Get*", "kms:List*", "lambda:GetAccountSettings", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", + "lambda:GetRuntimeManagementConfig", "lambda:List*", "lex:DescribeBot", "lex:DescribeResourcePolicy", @@ -142696,6 +145750,8 @@ "route53domains:ListTagsForDomain", "route53resolver:Get*", "route53resolver:List*", + "s3-object-lambda:GetObjectAcl", + "s3-object-lambda:GetObjectVersionAcl", "s3-outposts:ListEndpoints", "s3-outposts:ListOutpostsWithS3", "s3-outposts:ListSharedEndpoints", @@ -142704,11 +145760,11 @@ "s3:GetAccessGrantsInstanceResourcePolicy", "s3:GetAccessPoint", "s3:GetAccessPointConfigurationForObjectLambda", + "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", - "s3:GetAccessPointForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucket*", @@ -142723,32 +145779,30 @@ "s3:GetObjectTagging", "s3:GetObjectVersionAcl", "s3:GetReplicationConfiguration", - "s3:GetStorageLensGroup", "s3:GetStorageLensConfiguration", + "s3:GetStorageLensGroup", + "s3:ListAccessGrants", + "s3:ListAccessGrantsInstances", "s3:ListAccessPoints", + "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListAccessPointsForObjectLambda", - "s3:ListStorageLensGroups", - "s3:ListJobs", "s3:ListCallerAccessGrants", - "s3:ListAccessGrantsInstances", - "s3:ListAccessGrants", + "s3:ListJobs", + "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", - "s3express:ListAllMyDirectoryBuckets", - "s3express:GetEncryptionConfiguration", + "s3:ListStorageLensGroups", "s3express:GetBucketPolicy", - "s3-object-lambda:GetObjectAcl", - "s3-object-lambda:GetObjectVersionAcl", - "s3tables:ListTableBuckets", - "s3tables:ListNamespaces", - "s3tables:ListTables", + "s3express:GetEncryptionConfiguration", + "s3express:ListAllMyDirectoryBuckets", "s3tables:GetNamespace", - "s3tables:GetTableBucketPolicy", "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketPolicy", "s3tables:GetTableMaintenanceConfiguration", "s3tables:GetTablePolicy", + "s3tables:ListNamespaces", + "s3tables:ListTableBuckets", + "s3tables:ListTables", "sagemaker:Describe*", "sagemaker:List*", "schemas:DescribeCodeBinding", @@ -142838,19 +145892,21 @@ "ssm:ListResourceDataSync", "ssm:ListTagsForResource", "sso:DescribeAccountAssignmentCreationStatus", - "sso:DescribePermissionSet", "sso:DescribeAccountAssignmentDeletionStatus", "sso:DescribeApplication", "sso:DescribeApplicationAssignment", "sso:DescribeApplicationProvider", "sso:DescribeInstance", "sso:DescribeInstanceAccessControlAttributeConfiguration", + "sso:DescribePermissionSet", "sso:DescribePermissionSetProvisioningStatus", + "sso:DescribeRegion", "sso:DescribeTrustedTokenIssuer", "sso:GetApplicationAccessScope", "sso:GetApplicationAssignmentConfiguration", "sso:GetApplicationAuthenticationMethod", "sso:GetApplicationGrant", + "sso:GetApplicationSessionConfiguration", "sso:GetInlinePolicyForPermissionSet", "sso:GetPermissionsBoundaryForPermissionSet", "sso:ListAccountAssignmentCreationStatus", @@ -142877,6 +145933,7 @@ "sso:ListPermissionSetsProvisionedToAccount", "sso:ListProfileAssociations", "sso:ListProfiles", + "sso:ListRegions", "sso:ListTagsForResource", "sso:ListTrustedTokenIssuers", "states:DescribeStateMachine", @@ -143018,7 +146075,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:00:22+00:00" + "UpdateDate":"2026-03-02T17:12:11+00:00" }, "SecurityLakeResourceManagementServiceRolePolicy":{ "CreateDate":"2024-11-14T22:10:14+00:00", @@ -144627,7 +147684,7 @@ }, "ViewOnlyAccess":{ "CreateDate":"2016-11-10T17:20:15+00:00", - "DefaultVersionId":"v43", + "DefaultVersionId":"v44", "Document":{ "Statement":[ { @@ -144797,7 +147854,35 @@ "ecr:ListImages", "ecs:Describe*", "ecs:List*", + "eks:DescribeAccessEntry", + "eks:DescribeAddon", + "eks:DescribeAddonConfiguration", + "eks:DescribeAddonVersions", + "eks:DescribeCapability", + "eks:DescribeCluster", + "eks:DescribeClusterVersions", + "eks:DescribeEksAnywhereSubscription", + "eks:DescribeFargateProfile", + "eks:DescribeIdentityProviderConfig", + "eks:DescribeInsight", + "eks:DescribeInsightsRefresh", + "eks:DescribeNodegroup", + "eks:DescribePodIdentityAssociation", + "eks:DescribeUpdate", + "eks:ListAccessEntries", + "eks:ListAccessPolicies", + "eks:ListAddons", + "eks:ListAssociatedAccessPolicies", + "eks:ListCapabilities", + "eks:ListClusters", + "eks:ListEksAnywhereSubscriptions", + "eks:ListFargateProfiles", + "eks:ListIdentityProviderConfigs", + "eks:ListInsights", + "eks:ListNodegroups", + "eks:ListPodIdentityAssociations", "eks:ListTagsForResource", + "eks:ListUpdates", "elasticache:Describe*", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeApplicationVersions", @@ -145033,7 +148118,7 @@ }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2026-02-12T18:02:40+00:00" + "UpdateDate":"2026-03-31T19:27:11+00:00" }, "WAFLoggingServiceRolePolicy":{ "CreateDate":"2018-08-24T21:05:47+00:00",