Change log of AWS IAM permissions

2021-09-08

8 new actions, 2 new resources, 1 new condition | 2 updated actions

Additions

Actions

CreateMultiRegionAccessPoint
- Description: Grants permission to create a new multi region access point
- Access: Write
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
DeleteMultiRegionAccessPoint
- Description: Grants permission to delete the multi region access point named in the URI
- Access: Write
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
DescribeMultiRegionAccessPointOperation
- Description: Grants permission to retrieve the configurations for a multi region access point
- Access: Read
- Resources:
  Name: multiregionaccesspointrequestarn
  
  Required: Yes
- Conditions:
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
GetMultiRegionAccessPoint
- Description: Grants permission to return configuration information about the specified multi region access point
- Access: Read
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
GetMultiRegionAccessPointPolicy
- Description: Grants permission to returns the access point policy associated with the specified multi region access point
- Access: Read
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
GetMultiRegionAccessPointPolicyStatus
- Description: Grants permission to return the policy status for a specific multi region access point policy
- Access: Read
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
ListMultiRegionAccessPoints
- Description: Grants permission to list multi region access points
- Access: List
- Conditions:
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion
PutMultiRegionAccessPointPolicy
- Description: Grants permission to associate an access policy with a specified multi region access point
- Access: Permissions management
- Resources:
  Name: multiregionaccesspoint
  
  Required: Yes
- Conditions:
  s3:DataAccessPointAccount
  
  s3:DataAccessPointArn
  
  s3:AccessPointNetworkOrigin
  
  aws:RequestedRegion
  
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureversion
  
  s3:signatureAge
  
  s3:TlsVersion

Resources

multiregionaccesspoint
- Arn: arn:${Partition}:s3::${Account}:accesspoint/${AccessPointName}
multiregionaccesspointrequestarn
- Arn: arn:${Partition}:s3:us-west-2:${Account}:async-request/mrap/${Operation}/${Token}

Conditions

aws:RequestedRegion
- Description: Requested region for the multi region access point operation
- Type: String

Updates

Actions

ListAccessPoints
- Read ⟶ List
ListAccessPointsForObjectLambda
- Read ⟶ List

Amazon S3 (s3)

Additions

Updates