Change log of AWS IAM permissions

2021-10-01

20 new actions, 1 new resource | 3 updated actions, 1 updated resource

Additions

Actions

CreateAlertManagerAlerts
- Description: Grants permission to create alerts
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateAlertManagerDefinition
- Description: Grants permission to create an alert manager definition
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateRuleGroupsNamespace
- Description: Grants permission to create a rule groups namespace
- Access: Write
- Resources:
  Name: rulegroupsnamespace
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteAlertManagerDefinition
- Description: Grants permission to delete an alert manager definition
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteAlertManagerSilence
- Description: Grants permission to delete a silence
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteRuleGroupsNamespace
- Description: Grants permission to delete a rule groups namespace
- Access: Write
- Resources:
  Name: rulegroupsnamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DescribeAlertManagerDefinition
- Description: Grants permission to describe an alert manager definition
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DescribeRuleGroupsNamespace
- Description: Grants permission to describe a rule groups namespace
- Access: Read
- Resources:
  Name: rulegroupsnamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetAlertManagerSilence
- Description: Grants permission to get a silence
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetAlertManagerStatus
- Description: Grants permission to get current status of an alertmanager
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListAlertManagerAlertGroups
- Description: Grants permission to list groups
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListAlertManagerAlerts
- Description: Grants permission to list alerts
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListAlertManagerReceivers
- Description: Grants permission to list receivers
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListAlertManagerSilences
- Description: Grants permission to list silences
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListAlerts
- Description: Grants permission to list active alerts
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListRuleGroupsNamespaces
- Description: Grants permission to list rule groups namespaces
- Access: List
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListRules
- Description: Grants permission to list alerting and recording rules
- Access: Read
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
PutAlertManagerDefinition
- Description: Grants permission to update an alert manager definition
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
PutAlertManagerSilences
- Description: Grants permission to create or update a silence
- Access: Write
- Resources:
  Name: workspace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
PutRuleGroupsNamespace
- Description: Grants permission to update a rule groups namespace
- Access: Write
- Resources:
  Name: rulegroupsnamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}

Resources

rulegroupsnamespace
- Arn: arn:${Partition}:aps:${Region}:${Account}:rulegroupsnamespace/${WorkspaceId}/${Namespace}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys

Updates

Actions

ListTagsForResource
- New_value: No
  
  Old_value: Yes
- ＋ rulegroupsnamespace
TagResource
- New_value: No
  
  Old_value: Yes
- ＋ rulegroupsnamespace
UntagResource
- New_value: No
  
  Old_value: Yes
- ＋ rulegroupsnamespace

Resources

workspace
- Old: arn:${Partition}:aps:${Region}:${Account}:workspace/${ResourceId}
  New: arn:${Partition}:aps:${Region}:${Account}:workspace/${WorkspaceId}

Amazon Managed Service for Prometheus (aps)

Additions

Updates