AWS Resilience Hub (resiliencehub)

2021-11-12

39 new actions, 4 new resources, 3 new conditions

Additions

    Actions
  • AddDraftAppVersionResourceMappings
    • Description:  Grants permission to add draft application version resource mappings
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
    • Dependents: 

      cloudformation:DescribeStacks

      cloudformation:ListStackResources

      resource-groups:GetGroup

      resource-groups:ListGroupResources

      servicecatalog:GetApplication

      servicecatalog:ListAssociatedResources
  • CreateApp
    • Description:  Grants permission to create application
    • Access:  Write
    • Resources: 

      Name: resiliency-policy

      Required: No
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateRecommendationTemplate
    • Description:  Grants permission to create recommendation template
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      s3:CreateBucket

      s3:ListBucket

      s3:PutObject
  • CreateResiliencyPolicy
    • Description:  Grants permission to create resiliency policy
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • DeleteApp
    • Description:  Grants permission to batch delete application
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • DeleteAppAssessment
    • Description:  Grants permission to batch delete application assessment
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • DeleteRecommendationTemplate
    • Description:  Grants permission to batch delete recommendation template
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • DeleteResiliencyPolicy
    • Description:  Grants permission to batch delete resiliency policy
    • Access:  Write
    • Resources: 

      Name: resiliency-policy

      Required: Yes
  • DescribeApp
    • Description:  Grants permission to describe application
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes
  • DescribeAppAssessment
    • Description:  Grants permission to describe application assessment
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes
  • DescribeAppVersionResourcesResolutionStatus
    • Description:  Grants permission to describe application resolution
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes
  • DescribeAppVersionTemplate
    • Description:  Grants permission to describe application version template
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes
  • DescribeDraftAppVersionResourcesImportStatus
    • Description:  Grants permission to describe draft application version resources import status
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes
  • DescribeResiliencyPolicy
    • Description:  Grants permission to describe resiliency policy
    • Access:  Read
    • Resources: 

      Name: resiliency-policy

      Required: Yes
  • ImportResourcesToDraftAppVersion
    • Description:  Grants permission to import resources to draft application version
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
    • Dependents: 

      cloudformation:DescribeStacks

      cloudformation:ListStackResources

      resource-groups:GetGroup

      resource-groups:ListGroupResources

      servicecatalog:GetApplication

      servicecatalog:ListAssociatedResources
  • ListAlarmRecommendations
    • Description:  Grants permission to list alarm recommendation
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListAppAssessments
    • Description:  Grants permission to list application assessment
    • Access:  List
    • Resources: 

      Name: application

      Required: No
  • ListAppComponentCompliances
    • Description:  Grants permission to list app component compliances
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListAppComponentRecommendations
    • Description:  Grants permission to list app component recommendations
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListAppVersionResourceMappings
    • Description:  Grants permission to application version resource mappings
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListAppVersionResources
    • Description:  Grants permission to list application resources
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListAppVersions
    • Description:  Grants permission to list application version
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListApps
    • Description:  Grants permission to list applications
    • Access:  List
  • ListRecommendationTemplates
    • Description:  Grants permission to list recommendation templates
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListResiliencyPolicies
    • Description:  Grants permission to list resiliency policies
    • Access:  List
  • ListSopRecommendations
    • Description:  Grants permission to list SOP recommendations
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListSuggestedResiliencyPolicies
    • Description:  Grants permission to list suggested resiliency policies
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list tags for a resource
    • Access:  Read
  • ListTestRecommendations
    • Description:  Grants permission to list test recommendations
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • ListUnsupportedAppVersionResources
    • Description:  Grants permission to list unsupported application version resources
    • Access:  List
    • Resources: 

      Name: application

      Required: Yes
  • PublishAppVersion
    • Description:  Grants permission to publish application version
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • PutDraftAppVersionTemplate
    • Description:  Grants permission to put draft application version template
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • RemoveDraftAppVersionResourceMappings
    • Description:  Grants permission to remove draft application version mappings
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • ResolveAppVersionResources
    • Description:  Grants permission to resolve application version resources
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
    • Dependents: 

      cloudformation:DescribeStacks

      cloudformation:ListStackResources

      resource-groups:GetGroup

      resource-groups:ListGroupResources

      servicecatalog:GetApplication

      servicecatalog:ListAssociatedResources
  • StartAppAssessment
    • Description:  Grants permission to create application assessment
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      cloudformation:DescribeStacks

      cloudformation:ListStackResources

      cloudwatch:DescribeAlarms

      cloudwatch:GetMetricData

      cloudwatch:GetMetricStatistics

      cloudwatch:PutMetricData

      fis:GetExperimentTemplate

      fis:ListExperimentTemplates

      fis:ListExperiments

      resource-groups:GetGroup

      resource-groups:ListGroupResources

      servicecatalog:GetApplication

      servicecatalog:ListAssociatedResources

      ssm:GetParametersByPath
  • TagResource
    • Description:  Grants permission to assign a resource tag
    • Access:  Tagging
    • Resources: 

      Name: app-assessment

      Required: No

      Name: application

      Required: No

      Name: recommendation-template

      Required: No

      Name: resiliency-policy

      Required: No
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to untag a resource
    • Access:  Tagging
    • Resources: 

      Name: app-assessment

      Required: No

      Name: application

      Required: No

      Name: recommendation-template

      Required: No

      Name: resiliency-policy

      Required: No
    • Conditions: 

      aws:TagKeys
  • UpdateApp
    • Description:  Grants permission to update application
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes
  • UpdateResiliencyPolicy
    • Description:  Grants permission to update resiliency policy
    • Access:  Write
    • Resources: 

      Name: resiliency-policy

      Required: Yes
    Resources
  • resiliency-policy
    • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:resiliency-policy/${ResiliencyPolicyID}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • application
    • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:app/${AppID}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • app-assessment
    • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:app-assessment/${AppAssessmentID}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • recommendation-template
    • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:recommendation-template/${RecommendationTemplateID}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the presence of tag key-value pairs in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by tag key-value pairs attached to the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString