AWS Resilience Hub (resiliencehub)

Additions

Actions

• AddDraftAppVersionResourceMappings
  
  • Description:  Grants permission to add draft application version resource mappings
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

  • Dependents: 

    cloudformation:DescribeStacks

    cloudformation:ListStackResources

    resource-groups:GetGroup

    resource-groups:ListGroupResources

    servicecatalog:GetApplication

    servicecatalog:ListAssociatedResources

• CreateApp
  
  • Description:  Grants permission to create application
  • Access:  Write
  • Resources: 

    Name: resiliency-policy

    Required: No

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateRecommendationTemplate
  
  • Description:  Grants permission to create recommendation template
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    s3:CreateBucket

    s3:ListBucket

    s3:PutObject

• CreateResiliencyPolicy
  
  • Description:  Grants permission to create resiliency policy
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• DeleteApp
  
  • Description:  Grants permission to batch delete application
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• DeleteAppAssessment
  
  • Description:  Grants permission to batch delete application assessment
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• DeleteRecommendationTemplate
  
  • Description:  Grants permission to batch delete recommendation template
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• DeleteResiliencyPolicy
  
  • Description:  Grants permission to batch delete resiliency policy
  • Access:  Write
  • Resources: 

    Name: resiliency-policy

    Required: Yes

• DescribeApp
  
  • Description:  Grants permission to describe application
  • Access:  Read
  • Resources: 

    Name: application

    Required: Yes

• DescribeAppAssessment
  
  • Description:  Grants permission to describe application assessment
  • Access:  Read
  • Resources: 

    Name: application

    Required: Yes

• DescribeAppVersionResourcesResolutionStatus
  
  • Description:  Grants permission to describe application resolution
  • Access:  Read
  • Resources: 

    Name: application

    Required: Yes

• DescribeAppVersionTemplate
  
  • Description:  Grants permission to describe application version template
  • Access:  Read
  • Resources: 

    Name: application

    Required: Yes

• DescribeDraftAppVersionResourcesImportStatus
  
  • Description:  Grants permission to describe draft application version resources import status
  • Access:  Read
  • Resources: 

    Name: application

    Required: Yes

• DescribeResiliencyPolicy
  
  • Description:  Grants permission to describe resiliency policy
  • Access:  Read
  • Resources: 

    Name: resiliency-policy

    Required: Yes

• ImportResourcesToDraftAppVersion
  
  • Description:  Grants permission to import resources to draft application version
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

  • Dependents: 

    cloudformation:DescribeStacks

    cloudformation:ListStackResources

    resource-groups:GetGroup

    resource-groups:ListGroupResources

    servicecatalog:GetApplication

    servicecatalog:ListAssociatedResources

• ListAlarmRecommendations
  
  • Description:  Grants permission to list alarm recommendation
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListAppAssessments
  
  • Description:  Grants permission to list application assessment
  • Access:  List
  • Resources: 

    Name: application

    Required: No

• ListAppComponentCompliances
  
  • Description:  Grants permission to list app component compliances
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListAppComponentRecommendations
  
  • Description:  Grants permission to list app component recommendations
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListAppVersionResourceMappings
  
  • Description:  Grants permission to application version resource mappings
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListAppVersionResources
  
  • Description:  Grants permission to list application resources
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListAppVersions
  
  • Description:  Grants permission to list application version
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListApps
  
  • Description:  Grants permission to list applications
  • Access:  List
• ListRecommendationTemplates
  
  • Description:  Grants permission to list recommendation templates
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListResiliencyPolicies
  
  • Description:  Grants permission to list resiliency policies
  • Access:  List
• ListSopRecommendations
  
  • Description:  Grants permission to list SOP recommendations
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListSuggestedResiliencyPolicies
  
  • Description:  Grants permission to list suggested resiliency policies
  • Access:  List
• ListTagsForResource
  
  • Description:  Grants permission to list tags for a resource
  • Access:  Read
• ListTestRecommendations
  
  • Description:  Grants permission to list test recommendations
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• ListUnsupportedAppVersionResources
  
  • Description:  Grants permission to list unsupported application version resources
  • Access:  List
  • Resources: 

    Name: application

    Required: Yes

• PublishAppVersion
  
  • Description:  Grants permission to publish application version
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• PutDraftAppVersionTemplate
  
  • Description:  Grants permission to put draft application version template
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• RemoveDraftAppVersionResourceMappings
  
  • Description:  Grants permission to remove draft application version mappings
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• ResolveAppVersionResources
  
  • Description:  Grants permission to resolve application version resources
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

  • Dependents: 

    cloudformation:DescribeStacks

    cloudformation:ListStackResources

    resource-groups:GetGroup

    resource-groups:ListGroupResources

    servicecatalog:GetApplication

    servicecatalog:ListAssociatedResources

• StartAppAssessment
  
  • Description:  Grants permission to create application assessment
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    cloudformation:DescribeStacks

    cloudformation:ListStackResources

    cloudwatch:DescribeAlarms

    cloudwatch:GetMetricData

    cloudwatch:GetMetricStatistics

    cloudwatch:PutMetricData

    fis:GetExperimentTemplate

    fis:ListExperimentTemplates

    fis:ListExperiments

    resource-groups:GetGroup

    resource-groups:ListGroupResources

    servicecatalog:GetApplication

    servicecatalog:ListAssociatedResources

    ssm:GetParametersByPath

• TagResource
  
  • Description:  Grants permission to assign a resource tag
  • Access:  Tagging
  • Resources: 

    Name: app-assessment

    Required: No

    Name: application

    Required: No

    Name: recommendation-template

    Required: No

    Name: resiliency-policy

    Required: No

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• UntagResource
  
  • Description:  Grants permission to untag a resource
  • Access:  Tagging
  • Resources: 

    Name: app-assessment

    Required: No

    Name: application

    Required: No

    Name: recommendation-template

    Required: No

    Name: resiliency-policy

    Required: No

  • Conditions: 

    aws:TagKeys

• UpdateApp
  
  • Description:  Grants permission to update application
  • Access:  Write
  • Resources: 

    Name: application

    Required: Yes

• UpdateResiliencyPolicy
  
  • Description:  Grants permission to update resiliency policy
  • Access:  Write
  • Resources: 

    Name: resiliency-policy

    Required: Yes

Resources

• resiliency-policy
  
  • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:resiliency-policy/${ResiliencyPolicyID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• application
  
  • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:app/${AppID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• app-assessment
  
  • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:app-assessment/${AppAssessmentID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• recommendation-template
  
  • Arn:  arn:${Partition}:resiliencehub:${Region}:${Account}:recommendation-template/${RecommendationTemplateID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Conditions

• aws:RequestTag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request
  • Type:  String
• aws:ResourceTag/${TagKey}
  
  • Description:  Filters access by tag key-value pairs attached to the resource
  • Type:  String
• aws:TagKeys
  
  • Description:  Filters access by the tag keys that are passed in the request
  • Type:  ArrayOfString