Amazon Inspector2 (inspector2)

Additions

Actions

• AssociateMember
  
  • Description:  Grants permission to associate an account with an Amazon Inspector administrator account
  • Access:  Write
• BatchGetAccountStatus
  
  • Description:  Grants permission to retrieve information about Amazon Inspector accounts for an account
  • Access:  Read
• BatchGetFreeTrialInfo
  
  • Description:  Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account
  • Access:  Read
• CancelFindingsReport
  
  • Description:  Grants permission to cancel the generation of a findings report
  • Access:  Write
• CreateFilter
  
  • Description:  Grants permission to create and define the settings for a findings filter
  • Access:  Write
  • Resources: 

    Name: Filter

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateFindingsReport
  
  • Description:  Grants permission to request the generation of a findings report
  • Access:  Write
• DeleteFilter
  
  • Description:  Grants permission to delete a findings filter
  • Access:  Write
  • Resources: 

    Name: Filter

    Required: Yes

• DescribeOrganizationConfiguration
  
  • Description:  Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization
  • Access:  Read
• Disable
  
  • Description:  Grants permission to disable an Amazon Inspector account
  • Access:  Write
• DisableDelegatedAdminAccount
  
  • Description:  Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization
  • Access:  Write
• DisassociateMember
  
  • Description:  Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account
  • Access:  Write
• Enable
  
  • Description:  Grants permission to enable and specify the configuration settings for a new Amazon Inspector account
  • Access:  Write
• EnableDelegatedAdminAccount
  
  • Description:  Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization
  • Access:  Write
• GetDelegatedAdminAccount
  
  • Description:  Grants permission to retrieve information about the Amazon Inspector administrator account for an account
  • Access:  Read
• GetFindingsReportStatus
  
  • Description:  Grants permission to retrieve status for a requested findings report
  • Access:  Read
• GetMember
  
  • Description:  Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account
  • Access:  Read
• ListAccountPermissions
  
  • Description:  Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization
  • Access:  List
• ListCoverage
  
  • Description:  Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors
  • Access:  List
• ListCoverageStatistics
  
  • Description:  Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors
  • Access:  List
• ListDelegatedAdminAccounts
  
  • Description:  Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization
  • Access:  List
• ListFilters
  
  • Description:  Grants permission to retrieve information about all findings filters
  • Access:  List
• ListFindingAggregations
  
  • Description:  Grants permission to retrieve statistical data and other information about Amazon Inspector findings
  • Access:  List
• ListFindings
  
  • Description:  Grants permission to retrieve a subset of information about one or more findings
  • Access:  List
• ListMembers
  
  • Description:  Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account
  • Access:  List
• ListTagsForResource
  
  • Description:  Grants permission to retrieve the tags for an Amazon Inspector resource
  • Access:  Read
• ListUsageTotals
  
  • Description:  Grants permission to retrieve aggregated usage data for an account
  • Access:  List
• TagResource
  
  • Description:  Grants permission to add or update the tags for an Amazon Inspector resource
  • Access:  Tagging
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    aws:ResourceTag/${TagKey}

• UntagResource
  
  • Description:  Grants permission to remove tags from an Amazon Inspector resource
  • Access:  Tagging
  • Conditions: 

    aws:TagKeys

• UpdateFilter
  
  • Description:  Grants permission to update the settings for a findings filter
  • Access:  Write
  • Resources: 

    Name: Filter

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• UpdateOrganizationConfiguration
  
  • Description:  Grants permission to update Amazon Inspector configuration settings for an AWS organization
  • Access:  Write

Resources

• Filter
  
  • Arn:  arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/filter/${FilterId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• Finding
  
  • Arn:  arn:${Partition}:inspector2:${Region}:${Account}:finding/${FindingId}

Conditions

• aws:RequestTag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request
  • Type:  String
• aws:ResourceTag/${TagKey}
  
  • Description:  Filters access by tag key-value pairs attached to the resource
  • Type:  String
• aws:TagKeys
  
  • Description:  Filters access by the presence of tag keys in the request
  • Type:  String