Amazon Inspector2 (inspector2)

2021-11-18

30 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • AssociateMember
    • Description:  Grants permission to associate an account with an Amazon Inspector administrator account
    • Access:  Write
  • BatchGetAccountStatus
    • Description:  Grants permission to retrieve information about Amazon Inspector accounts for an account
    • Access:  Read
  • BatchGetFreeTrialInfo
    • Description:  Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account
    • Access:  Read
  • CancelFindingsReport
    • Description:  Grants permission to cancel the generation of a findings report
    • Access:  Write
  • CreateFilter
    • Description:  Grants permission to create and define the settings for a findings filter
    • Access:  Write
    • Resources: 

      Name: Filter

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateFindingsReport
    • Description:  Grants permission to request the generation of a findings report
    • Access:  Write
  • DeleteFilter
    • Description:  Grants permission to delete a findings filter
    • Access:  Write
    • Resources: 

      Name: Filter

      Required: Yes

  • DescribeOrganizationConfiguration
    • Description:  Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization
    • Access:  Read
  • Disable
    • Description:  Grants permission to disable an Amazon Inspector account
    • Access:  Write
  • DisableDelegatedAdminAccount
    • Description:  Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization
    • Access:  Write
  • DisassociateMember
    • Description:  Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account
    • Access:  Write
  • Enable
    • Description:  Grants permission to enable and specify the configuration settings for a new Amazon Inspector account
    • Access:  Write
  • EnableDelegatedAdminAccount
    • Description:  Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization
    • Access:  Write
  • GetDelegatedAdminAccount
    • Description:  Grants permission to retrieve information about the Amazon Inspector administrator account for an account
    • Access:  Read
  • GetFindingsReportStatus
    • Description:  Grants permission to retrieve status for a requested findings report
    • Access:  Read
  • GetMember
    • Description:  Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account
    • Access:  Read
  • ListAccountPermissions
    • Description:  Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization
    • Access:  List
  • ListCoverage
    • Description:  Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors
    • Access:  List
  • ListCoverageStatistics
    • Description:  Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors
    • Access:  List
  • ListDelegatedAdminAccounts
    • Description:  Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization
    • Access:  List
  • ListFilters
    • Description:  Grants permission to retrieve information about all findings filters
    • Access:  List
  • ListFindingAggregations
    • Description:  Grants permission to retrieve statistical data and other information about Amazon Inspector findings
    • Access:  List
  • ListFindings
    • Description:  Grants permission to retrieve a subset of information about one or more findings
    • Access:  List
  • ListMembers
    • Description:  Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to retrieve the tags for an Amazon Inspector resource
    • Access:  Read
  • ListUsageTotals
    • Description:  Grants permission to retrieve aggregated usage data for an account
    • Access:  List
  • TagResource
    • Description:  Grants permission to add or update the tags for an Amazon Inspector resource
    • Access:  Tagging
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      aws:ResourceTag/${TagKey}

  • UntagResource
    • Description:  Grants permission to remove tags from an Amazon Inspector resource
    • Access:  Tagging
    • Conditions: 

      aws:TagKeys

  • UpdateFilter
    • Description:  Grants permission to update the settings for a findings filter
    • Access:  Write
    • Resources: 

      Name: Filter

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • UpdateOrganizationConfiguration
    • Description:  Grants permission to update Amazon Inspector configuration settings for an AWS organization
    • Access:  Write
    Resources
  • Filter
    • Arn:  arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/filter/${FilterId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • Finding
    • Arn:  arn:${Partition}:inspector2:${Region}:${Account}:finding/${FindingId}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the presence of tag key-value pairs in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by tag key-value pairs attached to the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the presence of tag keys in the request
    • Type:  String