Change log of AWS IAM permissions

2021-11-25

18 new actions, 3 new resources, 3 new conditions

Additions

Actions

AssociateGatewayToServer
- Description: Grants permission to AssociateGatewayToServer
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
  
  Name: hypervisor
  
  Required: Yes
Backup
- Description: Grants permission to Backup
- Access: Write
- Resources:
  Name: virtualmachine
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateGateway
- Description: Grants permission to to CreateGateway
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteGateway
- Description: Grants permission to DeleteGateway
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
DeleteHypervisor
- Description: Grants permission to DeleteHypervisor
- Access: Write
- Resources:
  Name: hypervisor
  
  Required: Yes
DisassociateGatewayFromServer
- Description: Grants permission to DisassociateGatewayFromServer
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
ImportHypervisorConfiguration
- Description: Grants permission to ImportHypervisorConfiguration
- Access: Write
- Resources:
  Name: hypervisor
  
  Required: No
ListGateways
- Description: Grants permission to ListGateways
- Access: Read
ListHypervisors
- Description: Grants permission to ListHypervisors
- Access: Read
ListTagsForResource
- Description: Grants permission to ListTagsForResource
- Access: Read
- Resources:
  Name: gateway
  
  Required: No
  
  Name: hypervisor
  
  Required: No
  
  Name: virtualmachine
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
ListVirtualMachines
- Description: Grants permission to ListVirtualMachines
- Access: Read
PutMaintenanceStartTime
- Description: Grants permission to PutMaintenanceStartTime
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
Restore
- Description: Grants permission to Restore
- Access: Write
- Resources:
  Name: hypervisor
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
TagResource
- Description: Grants permission to TagResource
- Access: Tagging
- Resources:
  Name: gateway
  
  Required: No
  
  Name: hypervisor
  
  Required: No
  
  Name: virtualmachine
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
TestHypervisorConfiguration
- Description: Grants permission to TestHypervisorConfiguration
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
UntagResource
- Description: Grants permission to UntagResource
- Access: Tagging
- Resources:
  Name: gateway
  
  Required: No
  
  Name: hypervisor
  
  Required: No
  
  Name: virtualmachine
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UpdateGatewayInformation
- Description: Grants permission to UpdateGatewayInformation
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes
UpdateHypervisor
- Description: Grants permission to UpdateHypervisor
- Access: Write
- Resources:
  Name: gateway
  
  Required: Yes

Resources

gateway
- Arn: arn:${Partition}:backup-gateway::${Account}:gateway/${GatewayId}
- Conditions:
  aws:ResourceTag/${TagKey}
hypervisor
- Arn: arn:${Partition}:backup-gateway::${Account}:hypervisor/${HypervisorId}
- Conditions:
  aws:ResourceTag/${TagKey}
virtualmachine
- Arn: arn:${Partition}:backup-gateway::${Account}:vm/${VirtualmachineId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the allowed set of values for each of the tags
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by tag-value associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by the presence of mandatory tags in the request
- Type: String

AWS Backup Gateway (backup-gateway)

Additions