Change log of AWS IAM permissions

2021-12-04

9 new actions, 2 new resources, 1 new condition | 8 updated actions

Additions

Actions

CreateDataRepositoryAssociation
- Description: Grants permission to create a new data respository association for an Amazon FSx for Lustre file system
- Access: Write
- Resources:
  Name: association
  
  Required: Yes
  
  Name: file-system
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  fsx:TagResource
CreateSnapshot
- Description: Grants permission to create a new snapshot on a volume
- Access: Write
- Resources:
  Name: snapshot
  
  Required: Yes
  
  Name: volume
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  fsx:TagResource
DeleteDataRepositoryAssociation
- Description: Grants permission to delete a data repository association
- Access: Write
- Resources:
  Name: association
  
  Required: Yes
DeleteSnapshot
- Description: Grants permission to delete a snapshot on a volume
- Access: Write
- Resources:
  Name: snapshot
  
  Required: Yes
DescribeDataRepositoryAssociations
- Description: Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling
- Access: Read
DescribeSnapshots
- Description: Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling
- Access: Read
RestoreVolumeFromSnapshot
- Description: Grants permission to restore volume state from a snapshot
- Access: Write
- Resources:
  Name: snapshot
  
  Required: Yes
  
  Name: volume
  
  Required: Yes
UpdateDataRepositoryAssociation
- Description: Grants permission to update data repository association configuration
- Access: Write
- Resources:
  Name: association
  
  Required: Yes
UpdateSnapshot
- Description: Grants permission to update snapshot configuration
- Access: Write
- Resources:
  Name: snapshot
  
  Required: Yes

Resources

association
- Arn: arn:${Partition}:fsx:${Region}:${Account}:association/${DataRepositoryAssociationId}
- Conditions:
  aws:ResourceTag/${TagKey}
snapshot
- Arn: arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

fsx:ParentVolumeId
- Description: Filters access by the containing parent volume for mutating volume operations
- Type: String

Updates

Actions

UpdateVolume
- ＋ fsx:ParentVolumeId
- － aws:TagKeys
CreateVolume
- ＋ snapshot
- ＋ fsx:ParentVolumeId
DeleteVolume
- ＋ fsx:ParentVolumeId
ListTagsForResource
- ＋ association
- ＋ snapshot
TagResource
- ＋ association
- ＋ snapshot
UntagResource
- ＋ association
- ＋ snapshot
DeleteStorageVirtualMachine
- － aws:TagKeys
UpdateStorageVirtualMachine
- － aws:TagKeys

Amazon FSx (fsx)

Additions

Updates