Change log of AWS IAM permissions

2021-12-04

43 new actions, 6 new resources, 2 new conditions

Additions

Actions

AssociateVehicle
- Description: Grants permission to associate the given vehicle to a fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: vehicle
  
  Required: Yes
CreateCampaign
- Description: Grants permission to create a campaign
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: signalcatalog
  
  Required: Yes
  
  Name: vehicle
  
  Required: Yes
CreateDecoderManifest
- Description: Grants permission to create a decoder manifest for an existing model
- Access: Write
- Resources:
  Name: modelmanifest
  
  Required: Yes
CreateFleet
- Description: Grants permission to create a fleet
- Access: Write
- Resources:
  Name: signalcatalog
  
  Required: Yes
CreateModelManifest
- Description: Grants permission to create a model manifest definition
- Access: Write
- Resources:
  Name: signalcatalog
  
  Required: Yes
CreateSignalCatalog
- Description: Grants permission to create a signal catalog
- Access: Write
CreateVehicle
- Description: Grants permission to create a vehicle
- Access: Write
- Resources:
  Name: decodermanifest
  
  Required: Yes
  
  Name: modelmanifest
  
  Required: Yes
- Dependents:
  iot:CreateThing
  
  iot:DescribeThing
DeleteCampaign
- Description: Grants permission to delete a campaign
- Access: Write
- Resources:
  Name: campaign
  
  Required: Yes
DeleteDecoderManifest
- Description: Grants permission to delete the given decoder manifest
- Access: Write
- Resources:
  Name: decodermanifest
  
  Required: Yes
DeleteFleet
- Description: Grants permission to delete a fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
DeleteModelManifest
- Description: Grants permission to delete the given model manifest
- Access: Write
- Resources:
  Name: modelmanifest
  
  Required: Yes
DeleteSignalCatalog
- Description: Grants permission to delete a specific signal catalog
- Access: Write
- Resources:
  Name: signalcatalog
  
  Required: Yes
DeleteVehicle
- Description: Grants permission to delete a vehicle
- Access: Write
- Resources:
  Name: vehicle
  
  Required: Yes
DisassociateVehicle
- Description: Grants permission to disassociate a vehicle from an existing fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: vehicle
  
  Required: Yes
GetCampaign
- Description: Grants permission to get summary information for a given campaign
- Access: Read
- Resources:
  Name: campaign
  
  Required: Yes
GetDecoderManifest
- Description: Grants permission to get summary information for a given decoder manifest definition
- Access: Read
- Resources:
  Name: decodermanifest
  
  Required: Yes
GetFleet
- Description: Grants permission to get summary information for a fleet
- Access: Read
- Resources:
  Name: fleet
  
  Required: Yes
GetModelManifest
- Description: Grants permission to get summary information for a given model manifest definition
- Access: Read
- Resources:
  Name: modelmanifest
  
  Required: Yes
GetRegisterAccountStatus
- Description: Grants permission to get the account registration status with IoT FleetWise
- Access: Read
GetSignalCatalog
- Description: Grants permission to get summary information for a specific signal catalog
- Access: Read
- Resources:
  Name: signalcatalog
  
  Required: Yes
GetVehicle
- Description: Grants permission to get summary information for a vehicle
- Access: Read
- Resources:
  Name: vehicle
  
  Required: Yes
GetVehicleStatus
- Description: Grants permission to get the status of the campaigns running on a specific vehicle
- Access: Read
- Resources:
  Name: vehicle
  
  Required: Yes
ImportDecoderManifest
- Description: Grants permission to import an existing decoder manifest
- Access: Write
ImportSignalCatalog
- Description: Grants permission to create a signal catalog by importing existing definitions
- Access: Write
ListCampaigns
- Description: Grants permission to list campaigns
- Access: Read
ListDecoderManifestNetworkInterfaces
- Description: Grants permission to list network interfaces associated to the existing decoder manifest
- Access: List
- Resources:
  Name: decodermanifest
  
  Required: Yes
ListDecoderManifestSignals
- Description: Grants permission to list decoder manifest signals
- Access: List
- Resources:
  Name: decodermanifest
  
  Required: Yes
ListDecoderManifests
- Description: Grants permission to list all decoder manifests, with an optional filter on model manifest
- Access: Read
ListFleets
- Description: Grants permission to list all fleets
- Access: Read
ListFleetsForVehicle
- Description: Grants permission to list all the fleets that the given vehicle is associated with
- Access: Read
- Resources:
  Name: vehicle
  
  Required: Yes
ListModelManifestNodes
- Description: Grants permission to list all nodes for the given model manifest
- Access: List
- Resources:
  Name: modelmanifest
  
  Required: Yes
ListModelManifests
- Description: Grants permission to list all model manifests, with an optional filter on signal catalog
- Access: Read
ListSignalCatalogNodes
- Description: Grants permission to list all nodes for a given signal catalog
- Access: Read
- Resources:
  Name: signalcatalog
  
  Required: Yes
ListSignalCatalogs
- Description: Grants permission to list all signal catalogs
- Access: Read
ListVehicles
- Description: Grants permission to list all vehicles, with an optional filter on model manifest
- Access: Read
ListVehiclesInFleet
- Description: Grants permission to list vehicles in the given fleet
- Access: Read
- Resources:
  Name: fleet
  
  Required: Yes
RegisterAccount
- Description: Grants permission to register an AWS account to IoT FleetWise
- Access: Write
- Dependents:
  iam:PassRole
UpdateCampaign
- Description: Grants permission to update the given campaign
- Access: Write
- Resources:
  Name: campaign
  
  Required: Yes
UpdateDecoderManifest
- Description: Grants permission to update a decoder manifest defnition
- Access: Write
- Resources:
  Name: decodermanifest
  
  Required: Yes
UpdateFleet
- Description: Grants permission to update the fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
UpdateModelManifest
- Description: Grants permission to update the given model manifest definition
- Access: Write
- Resources:
  Name: modelmanifest
  
  Required: Yes
UpdateSignalCatalog
- Description: Grants permission to update a specific signal catalog definition
- Access: Write
- Resources:
  Name: signalcatalog
  
  Required: Yes
UpdateVehicle
- Description: Grants permission to update the vehicle
- Access: Write
- Resources:
  Name: vehicle
  
  Required: Yes
  
  Name: decodermanifest
  
  Required: No
  
  Name: modelmanifest
  
  Required: No
- Conditions:
  iotfleetwise:UpdateToModelManifestArn
  
  iotfleetwise:UpdateToDecoderManifestArn

Resources

campaign
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:campaign/${CampaignName}
decodermanifest
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:decoder-manifest/${Name}
fleet
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:fleet/${FleetId}
modelmanifest
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:model-manifest/${Name}
signalcatalog
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:signal-catalog/${Name}
vehicle
- Arn: arn:${Partition}:iotfleetwise:${Region}:${Account}:vehicle/${VehicleId}

Conditions

iotfleetwise:UpdateToDecoderManifestArn
- Description: Filters access by a list of IoT FleetWise Decoder Manifest ARNs
- Type: String
iotfleetwise:UpdateToModelManifestArn
- Description: Filters access by a list of IoT FleetWise Model Manifest ARNs
- Type: String

AWS IoT FleetWise (iotfleetwise)

Additions