AWS Migration Hub Refactor Spaces (refactor-spaces)

2021-12-04

23 new actions, 4 new resources, 8 new conditions

Additions

    Actions
  • CreateApplication
    • Description:  Grants permission to create an application within an environment
    • Access:  Write
    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateEnvironment
    • Description:  Grants permission to create an environment
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateRoute
    • Description:  Grants permission to create a route within an application
    • Access:  Write
    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:SourcePath

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateService
    • Description:  Grants permission to create a service within an application
    • Access:  Write
    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • DeleteApplication
    • Description:  Grants permission to delete an application from an environment
    • Access:  Write
    • Resources: 

      Name: application

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:ResourceTag/${TagKey}

  • DeleteEnvironment
    • Description:  Grants permission to delete an environment
    • Access:  Write
    • Resources: 

      Name: environment

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

  • DeleteResourcePolicy
    • Description:  Grants permission to delete a resource policy
    • Access:  Write
  • DeleteRoute
    • Description:  Grants permission to delete a route from an application
    • Access:  Write
    • Resources: 

      Name: route

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:SourcePath

      aws:ResourceTag/${TagKey}

  • DeleteService
    • Description:  Grants permission to delete a service from an application
    • Access:  Write
    • Resources: 

      Name: service

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:ResourceTag/${TagKey}

  • GetApplication
    • Description:  Grants permission to get more information about an application
    • Access:  Read
    • Resources: 

      Name: application

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:ResourceTag/${TagKey}

  • GetEnvironment
    • Description:  Grants permission to get more information for an environment
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

  • GetResourcePolicy
    • Description:  Grants permission to get the details about a resource policy
    • Access:  Read
  • GetRoute
    • Description:  Grants permission to get more information about a route
    • Access:  Read
    • Resources: 

      Name: route

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:SourcePath

      aws:ResourceTag/${TagKey}

  • GetService
    • Description:  Grants permission to get more information about a service
    • Access:  Read
    • Resources: 

      Name: service

      Required: Yes

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      aws:ResourceTag/${TagKey}

  • ListApplications
    • Description:  Grants permission to list all the applications in an environment
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

  • ListEnvironmentVpcs
    • Description:  Grants permission to list all the VPCs for the environment
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

  • ListEnvironments
    • Description:  Grants permission to list all environments
    • Access:  Read
  • ListRoutes
    • Description:  Grants permission to list all the routes in an application
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

  • ListServices
    • Description:  Grants permission to list all the services in an environment
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

  • ListTagsForResource
    • Description:  Grants permission to list all the tags for a given resource
    • Access:  Read
  • PutResourcePolicy
    • Description:  Grants permission to add a resource policy
    • Access:  Write
  • TagResource
    • Description:  Grants permission to tag a resource
    • Access:  Tagging
    • Resources: 

      Name: application

      Required: No

      Name: environment

      Required: No

      Name: route

      Required: No

      Name: service

      Required: No

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:SourcePath

      aws:TagKeys

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}

  • UntagResource
    • Description:  Grants permission to remove a tag from a resource
    • Access:  Tagging
    • Resources: 

      Name: application

      Required: No

      Name: environment

      Required: No

      Name: route

      Required: No

      Name: service

      Required: No

    • Conditions: 

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:SourcePath

      aws:TagKeys

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}

    Resources
  • environment
    • Arn:  arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • application
    • Arn:  arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

  • service
    • Arn:  arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/service/${ServiceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:ServiceCreatedByAccount

  • route
    • Arn:  arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/route/${RouteId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      refactor-spaces:ApplicationCreatedByAccount

      refactor-spaces:CreatedByAccountIds

      refactor-spaces:RouteCreatedByAccount

      refactor-spaces:ServiceCreatedByAccount

      refactor-spaces:SourcePath