Change log of AWS IAM permissions

2021-12-04

44 new actions, 5 new resources, 3 new conditions

Additions

Actions

AssociateBrowserSettings
- Description: Grants permission to associate browser settings to web portals
- Access: Write
- Resources:
  Name: browserSettings
  
  Required: Yes
  
  Name: portal
  
  Required: Yes
AssociateNetworkSettings
- Description: Grants permission to associate network settings to web portals
- Access: Write
- Resources:
  Name: networkSettings
  
  Required: Yes
  
  Name: portal
  
  Required: Yes
- Dependents:
  ec2:CreateNetworkInterface
  
  ec2:CreateNetworkInterfacePermission
  
  ec2:CreateTags
  
  ec2:DeleteNetworkInterface
  
  ec2:DeleteNetworkInterfacePermission
  
  ec2:ModifyNetworkInterfaceAttribute
AssociateTrustStore
- Description: Grants permission to associate trust stores with web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
  
  Name: trustStore
  
  Required: Yes
AssociateUserSettings
- Description: Grants permission to associate user settings with web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
  
  Name: userSettings
  
  Required: Yes
CreateBrowserSettings
- Description: Grants permission to create browser settings
- Access: Write
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
- Dependents:
  kms:CreateGrant
  
  kms:Decrypt
  
  kms:DescribeKey
  
  kms:GenerateDataKey
CreateIdentityProvider
- Description: Grants permission to create identity providers
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
CreateNetworkSettings
- Description: Grants permission to create network settings
- Access: Write
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
CreatePortal
- Description: Grants permission to create web portals
- Access: Write
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
- Dependents:
  iam:CreateServiceLinkedRole
  
  kms:CreateGrant
  
  kms:Decrypt
  
  kms:DescribeKey
  
  kms:GenerateDataKey
CreateTrustStore
- Description: Grants permission to create trust stores
- Access: Write
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
CreateUserSettings
- Description: Grants permission to create user settings
- Access: Write
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
DeleteBrowserSettings
- Description: Grants permission to delete browser settings
- Access: Write
- Resources:
  Name: browserSettings
  
  Required: Yes
DeleteIdentityProvider
- Description: Grants permission to delete identity providers
- Access: Write
DeleteNetworkSettings
- Description: Grants permission to delete network settings
- Access: Write
- Resources:
  Name: networkSettings
  
  Required: Yes
DeletePortal
- Description: Grants permission to delete web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
DeleteTrustStore
- Description: Grants permission to delete trust stores
- Access: Write
- Resources:
  Name: trustStore
  
  Required: Yes
DeleteUserSettings
- Description: Grants permission to delete user settings
- Access: Write
- Resources:
  Name: userSettings
  
  Required: Yes
DisassociateBrowserSettings
- Description: Grants permission to disassociate browser settings from web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
DisassociateNetworkSettings
- Description: Grants permission to disassociate network settings from web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
DisassociateTrustStore
- Description: Grants permission to disassociate trust stores from web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
DisassociateUserSettings
- Description: Grants permission to disassociate user settings from web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
GetBrowserSettings
- Description: Grants permission to get details on browser settings
- Access: Read
- Resources:
  Name: browserSettings
  
  Required: Yes
GetIdentityProvider
- Description: Grants permission to get details on identity providers
- Access: Read
GetNetworkSettings
- Description: Grants permission to get details on network settings
- Access: Read
- Resources:
  Name: networkSettings
  
  Required: Yes
GetPortal
- Description: Grants permission to get details on web portals
- Access: Read
- Resources:
  Name: portal
  
  Required: Yes
GetPortalServiceProviderMetadata
- Description: Grants permission to get service provider metadata information for web portals
- Access: Read
- Resources:
  Name: portal
  
  Required: Yes
GetTrustStore
- Description: Grants permission to get details on trust stores
- Access: Read
- Resources:
  Name: trustStore
  
  Required: Yes
GetTrustStoreCertificate
- Description: Grants permission to get certificates from trust stores
- Access: Read
- Resources:
  Name: trustStore
  
  Required: Yes
GetUserSettings
- Description: Grants permission to get details on user settings
- Access: Read
- Resources:
  Name: userSettings
  
  Required: Yes
ListBrowserSettings
- Description: Grants permission to list browser settings
- Access: Read
ListIdentityProviders
- Description: Grants permission to list identity providers
- Access: Read
ListNetworkSettings
- Description: Grants permission to list network settings
- Access: Read
ListPortals
- Description: Grants permission to list web portals
- Access: Read
ListTagsForResource
- Description: Grants permission to list tags for a resource
- Access: Read
ListTrustStoreCertificates
- Description: Grants permission to list certificates in a trust store
- Access: Read
ListTrustStores
- Description: Grants permission to list trust stores
- Access: Read
ListUserSettings
- Description: Grants permission to list user settings
- Access: Read
TagResource
- Description: Grants permission to add one or more tags to a resource
- Access: Tagging
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
UntagResource
- Description: Grants permission to remove one or more tags from a resource
- Access: Tagging
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
UpdateBrowserSettings
- Description: Grants permission to update browser settings
- Access: Write
- Resources:
  Name: browserSettings
  
  Required: Yes
UpdateIdentityProvider
- Description: Grants permission to update identity provider
- Access: Write
UpdateNetworkSettings
- Description: Grants permission to update network settings
- Access: Write
- Resources:
  Name: networkSettings
  
  Required: Yes
UpdatePortal
- Description: Grants permission to update web portals
- Access: Write
- Resources:
  Name: portal
  
  Required: Yes
UpdateTrustStore
- Description: Grants permission to update trust stores
- Access: Write
- Resources:
  Name: trustStore
  
  Required: Yes
UpdateUserSettings
- Description: Grants permission to update user settings
- Access: Write
- Resources:
  Name: userSettings
  
  Required: Yes

Resources

browserSettings
- Arn: arn:${Partition}:workspaces-web:${Region}:${Account}:browserSettings/${BrowserSettingsId}
- Conditions:
  aws:ResourceTag/${TagKey}
networkSettings
- Arn: arn:${Partition}:workspaces-web:${Region}:${Account}:networkSettings/${NetworkSettingsId}
- Conditions:
  aws:ResourceTag/${TagKey}
portal
- Arn: arn:${Partition}:workspaces-web:${Region}:${Account}:portal/${PortalId}
- Conditions:
  aws:ResourceTag/${TagKey}
trustStore
- Arn: arn:${Partition}:workspaces-web:${Region}:${Account}:trustStore/${TrustStoreId}
- Conditions:
  aws:ResourceTag/${TagKey}
userSettings
- Arn: arn:${Partition}:workspaces-web:${Region}:${Account}:userSettings/${UserSettingsId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the tags that are passed in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by the tags associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys that are passed in the request
- Type: String

Amazon WorkSpaces Secure Browser (workspaces-web)

Additions