Change log of AWS IAM permissions

2022-01-11

11 new actions, 1 new resource, 3 new conditions | 3 updated actions

Actions

CancelQuery
- Description: Grants permission to cancel a running query
- Access: Write
CreateEventDataStore
- Description: Grants permission to create an event data store
- Access: Write
- Resources:
  Name: eventdatastore
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteEventDataStore
- Description: Grants permission to delete an event data store
- Access: Write
- Resources:
  Name: eventdatastore
  
  Required: Yes
DescribeQuery
- Description: Grants permission to list details for the query
- Access: Read
GetEventDataStore
- Description: Grants permission to list settings for the event data store
- Access: Read
GetQueryResults
- Description: Grants permission to fetch results of a complete query
- Access: Read
ListEventDataStores
- Description: Grants permission to list event data stores associated with the current region for your account
- Access: List
ListQueries
- Description: Grants permission to list queries associated with an event data store
- Access: List
RestoreEventDataStore
- Description: Grants permission to restore an event data store
- Access: Write
- Resources:
  Name: eventdatastore
  
  Required: Yes
StartQuery
- Description: Grants permission to start a new query on a specified event data store
- Access: Write
UpdateEventDataStore
- Description: Grants permission to update an event data store
- Access: Write
- Resources:
  Name: eventdatastore
  
  Required: Yes

Resources

eventdatastore
- Arn: arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by value associated with the resource
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by value associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by value associated with the resource
- Type: String

Actions

AWS CloudTrail (cloudtrail)