Change log of AWS IAM permissions

2022-03-25

12 new actions, 2 new resources

Additions

Actions

CreateSyncFilter
- Description: Grants permission to create a sync filter on the sync profile
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
CreateSyncProfile
- Description: Grants permission to create a sync profile for the source
- Access: Write
- Dependents:
  ds:AuthorizeApplication
CreateSyncTarget
- Description: Grants permission to create a sync target for the source
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
DeleteSyncFilter
- Description: Grants permission to delete a sync filter on the sync profile
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
DeleteSyncProfile
- Description: Grants permission to delete a sync profile on the source
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
- Dependents:
  ds:UnauthorizeApplication
DeleteSyncTarget
- Description: Grants permission to delete a sync target on the source
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
  
  Name: SyncTargetResource
  
  Required: Yes
GetSyncProfile
- Description: Grants permission to retrieve a sync profile using sync profile name
- Access: Read
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
GetSyncTarget
- Description: Grants permission to retrieve a sync target on the sync profile
- Access: Read
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
  
  Name: SyncTargetResource
  
  Required: Yes
ListSyncFilters
- Description: Grants permission to list the sync filters on the sync profile
- Access: List
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
StartSync
- Description: Grants permission to start a synchronization process or to restart a synchronization that was previously stopped
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
StopSync
- Description: Grants permission to stop any planned synchronizations in the synchronization schedule from starting
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
UpdateSyncTarget
- Description: Grants permission to update a sync target on the sync profile
- Access: Write
- Resources:
  Name: SyncProfileResource
  
  Required: Yes
  
  Name: SyncTargetResource
  
  Required: Yes

Resources

SyncProfileResource
- Arn: ^arn:${Partition}:identity-sync:${Region}:${Account}:profile/${SyncProfileName}
SyncTargetResource
- Arn: ^arn:${Partition}:identity-sync:${Region}:${Account}:target/${SyncProfileName}/${SyncTargetName}

AWS Identity Sync (identity-sync)

Additions