AWS Mainframe Modernization Service (m2)

2022-06-10

32 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • CancelBatchJobExecution
    • Description:  Grants permission to cancel the execution of a batch job
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • CreateApplication
    • Description:  Grants permission to create an application
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      s3:GetObject

      s3:ListBucket
  • CreateDataSetImportTask
    • Description:  Grants permission to create a data set import task
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      s3:GetObject
  • CreateDeployment
    • Description:  Grants permission to create a deployment
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

      Name: Environment

      Required: No

    • Dependents: 

      elasticloadbalancing:CreateListener

      elasticloadbalancing:CreateTargetGroup

      elasticloadbalancing:RegisterTargets
  • CreateEnvironment
    • Description:  Grants permission to Create an environment
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      ec2:CreateNetworkInterface

      ec2:CreateNetworkInterfacePermission

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSecurityGroups

      ec2:DescribeSubnets

      ec2:DescribeVpcAttribute

      ec2:DescribeVpcs

      ec2:ModifyNetworkInterfaceAttribute

      elasticfilesystem:DescribeMountTargets

      elasticloadbalancing:CreateLoadBalancer

      fsx:DescribeFileSystems

      iam:CreateServiceLinkedRole
  • DeleteApplication
    • Description:  Grants permission to delete an application
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      elasticloadbalancing:DeleteListener

      elasticloadbalancing:DeleteTargetGroup
  • DeleteApplicationFromEnvironment
    • Description:  Grants permission to delete an application from a runtime environment
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      elasticloadbalancing:DeleteListener

      elasticloadbalancing:DeleteTargetGroup
  • DeleteEnvironment
    • Description:  Grants permission to delete a runtime environment
    • Access:  Write
    • Resources: 

      Name: Environment

      Required: Yes

    • Dependents: 

      elasticloadbalancing:DeleteLoadBalancer
  • GetApplication
    • Description:  Grants permission to retrieve an application
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetApplicationVersion
    • Description:  Grants permission to retrieve an application version
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetBatchJobExecution
    • Description:  Grants permission to retrieve a batch job execution
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetDataSetDetails
    • Description:  Grants permission to retrieve data set details
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetDataSetImportTask
    • Description:  Grants permission to retrieve a data set import task
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetDeployment
    • Description:  Grants permission to retrieve a deployment
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • GetEnvironment
    • Description:  Grants permission to retrieve a runtime environment
    • Access:  Read
    • Resources: 

      Name: Environment

      Required: Yes

  • ListApplicationVersions
    • Description:  Grants permission to list the versions of an application
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListApplications
    • Description:  Grants permission to list applications
    • Access:  List
    • Resources: 

      Name: Environment

      Required: No

  • ListBatchJobDefinitions
    • Description:  Grants permission to list batch job definitions
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListBatchJobExecutions
    • Description:  Grants permission to list executions for a batch job
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListDataSetImportHistory
    • Description:  Grants permission to list data set import history
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListDataSets
    • Description:  Grants permission to list data sets
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListDeployments
    • Description:  Grants permission to list deployments
    • Access:  Read
    • Resources: 

      Name: Application

      Required: Yes

  • ListEngineVersions
    • Description:  Grants permission to list engine versions
    • Access:  Read
  • ListEnvironments
    • Description:  Grants permission to list runtime environments
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list tags for a resource
    • Access:  Read
  • StartApplication
    • Description:  Grants permission to start an application
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • StartBatchJob
    • Description:  Grants permission to start a batch job
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • StopApplication
    • Description:  Grants permission to stop an application
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

  • TagResource
    • Description:  Grants permission to tag a resource
    • Access:  Tagging
    • Resources: 

      Name: Application

      Required: No

      Name: Environment

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to untag a resource
    • Access:  Tagging
    • Resources: 

      Name: Application

      Required: No

      Name: Environment

      Required: No

    • Conditions: 

      aws:TagKeys
  • UpdateApplication
    • Description:  Grants permission to update an application
    • Access:  Write
    • Resources: 

      Name: Application

      Required: Yes

    • Dependents: 

      s3:GetObject

      s3:ListBucket
  • UpdateEnvironment
    • Description:  Grants permission to update a runtime environment
    • Access:  Write
    • Resources: 

      Name: Environment

      Required: Yes

    Resources
  • Application
    • Arn:  arn:${Partition}:m2:${Region}:${Account}:app/${ApplicationId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • Environment
    • Arn:  arn:${Partition}:m2:${Region}:${Account}:env/${EnvironmentId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by a tag key and value pair that is allowed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by a tag key and value pair of a resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by a list of tag keys that are allowed in the request
    • Type:  ArrayOfString