Change log of AWS IAM permissions

2022-07-08

26 new actions, 4 new resources, 3 new conditions

Additions

Actions

CreateProfile
- Description: Grants permission to create a profile
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateTrustAnchor
- Description: Grants permission to create a trust anchor
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteCrl
- Description: Grants permission to delete a certificate revocation list (crl)
- Access: Write
DeleteProfile
- Description: Grants permission to delete a profile
- Access: Write
DeleteTrustAnchor
- Description: Grants permission to delete a trust anchor
- Access: Write
DisableCrl
- Description: Grants permission to disable a certificate revocation list (crl)
- Access: Write
DisableProfile
- Description: Grants permission to disable a profile
- Access: Write
DisableTrustAnchor
- Description: Grants permission to disable a trust anchor
- Access: Write
EnableCrl
- Description: Grants permission to enable a certificate revocation list (crl)
- Access: Write
EnableProfile
- Description: Grants permission to enable a profile
- Access: Write
EnableTrustAnchor
- Description: Grants permission to enable a trust anchor
- Access: Write
GetCrl
- Description: Grants permission to get a certificate revocation list (crl)
- Access: Read
GetProfile
- Description: Grants permission to get a profile
- Access: Read
GetSubject
- Description: Grants permission to get a subject
- Access: Read
GetTrustAnchor
- Description: Grants permission to get a trust anchor
- Access: Read
ImportCrl
- Description: Grants permission to import a certificate revocation list (crl)
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
ListCrls
- Description: Grants permission to list certificate revocation lists (crls)
- Access: List
ListProfiles
- Description: Grants permission to list profiles
- Access: List
ListSubjects
- Description: Grants permission to list subjects
- Access: List
ListTagsForResource
- Description: Grants permission to list tags for a resource
- Access: List
ListTrustAnchors
- Description: Grants permission to list trust anchors
- Access: List
TagResource
- Description: Grants permission to tag a resource
- Access: Tagging
- Resources:
  Name: crl
  
  Required: No
  
  Name: profile
  
  Required: No
  
  Name: subject
  
  Required: No
  
  Name: trust-anchor
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to untag a resource
- Access: Tagging
- Resources:
  Name: crl
  
  Required: No
  
  Name: profile
  
  Required: No
  
  Name: subject
  
  Required: No
  
  Name: trust-anchor
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UpdateCrl
- Description: Grants permission to update a certificate revocation list (crl)
- Access: Write
UpdateProfile
- Description: Grants permission to update a profile
- Access: Write
UpdateTrustAnchor
- Description: Grants permission to update a trust anchor
- Access: Write

Resources

trust-anchor
- Arn: arn:${Partition}:rolesanywhere::${Account}:trust-anchor/${TrustAnchorId}
- Conditions:
  aws:ResourceTag/${TagKey}
profile
- Arn: arn:${Partition}:rolesanywhere::${Account}:profile/${ProfileId}
- Conditions:
  aws:ResourceTag/${TagKey}
subject
- Arn: arn:${Partition}:rolesanywhere::${Account}:subject/${SubjectId}
- Conditions:
  aws:ResourceTag/${TagKey}
crl
- Arn: arn:${Partition}:rolesanywhere::${Account}:crl/${CrlId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the tags that are passed in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by the tags associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys that are passed in the request
- Type: ArrayOfString

AWS Identity and Access Management Roles Anywhere (rolesanywhere)

Additions