Change log of AWS IAM permissions

2022-09-02

15 new actions, 7 new resources | 4 updated actions

Additions

Actions

CreateGroup
- Description: Grants permission to create a group in the specified IdentityStore
- Access: Write
- Resources:
  Name: Identitystore
  
  Required: Yes
CreateGroupMembership
- Description: Grants permission to create a member to a group in the specified IdentityStore
- Access: Write
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
CreateUser
- Description: Grants permission to create a user in the specified IdentityStore
- Access: Write
- Resources:
  Name: Identitystore
  
  Required: Yes
DeleteGroup
- Description: Grants permission to delete a group in the specified IdentityStore
- Access: Write
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
DeleteGroupMembership
- Description: Grants permission to remove a member that is part of a group in the specified IdentityStore
- Access: Write
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: GroupMembership
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
DeleteUser
- Description: Grants permission to delete a user in the specified IdentityStore
- Access: Write
- Resources:
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
DescribeGroupMembership
- Description: Grants permission to retrieve information about a member that is part of a group in the specified IdentityStore
- Access: Read
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: GroupMembership
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
GetGroupId
- Description: Grants permission to retrieve ID information about group in the specified IdentityStore
- Access: Read
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
GetGroupMembershipId
- Description: Grants permission to retrieve ID information of a member which is part of a group in the specified IdentityStore
- Access: Read
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: GroupMembership
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
GetUserId
- Description: Grants permission to retrieves ID information about user in the specified IdentityStore
- Access: Read
- Resources:
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
IsMemberInGroups
- Description: Grants permission to check if a member is a part of groups in the specified IdentityStore
- Access: Read
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: GroupMembership/
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
ListGroupMemberships
- Description: Grants permission to retrieve all members that are part of a group in the specified IdentityStore
- Access: List
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: GroupMembership/
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
ListGroupMembershipsForMember
- Description: Grants permission to list groups of the target member in the specified IdentityStore
- Access: List
- Resources:
  Name: GroupMembership/
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes
UpdateGroup
- Description: Grants permission to update information about a group in the specified IdentityStore
- Access: Write
- Resources:
  Name: Group
  
  Required: Yes
  
  Name: Identitystore
  
  Required: Yes
UpdateUser
- Description: Grants permission to update user information in the specified IdentityStore
- Access: Write
- Resources:
  Name: Identitystore
  
  Required: Yes
  
  Name: User
  
  Required: Yes

Resources

Identitystore
- Arn: arn:${Partition}:identitystore::${Account}:identitystore/${IdentityStoreId}
User
- Arn: arn:${Partition}:identitystore:::user/${UserId}
Group
- Arn: arn:${Partition}:identitystore:::group/${GroupId}
GroupMembership
- Arn: arn:${Partition}:identitystore:::membership/${MembershipId}
User/*
- Arn: arn:${Partition}:identitystore:::user/*
Group/*
- Arn: arn:${Partition}:identitystore:::group/*
GroupMembership/*
- Arn: arn:${Partition}:identitystore:::membership/*

Updates

Actions

DescribeGroup
- ＋ Group
- ＋ Identitystore
DescribeUser
- ＋ Identitystore
- ＋ User
ListGroups
- ＋ Group/
- ＋ Identitystore
ListUsers
- ＋ Identitystore
- ＋ User/

AWS Identity Store (identitystore)

Additions

Updates