AWS Systems Manager for SAP (ssm-sap)

2022-11-17

20 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • BackupDatabase
    • Description:  Grants permission to perform backup operation on a specified database
    • Access:  Write
  • DeleteResourcePermission
    • Description:  Grants permission to delete the SSM for SAP level resource permissions associated with a SSM for SAP database resource
    • Access:  Write
  • DeregisterApplication
    • Description:  Grants permission to deregister an SAP application with SSM for SAP
    • Access:  Write
  • GetApplication
    • Description:  Grants permission to access information about an application registered with SSM for SAP by providing the application ID or application ARN
    • Access:  Read
  • GetComponent
    • Description:  Grants permission to access information about a component registered with SSM for SAP by providing the application ID and component ID
    • Access:  Read
  • GetDatabase
    • Description:  Grants permission to access information about a database registered with SSM for SAP by providing the application ID, component ID, and database ID
    • Access:  Read
  • GetOperation
    • Description:  Grants permission to access information about an operation by providing its operation ID
    • Access:  Read
  • GetResourcePermission
    • Description:  Grants permission to get the SSM for SAP level resource permissions associated with a SSM for SAP database resource
    • Access:  Read
  • ListApplications
    • Description:  Grants permission to retrieve a list of all applications registered with SSM for SAP under the customer AWS account
    • Access:  List
  • ListComponents
    • Description:  Grants permission to retrieve a list of all components in the account of customer, or a specific application
    • Access:  List
  • ListDatabases
    • Description:  Grants permission to retrieve a list of all databases in the account of customer, or a specific application
    • Access:  List
  • ListOperations
    • Description:  Grants permission to retrieve a list of all operations in the account of customer, additional filters can be applied
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list the tags on a specified resource ARN
    • Access:  Read
  • PutResourcePermission
    • Description:  Grants permission to add the SSM for SAP level resource permissions associated with a SSM for SAP database resource
    • Access:  Write
  • RegisterApplication
    • Description:  Grants permission to registers an SAP application with SSM for SAP
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • RestoreDatabase
    • Description:  Grants permission to restore a database from another database
    • Access:  Write
  • TagResource
    • Description:  Grants permission to tag a specified resource ARN
    • Access:  Tagging
    • Resources: 

      Name: application

      Required: No

      Name: database

      Required: No

    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}

  • UntagResource
    • Description:  Grants permission to remove tags from a specified resource ARN
    • Access:  Tagging
    • Resources: 

      Name: application

      Required: No

      Name: database

      Required: No

    • Conditions: 

      aws:TagKeys

  • UpdateApplicationSettings
    • Description:  Grants permission to update settings of a registered SSM for SAP application
    • Access:  Write
  • UpdateHANABackupSettings
    • Description:  Grants permission to update the HANA backup settings of a specified database
    • Access:  Write
    Resources
  • application
    • Arn:  arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • database
    • Arn:  arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}/DB/${DatabaseId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString