Amazon OpenSearch Serverless (aoss)

2022-12-03

31 new actions, 1 new resource, 6 new conditions

Additions

    Actions
  • BatchGetCollection
    • Description:  Grants permission to get attributes for one or more collections
    • Access:  Read
  • BatchGetVpcEndpoint
    • Description:  Grants permission to get attributes for one or more VPC endpoints
    • Access:  Read
  • CreateAccessPolicy
    • Description:  Grants permission to create a data access policy
    • Access:  Write
  • CreateCollection
    • Description:  Grants permission to create a serverless collection
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateSecurityConfig
    • Description:  Grants permission to create a serverless security configuration
    • Access:  Write
  • CreateSecurityPolicy
    • Description:  Grants permission to create a network or encryption policy
    • Access:  Write
  • CreateVpcEndpoint
    • Description:  Grants permission to create an OpenSearch-Serverless-managed interface VPC endpoint
    • Access:  Write
  • DeleteAccessPolicy
    • Description:  Grants permission to delete a data access policy
    • Access:  Write
  • DeleteCollection
    • Description:  Grants permission to delete a serverless collection
    • Access:  Write
    • Resources: 

      Name: Collection

      Required: Yes

  • DeleteSecurityConfig
    • Description:  Grants permission to delete a security configuration
    • Access:  Write
  • DeleteSecurityPolicy
    • Description:  Grants permission to delete a security policy
    • Access:  Write
  • DeleteVpcEndpoint
    • Description:  Grants permission to delete an OpenSearch Serverless-managed interface VPC endpoint
    • Access:  Write
  • GetAccessPolicy
    • Description:  Grants permission to get information about a data access policy
    • Access:  Read
  • GetAccountSettings
    • Description:  Grants permission to get account settings, including capacity settings
    • Access:  Read
  • GetPoliciesStats
    • Description:  Grants permission to get statistis about the security policies in your account
    • Access:  Read
  • GetSecurityConfig
    • Description:  Grants permission to get information about a serverless security configuration
    • Access:  Read
  • GetSecurityPolicy
    • Description:  Grants permission to get information about a security policy
    • Access:  Read
  • ListAccessPolicies
    • Description:  Grants permission to list data access policies
    • Access:  List
  • ListCollections
    • Description:  Grants permission to list collections
    • Access:  List
  • ListSecurityConfigs
    • Description:  Grants permission to list security configurations
    • Access:  List
  • ListSecurityPolicies
    • Description:  Grants permission to list security policies
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list tags for a collection
    • Access:  List
  • ListVpcEndpoints
    • Description:  Grants permission to list OpenSearch Serverless-managed VPC endpoints
    • Access:  List
  • TagResource
    • Description:  Grants permission to tag a serverless collection
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to remove tags from a collection
    • Access:  Write
    • Conditions: 

      aws:TagKeys
  • UpdateAccessPolicy
    • Description:  Grants permission to update a data access policy
    • Access:  Write
  • UpdateAccountSettings
    • Description:  Grants permission to update account settings, including capacity settings
    • Access:  Write
  • UpdateCollection
    • Description:  Grants permission to update a collection
    • Access:  Write
    • Resources: 

      Name: Collection

      Required: Yes

  • UpdateSecurityConfig
    • Description:  Grants permission to update a security configuration
    • Access:  Write
  • UpdateSecurityPolicy
    • Description:  Grants permission to update a security policy
    • Access:  Write
  • UpdateVpcEndpoint
    • Description:  Grants permission to update an OpenSearch Serverless-managed VPC endpoint
    • Access:  Write
    Resources
  • Collection
    • Arn:  arn:${Partition}:aoss:${Region}:${Account}:collection/${CollectionId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aoss:CollectionId
    • Description:  Filters access by the identifier of the collection
    • Type:  String
  • aoss:collection
    • Description:  Filters access by the collection name
    • Type:  String
  • aoss:index
    • Description:  Filters access by the index
    • Type:  String
  • aws:RequestTag/${TagKey}
    • Description:  Filters access based on the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access based on the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access based on the tag keys that are passed in the request
    • Type:  ArrayOfString