Change log of AWS IAM permissions

2023-03-03

9 new actions

Actions

DeleteLandingZone
- Description: Grants permission to delete AWS Control Tower landing zone
- Access: Write
DescribeLandingZoneConfiguration
- Description: Grants permission to describe the current Landing Zone configuration
- Access: Read
DescribeRegisterOrganizationalUnitOperation
- Description: Grants permission to describe a Register Organizational Unit Operation
- Access: Read
GetAccountInfo
- Description: Grants permission to describe an account email and validate that it exists
- Access: Read
GetLandingZoneDriftStatus
- Description: Grants permission to get the current landing zone drift status
- Access: Read
ListDriftDetails
- Description: Grants permission to list occurrences of drift in AWS Control Tower
- Access: Read
ListExtendGovernancePrecheckDetails
- Description: Grants permission to list Precheck details for an Organizational Unit
- Access: List
ListExternalConfigRuleCompliance
- Description: Grants permission to list the compliance of external AWS Config rules
- Access: Read
PerformPreLaunchChecks
- Description: Grants permission to perform validations in an account
- Access: Read

AWS Control Tower (controltower)