Amazon Managed Streaming for Apache Kafka (kafka)

2023-04-29

9 new actions, 1 new resource, 1 new condition | 3 updated actions

Additions

    Actions
  • CreateVpcConnection
    • Description:  Grants permission to create a MSK VPC connection
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      ec2:CreateTags

      ec2:CreateVpcEndpoint

      ec2:DescribeSecurityGroups

      ec2:DescribeSubnets

      ec2:DescribeVpcAttribute

      ec2:DescribeVpcEndpoints

      ec2:DescribeVpcs

      iam:AttachRolePolicy

      iam:CreateServiceLinkedRole

      iam:PutRolePolicy
  • DeleteClusterPolicy
    • Description:  Grants permission to delete a cluster resource-based policy
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

  • DeleteVpcConnection
    • Description:  Grants permission to delete a MSK VPC connection
    • Access:  Write
    • Resources: 

      Name: vpc-connection

      Required: Yes

    • Dependents: 

      ec2:DeleteVpcEndpoints

      ec2:DescribeVpcEndpoints
  • DescribeVpcConnection
    • Description:  Grants permission to describe a MSK VPC connection
    • Access:  Read
    • Resources: 

      Name: vpc-connection

      Required: Yes

  • GetClusterPolicy
    • Description:  Grants permission to describe a cluster resource-based policy
    • Access:  Read
    • Resources: 

      Name: cluster

      Required: Yes

  • ListClientVpcConnections
    • Description:  Grants permission to list all MSK VPC connections created for a cluster
    • Access:  List
    • Resources: 

      Name: cluster

      Required: Yes

  • ListVpcConnections
    • Description:  Grants permission to list all MSK VPC connections that this account uses
    • Access:  List
  • PutClusterPolicy
    • Description:  Grants permission to create or update the resource-based policy for a cluster
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

  • RejectClientVpcConnection
    • Description:  Grants permission to reject a MSK VPC connection
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

    Resources
  • vpc-connection
    • Arn:  arn:${Partition}:kafka:${Region}:${VpcOwnerAccount}:vpc-connection/${ClusterOwnerAccount}/${ClusterName}/${Uuid}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • kafka:publicAccessEnabled
    • Description:  Filters access by the presence of public access enabled in the request
    • Type:  Bool

Updates

    Actions
  • TagResource
      Resources

    • New_value: No

      Old_value: Yes

    • + vpc-connection
  • UntagResource
      Resources

    • New_value: No

      Old_value: Yes

    • + vpc-connection
  • UpdateConnectivity
      Conditions
    • + kafka:publicAccessEnabled