2023-05-19
7 new actions | 23 updated actions, 1 updated resource | 2 removed conditions
Additions
Actions
-
AssociateVerifiedAccessInstanceWebAcl
-
Description:
Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance
-
Access:
Write
-
Resources:
Name: verified-access-instance
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
DescribeVerifiedAccessInstanceWebAclAssociations
-
Description:
Grants permission to describe the AWS Web Application Firewall (WAF) web access control list (ACL) associations for a Verified Access instance
-
Access:
List
-
Conditions:
ec2:Region
-
DisassociateVerifiedAccessInstanceWebAcl
-
Description:
Grants permission to disassociate an AWS Web Application Firewall (WAF) web access control list (ACL) from a Verified Access instance
-
Access:
Write
-
Resources:
Name: verified-access-instance
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetVerifiedAccessInstanceWebAcl
-
Description:
Grants permission to show the AWS Web Application Firewall (WAF) web access control list (ACL) for a Verified Access instance
-
Access:
List
-
Resources:
Name: verified-access-instance
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetVpnTunnelReplacementStatus
-
Description:
Grants permission to view available tunnel endpoint maintenance events
-
Access:
List
-
Resources:
Name: vpn-connection
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
ImportByoipCidrToIpam
-
Description:
Grants permission to transfer existing BYOIP IPv4 CIDRs to IPAM
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
ReplaceVpnTunnel
-
Description:
Grants permission to replace a VPN tunnel
-
Access:
Write
-
Resources:
Name: vpn-connection
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
Deletions
Conditions
-
ec2:DomainCertificateArn
-
Description:
Filters access by the ARN of an Amazon Certificate Manager certificate
-
Type:
ARN
-
ec2:LoadBalancerArn
-
Description:
Filters access by the ARN of an Elastic Load Balancer
-
Type:
ARN