Amazon DataZone (datazone)

2023-09-28

113 new actions, 1 new resource, 3 new conditions | 3 updated actions

Additions

    Actions
  • AcceptPredictions
    • Description:  Grants permission to accept prediction
    • Access:  Write
  • CreateAsset
    • Description:  Grants permission to create asset
    • Access:  Write
  • CreateAssetType
    • Description:  Grants permission to create an asset type
    • Access:  Write
  • CreateDataSource
    • Description:  Grants permission to create a new DataSource
    • Access:  Write
  • CreateDomain
    • Description:  Grants permission to provision a domain which is a top level entity that contains other Amazon DataZone resources
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateEnvironment
    • Description:  Grants permission to create a collection of configurated resources used to publish and subscribe to data
    • Access:  Write
  • CreateEnvironmentBlueprint
    • Description:  Grants permission to create a custom Environment Blueprint that allow user to add Environments to their Project
    • Access:  Write
  • CreateEnvironmentProfile
    • Description:  Grants permission to create a template from a Blueprint that can be used to create a Environment
    • Access:  Write
  • CreateFormType
    • Description:  Grants permission to create a form type or a new revision of it
    • Access:  Write
  • CreateGlossary
    • Description:  Grants permission to create a business glossary
    • Access:  Write
  • CreateGlossaryTerm
    • Description:  Grants permission to create a glossary term
    • Access:  Write
  • CreateGroupProfile
    • Description:  Grants permission to create a DataZone group profile for an IAM Identity Center group
    • Access:  Write
  • CreateListingChangeSet
    • Description:  Grants permission to create listing change set
    • Access:  Write
  • CreateProject
    • Description:  Grants permission to create a Project to enable your team to publish and subscribe to data
    • Access:  Write
  • CreateProjectMembership
    • Description:  Grants permission to add a user to a Project
    • Access:  Write
  • CreateSubscriptionGrant
    • Description:  Grants permission to create a grant for an approved subscription on a subscription target
    • Access:  Write
  • CreateSubscriptionRequest
    • Description:  Grants permission to create a subscription request for a Data Asset
    • Access:  Write
  • CreateSubscriptionTarget
    • Description:  Grants permission to create a subscription target for a Environment in the project
    • Access:  Write
  • CreateUserProfile
    • Description:  Grants permission to create a user profile for an existing user in the customers IAM Identity Center
    • Access:  Write
  • DeleteAsset
    • Description:  Grants permission to delete an asset
    • Access:  Write
  • DeleteAssetType
    • Description:  Grants permission to delete an asset type
    • Access:  Write
  • DeleteDataSource
    • Description:  Grants permission to update existing DataSource
    • Access:  Write
  • DeleteDomain
    • Description:  Grants permission to delete a provisioned domain
    • Access:  Write
    • Resources: 

      Name: domain

      Required: Yes

  • DeleteDomainSharingPolicy
    • Description:  Grants permission to delete a resource policy for a DataZone Domain
    • Access:  Permissions management
  • DeleteEnvironment
    • Description:  Grants permission to Delete Environment
    • Access:  Write
  • DeleteEnvironmentBlueprint
    • Description:  Grants permission to delete Environment Blueprint
    • Access:  Write
  • DeleteEnvironmentBlueprintConfiguration
    • Description:  Grants permission to delete environment blueprint configuration
    • Access:  Write
  • DeleteEnvironmentProfile
    • Description:  Grants permission to delete Environment Profile
    • Access:  Write
  • DeleteFormType
    • Description:  Grants permission to delete a form type
    • Access:  Write
  • DeleteGlossary
    • Description:  Grants permission to delete a business glossary
    • Access:  Write
  • DeleteGlossaryTerm
    • Description:  Grants permission to delete a glossary term
    • Access:  Write
  • DeleteListing
    • Description:  Grants permission to delete listing
    • Access:  Write
  • DeleteProject
    • Description:  Grants permission to delete a Project that enables your team to publish and subscribe to data
    • Access:  Write
  • DeleteProjectMembership
    • Description:  Grants permission to remove a user from a project
    • Access:  Write
  • DeleteSubscriptionGrant
    • Description:  Grants permission to delete a subscription grant from a subscription target
    • Access:  Write
  • DeleteSubscriptionRequest
    • Description:  Grants permission to delete a pending subscription request for a Data Asset
    • Access:  Write
  • DeleteSubscriptionTarget
    • Description:  Grants permission to delete a subscription target from a Environment in the project
    • Access:  Write
  • GetAsset
    • Description:  Grants permission to retrieve an asset
    • Access:  Read
  • GetAssetType
    • Description:  Grants permission to get an asset type
    • Access:  Read
  • GetDataSource
    • Description:  Grants permission to Get a existing DataSource in Amazon DataZone using its identifier
    • Access:  Read
  • GetDataSourceRun
    • Description:  Grants permission to get DataSource run job in Amazon DataZone using it's identifier
    • Access:  Read
  • GetDomain
    • Description:  Grants permission to retrieve information about a domain
    • Access:  Read
    • Resources: 

      Name: domain

      Required: Yes

  • GetDomainSharingPolicy
    • Description:  Grants permission to retrieve a resource policy for a DataZone Domain
    • Access:  Read
  • GetEnvironment
    • Description:  Grants permission to get Environment details
    • Access:  Read
  • GetEnvironmentActionLink
    • Description:  Grants permission to get environment action link
    • Access:  Read
  • GetEnvironmentBlueprint
    • Description:  Grants permission to get Environment Blueprint details
    • Access:  Read
  • GetEnvironmentBlueprintConfiguration
    • Description:  Grants permission to get environment blueprint configuration
    • Access:  Read
  • GetEnvironmentCredentials
    • Description:  Grants permission to get short term credentials that assume the Environment user role
    • Access:  Read
  • GetEnvironmentProfile
    • Description:  Grants permission to get Environment Profile details
    • Access:  Read
  • GetFormType
    • Description:  Grants permission to get a form type
    • Access:  Read
  • GetGlossary
    • Description:  Grants permission to get a business glossary
    • Access:  Read
  • GetGlossaryTerm
    • Description:  Grants permission to get a glossary term
    • Access:  Read
  • GetGroupProfile
    • Description:  Grants permission to retrieve an existing DataZone group profile
    • Access:  Read
  • GetIamPortalLoginUrl
    • Description:  Grants permission to an IAM principal to log into the DataZone Portal
    • Access:  Permissions management
  • GetListing
    • Description:  Grants permission to get listing
    • Access:  Read
  • GetSubscription
    • Description:  Grants permission to retrieve a subscription
    • Access:  Read
  • GetSubscriptionEligibility
    • Description:  Grants permission to get subscription eligibilty
    • Access:  Read
  • GetSubscriptionGrant
    • Description:  Grants permission to retireve a subscription grant
    • Access:  Read
  • GetSubscriptionRequestDetails
    • Description:  Grants permission to reject a subscription request for a Data Asset
    • Access:  Read
  • GetSubscriptionTarget
    • Description:  Grants permission to retireve details of subscription target
    • Access:  Read
  • GetUserProfile
    • Description:  Grants permission to retrieve a user profile for an existing user in the DataZone Domain
    • Access:  Read
  • ListAccountEnvironments
    • Description:  Grants permission to list Environments across all domains in an AWS Account
    • Access:  List
  • ListAssetRevisions
    • Description:  Grants permission to list revisions of an asset
    • Access:  List
  • ListDataSourceRunActivities
    • Description:  Grants permission to list DataSource runs job's activities on Asset
    • Access:  List
  • ListDataSourceRuns
    • Description:  Grants permission to list DataSource runs job
    • Access:  List
  • ListDataSources
    • Description:  Grants permission to list existing DataSources
    • Access:  List
  • ListDomains
    • Description:  Grants permission to retrieve all domains
    • Access:  List
  • ListEnvironmentBlueprintConfigurations
    • Description:  Grants permission to list environment blueprint configurations
    • Access:  List
  • ListEnvironmentBlueprints
    • Description:  Grants permission to list Domain for Environment Blueprints
    • Access:  List
  • ListEnvironmentProfiles
    • Description:  Grants permission to list Domain for Environment Profiles
    • Access:  List
  • ListEnvironments
    • Description:  Grants permission to show Environments in the Domain
    • Access:  List
  • ListGroupsForUser
    • Description:  Grants permission to list all the DataZone group profiles that the DataZone user profile is a member of
    • Access:  List
  • ListNotifications
    • Description:  Grants permission to list notifications and events for a datazone user
    • Access:  List
  • ListProjectMemberships
    • Description:  Grants permission to list Project Members
    • Access:  List
  • ListSubscriptionGrants
    • Description:  Grants permission to List subscription grants for a subscribed principal
    • Access:  List
  • ListSubscriptionRequests
    • Description:  Grants permission to list subscription requests
    • Access:  List
  • ListSubscriptionTargets
    • Description:  Grants permission to list subscription targets
    • Access:  List
  • ListSubscriptions
    • Description:  Grants permission to list subscriptions
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to retrieve all tags associated with a resource
    • Access:  Read
    • Resources: 

      Name: domain

      Required: No

  • ListWarehouseMetadata
    • Description:  Grants permission to list available Manager Secrets
    • Access:  List
  • ProvisionDomain
    • Description:  Grants permission to provision domain with default project setup
    • Access:  Write
  • PutDomainSharingPolicy
    • Description:  Grants permission to add a resource policy for a DataZone Domain
    • Access:  Permissions management
  • PutEnvironmentBlueprintConfiguration
    • Description:  Grants permission to put environment blueprint configuration
    • Access:  Write
  • RefreshToken
    • Description:  Grants permission to refresh token
    • Access:  Write
  • RejectPredictions
    • Description:  Grants permission to reject prediction
    • Access:  Write
  • RejectSubscriptionRequest
    • Description:  Grants permission to reject a subscription request for a Data Asset
    • Access:  Write
  • RevokeSubscription
    • Description:  Grants permission to revoke a subscription
    • Access:  Write
  • Search
    • Description:  Grants permission to search datazone entities
    • Access:  List
  • SearchGroupProfiles
    • Description:  Grants permission to search DataZone group profiles and IAM Identity Center groups
    • Access:  List
  • SearchListings
    • Description:  Grants permission to search listings
    • Access:  List
  • SearchTypes
    • Description:  Grants permission to search types such asset types and form types in a domain
    • Access:  List
  • SearchUserProfiles
    • Description:  Grants permission to search DataZone user profiles, IAM Identity Center users, and DataZone IAM principal profiles
    • Access:  List
  • SsoLogin
    • Description:  Grants permission to login using SSO
    • Access:  Write
  • SsoLogout
    • Description:  Grants permission to logout as SSO user
    • Access:  Write
  • StartDataSourceRun
    • Description:  Grants permission to start a DataSource run job
    • Access:  Write
  • TagResource
    • Description:  Grants permission to add or update tags to a resource
    • Access:  Tagging
    • Resources: 

      Name: domain

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • UntagResource
    • Description:  Grants permission to remove tags associated with a resource
    • Access:  Tagging
    • Resources: 

      Name: domain

      Required: Yes

    • Conditions: 

      aws:TagKeys

  • UpdateDataSource
    • Description:  Grants permission to update existing DataSource
    • Access:  Write
  • UpdateDomain
    • Description:  Grants permission to update information for a domain
    • Access:  Write
    • Resources: 

      Name: domain

      Required: Yes

  • UpdateEnvironment
    • Description:  Grants permission to update Environment settings
    • Access:  Write
  • UpdateEnvironmentBlueprint
    • Description:  Grants permission to update Environment Blueprint settings
    • Access:  Write
  • UpdateEnvironmentConfiguration
    • Description:  Grants permission to update environment configuration
    • Access:  Write
  • UpdateEnvironmentDeploymentStatus
    • Description:  Grants permission to update status of the Environment deployment
    • Access:  Write
  • UpdateEnvironmentProfile
    • Description:  Grants permission to update EnvironmentProfile configuration
    • Access:  Write
  • UpdateGlossary
    • Description:  Grants permission to update a business glossary
    • Access:  Write
  • UpdateGlossaryTerm
    • Description:  Grants permission to update a glossary term
    • Access:  Write
  • UpdateGroupProfile
    • Description:  Grants permission to update a DataZone group profile
    • Access:  Write
  • UpdateProject
    • Description:  Grants permission to update a Project that enables your team to publish and subscribe to data
    • Access:  Write
  • UpdateSubscriptionGrantStatus
    • Description:  Grants permission to update a subscription grant status for custom grants
    • Access:  Write
  • UpdateSubscriptionRequest
    • Description:  Grants permission to update business reason for subscription request for a Data Asset
    • Access:  Write
  • UpdateSubscriptionTarget
    • Description:  Grants permission to update a subscription target
    • Access:  Write
  • UpdateUserProfile
    • Description:  Grants permission to update a DataZone user profile
    • Access:  Write
  • ValidatePassRole
    • Description:  Grants permission to validate pass role
    • Access:  Write
    Resources
  • domain
    • Arn:  arn:${Partition}:datazone:${Region}:${Account}:domain/${DomainId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString

Updates

    Actions
  • AcceptSubscriptionRequest
      Description
    • Old: Grants permission to retrieve configuration information for an Amazon DataZone project
      New: Grants permission to approve a subscription request for a Data Asset
      Access
    • Read  ⟶  Write
  • CreateAssetRevision
      Description
    • Old: Grants permission to retrieve all Amazon DataZone projects for a user
      New: Grants permission to create new revision of an asset
      Access
    • List  ⟶  Write
  • CancelSubscription
      Description
    • Old: Grants permission to retrieve credentials for an Amazon DataZone project
      New: Grants permission to revoke or unsubscribe an approved subscription to Data Asset
      Access
    • Read  ⟶  Write