AWS Control Tower
(controltower)
IAM Changes
Services
AWS Control Tower
2023-11-17
2023-11-17
3 new actions, 3 new conditions | 1 updated action, 1 updated resource
Additions
Actions
ListTagsForResource
Description:
Grants permission to list the tags for a resource
Access:
Read
Resources:
Name: EnabledControl
Required: No
TagResource
Description:
Grants permission to add tags to a resource
Access:
Tagging
Resources:
Name: EnabledControl
Required: Yes
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
UntagResource
Description:
Grants permission to remove tags from a resource
Access:
Tagging
Resources:
Name: EnabledControl
Required: Yes
Conditions:
aws:TagKeys
Conditions
aws:RequestTag/${TagKey}
Description:
Filters access by the tags that are passed in the request
Type:
String
aws:ResourceTag/${TagKey}
Description:
Filters access by the tags associated with the resource
Type:
String
aws:TagKeys
Description:
Filters access by the tag keys that are passed in the request
Type:
ArrayOfString
Updates
Actions
EnableControl
Conditions
+ aws:RequestTag/${TagKey}
+ aws:TagKeys
Dependents
+ controltower:TagResource
Resources
EnabledControl
Conditions
+ aws:ResourceTag/${TagKey}