AWS Control Tower (controltower)

2023-11-17

3 new actions, 3 new conditions | 1 updated action, 1 updated resource

Additions

    Actions
  • ListTagsForResource
    • Description:  Grants permission to list the tags for a resource
    • Access:  Read
    • Resources: 

      Name: EnabledControl

      Required: No

  • TagResource
    • Description:  Grants permission to add tags to a resource
    • Access:  Tagging
    • Resources: 

      Name: EnabledControl

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to remove tags from a resource
    • Access:  Tagging
    • Resources: 

      Name: EnabledControl

      Required: Yes

    • Conditions: 

      aws:TagKeys
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString

Updates

    Actions
  • EnableControl
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
      Dependents
    • + controltower:TagResource