Change log of AWS IAM permissions

2023-12-02

10 new actions, 2 new resources, 3 new conditions | 4 updated actions

Additions

Actions

CopyServerlessCacheSnapshot
- Description: Grants permission to make a copy of an existing serverless cache snapshot
- Access: Write
- Resources:
  Name: serverlesscachesnapshot
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  elasticache:KmsKeyId
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  elasticache:AddTagsToResource
CreateServerlessCache
- Description: Grants permission to create a serverless cache
- Access: Write
- Resources:
  Name: serverlesscache
  
  Required: Yes
  
  Name: serverlesscachesnapshot
  
  Required: No
  
  Name: snapshot
  
  Required: No
  
  Name: usergroup
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  elasticache:EngineType
  
  elasticache:EngineVersion
  
  elasticache:SnapshotRetentionLimit
  
  elasticache:KmsKeyId
  
  elasticache:MaximumDataStorage
  
  elasticache:DataStorageUnit
  
  elasticache:MaximumECPUPerSecond
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  ec2:CreateTags
  
  ec2:CreateVpcEndpoint
  
  ec2:DeleteVpcEndpoints
  
  ec2:DescribeSecurityGroups
  
  ec2:DescribeSubnets
  
  ec2:DescribeTags
  
  ec2:DescribeVpcEndpoints
  
  ec2:DescribeVpcs
  
  elasticache:AddTagsToResource
  
  s3:GetObject
CreateServerlessCacheSnapshot
- Description: Grants permission to create a copy of a serverless cache at a specific moment in time
- Access: Write
- Resources:
  Name: serverlesscache
  
  Required: Yes
  
  Name: serverlesscachesnapshot
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  elasticache:KmsKeyId
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  elasticache:AddTagsToResource
DeleteServerlessCache
- Description: Grants permission to delete a serverless cache
- Access: Write
- Resources:
  Name: serverlesscache
  
  Required: Yes
  
  Name: serverlesscachesnapshot
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
- Dependents:
  ec2:DescribeTags
DeleteServerlessCacheSnapshot
- Description: Grants permission to delete a serverless cache snapshot
- Access: Write
- Resources:
  Name: serverlesscachesnapshot
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DescribeServerlessCacheSnapshots
- Description: Grants permission to list information about serverless cache snapshots
- Access: List
- Resources:
  Name: serverlesscachesnapshot
  
  Required: Yes
  
  Name: serverlesscache
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
DescribeServerlessCaches
- Description: Grants permission to list serverless caches
- Access: List
- Resources:
  Name: serverlesscache
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ExportServerlessCacheSnapshot
- Description: Grants permission to export a copy of a serverless cache at a specific moment in time to s3 bucket
- Access: Write
- Resources:
  Name: serverlesscachesnapshot
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
- Dependents:
  s3:DeleteObject
  
  s3:ListAllMyBuckets
  
  s3:PutObject
InterruptClusterAzPower
- Description: Grants permission to test an AZ power interruption for an ElastiCache resource
- Access: Write
- Resources:
  Name: replicationgroup
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ModifyServerlessCache
- Description: Grants permission to modify parameters for a serverless cache
- Access: Write
- Resources:
  Name: serverlesscache
  
  Required: Yes
  
  Name: usergroup
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  elasticache:EngineVersion
  
  elasticache:SnapshotRetentionLimit
  
  elasticache:MaximumDataStorage
  
  elasticache:DataStorageUnit
  
  elasticache:MaximumECPUPerSecond
- Dependents:
  ec2:DescribeSecurityGroups
  
  ec2:DescribeTags

Resources

serverlesscache
- Arn: arn:${Partition}:elasticache:${Region}:${Account}:serverlesscache:${ServerlessCacheName}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  elasticache:DataStorageUnit
  
  elasticache:EngineType
  
  elasticache:EngineVersion
  
  elasticache:KmsKeyId
  
  elasticache:MaximumDataStorage
  
  elasticache:MaximumECPUPerSecond
  
  elasticache:SnapshotRetentionLimit
serverlesscachesnapshot
- Arn: arn:${Partition}:elasticache:${Region}:${Account}:serverlesscachesnapshot:${ServerlessCacheSnapshotName}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  elasticache:KmsKeyId

Conditions

elasticache:DataStorageUnit
- Description: Filters access by the CacheUsageLimits.DataStorage.Unit parameter in the CreateServerlessCache and ModifyServerlessCache request
- Type: String
elasticache:MaximumDataStorage
- Description: Filters access by the CacheUsageLimits.DataStorage.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request
- Type: Numeric
elasticache:MaximumECPUPerSecond
- Description: Filters access by the CacheUsageLimits.ECPUPerSecond.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request
- Type: Numeric

Updates

Actions

Connect
- New_value: No
  
  Old_value: Yes
- ＋ serverlesscache
AddTagsToResource
- ＋ serverlesscache
- ＋ serverlesscachesnapshot
ListTagsForResource
- ＋ serverlesscache
- ＋ serverlesscachesnapshot
RemoveTagsFromResource
- ＋ serverlesscache
- ＋ serverlesscachesnapshot

Amazon ElastiCache (elasticache)

Additions

Updates