Change log of AWS IAM permissions

2023-12-02

27 new actions, 5 new resources, 3 new conditions

Additions

Actions

CreateDeviceActivationQrCode
- Description: Grants permission to create a QR code for a Device Instance
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateDeviceConfigurationTemplate
- Description: Grants permission to create a Device Configuration Template
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateDeviceInstance
- Description: Grants permission to create a Device Instance
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateDeviceInstanceConfiguration
- Description: Grants permission to create a Device Instance Configuration
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateSite
- Description: Grants permission to create a Site
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteAssociatedDevice
- Description: Grants permission to disassociate Device from a Device Instance
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteDeviceConfigurationTemplate
- Description: Grants permission to delete a Device Configuration Template
- Access: Write
- Resources:
  Name: device-configuration-template
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteDeviceInstance
- Description: Grants permission to delete a Device Instance
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteSite
- Description: Grants permission to delete a Site
- Access: Write
- Resources:
  Name: site
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteUser
- Description: Grants permission to delete a User
- Access: Write
- Resources:
  Name: user
  
  Required: Yes
GetDeviceConfigurationTemplate
- Description: Grants permission to view a Device Configuration Template
- Access: Read
- Resources:
  Name: device-configuration-template
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetDeviceInstance
- Description: Grants permission to view a Device Instance
- Access: Read
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetDeviceInstanceConfiguration
- Description: Grants permission to view a Device Instance Configuration
- Access: Read
- Resources:
  Name: configuration
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSite
- Description: Grants permission to view a Site
- Access: Read
- Resources:
  Name: site
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSiteAddress
- Description: Grants permission to view address of a Site
- Access: Read
- Resources:
  Name: site
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListDeviceConfigurationTemplates
- Description: Grants permission to retrieve list of Device Configuration Templates
- Access: List
ListDeviceInstances
- Description: Grants permission to retrieve list of Device Instances
- Access: List
ListSites
- Description: Grants permission to view list of Sites
- Access: List
ListTagsForResource
- Description: Grants permission to list tags for an Amazon One Enterprise resource
- Access: Read
- Resources:
  Name: device-configuration-template
  
  Required: No
  
  Name: device-instance
  
  Required: No
  
  Name: site
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
ListUsers
- Description: Grants permission to view list of Users
- Access: List
RebootDevice
- Description: Grants permission to reboot Device associated with a Device Instance
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
TagResource
- Description: Grants permission to add tags to an Amazon One Enterprise resource
- Access: Tagging
- Resources:
  Name: device-configuration-template
  
  Required: No
  
  Name: device-instance
  
  Required: No
  
  Name: site
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to remove tags from an Amazon One Enterprise resource
- Access: Tagging
- Resources:
  Name: device-configuration-template
  
  Required: No
  
  Name: device-instance
  
  Required: No
  
  Name: site
  
  Required: No
- Conditions:
  aws:TagKeys
UpdateDeviceConfigurationTemplate
- Description: Grants permission to update a Device Configuration Template
- Access: Write
- Resources:
  Name: device-configuration-template
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateDeviceInstance
- Description: Grants permission to update a Device Instance
- Access: Write
- Resources:
  Name: device-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateSite
- Description: Grants permission to update a Site
- Access: Write
- Resources:
  Name: site
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateSiteAddress
- Description: Grants permission to update address of a Site
- Access: Write
- Resources:
  Name: site
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}

Resources

device-instance
- Arn: arn:${Partition}:one:${Region}:${Account}:device-instance/${DeviceInstanceId}
- Conditions:
  aws:ResourceTag/${TagKey}
configuration
- Arn: arn:${Partition}:one:${Region}:${Account}:device-instance/${DeviceInstanceId}/configuration/${Version}
device-configuration-template
- Arn: arn:${Partition}:one:${Region}:${Account}:device-configuration-template/${TemplateId}
- Conditions:
  aws:ResourceTag/${TagKey}
site
- Arn: arn:${Partition}:one:${Region}:${Account}:site/${SiteId}
- Conditions:
  aws:ResourceTag/${TagKey}
user
- Arn: arn:${Partition}:one:${Region}:${Account}:user/${UserId}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by using tag key-value pairs in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by using tag key-value pairs attached to the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys that are passed in the request
- Type: ArrayOfString

Amazon One Enterprise (one)

Additions