Change log of AWS IAM permissions

2023-12-02

20 new actions, 3 new resources | 1 updated action

Additions

Actions

AssociateAccessGrantsIdentityCenter
- Description: Grants permission to associate Access Grants identity center
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
CreateAccessGrant
- Description: Grants permission to create Access Grant
- Access: Write
- Resources:
  Name: accessgrantslocation
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateAccessGrantsInstance
- Description: Grants permission to Create Access Grants Instance
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
CreateAccessGrantsLocation
- Description: Grants permission to create Access Grants location
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteAccessGrant
- Description: Grants permission to delete Access Grant
- Access: Write
- Resources:
  Name: accessgrant
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
DeleteAccessGrantsInstance
- Description: Grants permission to Delete Access Grants Instance
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
DeleteAccessGrantsInstanceResourcePolicy
- Description: Grants permission to read Access grants instance resource policy
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
DeleteAccessGrantsLocation
- Description: Grants permission to delete Access Grants location
- Access: Write
- Resources:
  Name: accessgrantslocation
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
DissociateAccessGrantsIdentityCenter
- Description: Grants permission to disassociate Access Grants identity center
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetAccessGrant
- Description: Grants permission to read Access Grant
- Access: Read
- Resources:
  Name: accessgrant
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetAccessGrantsInstance
- Description: Grants permission to Read Access Grants Instance
- Access: Read
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetAccessGrantsInstanceForPrefix
- Description: Grants permission to Read Access Grants Instance by prefix
- Access: Read
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetAccessGrantsInstanceResourcePolicy
- Description: Grants permission to read Access grants instance resource policy
- Access: Read
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetAccessGrantsLocation
- Description: Grants permission to read Access Grants location
- Access: Read
- Resources:
  Name: accessgrantslocation
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
GetDataAccess
- Description: Grants permission to get Access
- Access: Read
- Resources:
  Name: accessgrant
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
ListAccessGrants
- Description: Grants permission to list Access Grant
- Access: List
- Resources:
  Name: accessgrantslocation
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
ListAccessGrantsInstances
- Description: Grants permission to List Access Grants Instances
- Access: List
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
ListAccessGrantsLocations
- Description: Grants permission to list Access Grants locations
- Access: List
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
PutAccessGrantsInstanceResourcePolicy
- Description: Grants permission to put Access grants instance resource policy
- Access: Write
- Resources:
  Name: accessgrantsinstance
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}
UpdateAccessGrantsLocation
- Description: Grants permission to update Access Grants location
- Access: Write
- Resources:
  Name: accessgrantslocation
  
  Required: Yes
- Conditions:
  s3:authType
  
  s3:ResourceAccount
  
  s3:signatureAge
  
  s3:signatureversion
  
  s3:TlsVersion
  
  s3:x-amz-content-sha256
  
  aws:ResourceTag/${TagKey}

Resources

accessgrantsinstance
- Arn: arn:${Partition}:s3:${Region}:${Account}:access-grants/default
- Conditions:
  aws:ResourceTag/${TagKey}
accessgrantslocation
- Arn: arn:${Partition}:s3:${Region}:${Account}:access-grants/default/location/${Token}
accessgrant
- Arn: arn:${Partition}:s3:${Region}:${Account}:access-grants/default/grant/${Token}

Updates

Actions

TagResource
- ＋ accessgrant
- ＋ accessgrantsinstance
- ＋ accessgrantslocation

Amazon S3 (s3)

Additions

Updates