Amazon EC2 Image Builder (imagebuilder)

2023-12-15

7 new actions, 2 new resources | 6 updated actions

Additions

    Actions
  • CreateWorkflow
    • Description:  Grants permission to create a new workflow
    • Access:  Write
    • Resources: 

      Name: workflow

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
    • Dependents: 

      imagebuilder:TagResource

      kms:Encrypt

      kms:GenerateDataKey

      kms:GenerateDataKeyWithoutPlaintext

      s3:GetObject

      s3:ListBucket
  • DeleteWorkflow
    • Description:  Grants permission to delete a workflow
    • Access:  Write
    • Resources: 

      Name: workflow

      Required: Yes

  • GetWorkflow
    • Description:  Grants permission to view details about a workflow
    • Access:  Read
    • Resources: 

      Name: workflow

      Required: Yes

    • Dependents: 

      kms:Decrypt
  • ListWaitingWorkflowSteps
    • Description:  Grants permission to list waiting workflow steps for the caller account
    • Access:  List
  • ListWorkflowBuildVersions
    • Description:  Grants permission to list the workflow build versions in your account
    • Access:  List
    • Resources: 

      Name: workflowVersion

      Required: Yes

  • ListWorkflows
    • Description:  Grants permission to list the workflow versions owned by or shared with your account
    • Access:  List
  • SendWorkflowStepAction
    • Description:  Grants permission to send an action to a workflow step
    • Access:  Write
    • Resources: 

      Name: image

      Required: Yes

      Name: workflowStepExecution

      Required: Yes

    Resources
  • workflow
    • Arn:  arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/${WorkflowBuildVersion}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • workflowVersion
    • Arn:  arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}
    • Conditions: 

      aws:ResourceTag/${TagKey}

Updates

    Actions
  • CreateImage
      Dependents
    • + iam:PassRole
    • + imagebuilder:GetWorkflow
  • CreateImagePipeline
      Dependents
    • + iam:PassRole
    • + imagebuilder:GetDistributionConfiguration
    • + imagebuilder:GetInfrastructureConfiguration
    • + imagebuilder:GetWorkflow
  • ListTagsForResource
      Resources
    • + workflow
  • TagResource
      Resources
    • + workflow
  • UntagResource
      Resources
    • + workflow
  • UpdateImagePipeline
      Dependents
    • + iam:CreateServiceLinkedRole
    • + iam:PassRole
    • + imagebuilder:GetContainerRecipe
    • + imagebuilder:GetDistributionConfiguration
    • + imagebuilder:GetImageRecipe
    • + imagebuilder:GetInfrastructureConfiguration
    • + imagebuilder:GetWorkflow