Change log of AWS IAM permissions

2023-12-27

12 new actions, 2 new resources, 3 new conditions

Additions

Actions

CreateMonitor
- Description: Grants permission to create a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
CreateProbe
- Description: Grants permission to create a probe
- Access: Write
DeleteMonitor
- Description: Grants permission to delete a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
DeleteProbe
- Description: Grants permission to delete a probe
- Access: Write
- Resources:
  Name: probe
  
  Required: Yes
GetMonitor
- Description: Grants permission to get information about a monitor
- Access: Read
- Resources:
  Name: monitor
  
  Required: Yes
GetProbe
- Description: Grants permission to get information about a probe
- Access: Read
- Resources:
  Name: probe
  
  Required: Yes
ListMonitors
- Description: Grants permission to list all monitors in an account and their statuses
- Access: List
ListTagsForResource
- Description: Grants permission to list the tags for a resource
- Access: Read
- Resources:
  Name: monitor
  
  Required: No
  
  Name: probe
  
  Required: No
TagResource
- Description: Grants permission to add tags to a resource
- Access: Tagging
- Resources:
  Name: monitor
  
  Required: No
  
  Name: probe
  
  Required: No
UntagResource
- Description: Grants permission to remove tags from a resource
- Access: Tagging
- Resources:
  Name: monitor
  
  Required: No
  
  Name: probe
  
  Required: No
- Conditions:
  aws:TagKeys
UpdateMonitor
- Description: Grants permission to update a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
UpdateProbe
- Description: Grants permission to update a probe
- Access: Write
- Resources:
  Name: probe
  
  Required: Yes

Resources

monitor
- Arn: arn:${Partition}:networkmonitor:${Region}:${Account}:monitor/${MonitorName}
- Conditions:
  aws:ResourceTag/${TagKey}
probe
- Arn: arn:${Partition}:networkmonitor:${Region}:${Account}:probe/${ProbeId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the tag key-value pairs in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by the tag key-value pairs attached to the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys in the request
- Type: ArrayOfString

Amazon CloudWatch Network Monitor (networkmonitor)

Additions