Change log of AWS IAM permissions

2024-02-17

9 new actions, 2 new resources | 3 updated actions

Actions

DisableBaseline
- Description: Grants permission to disable a Baseline on a target
- Access: Write
- Resources:
  Name: EnabledBaseline
  
  Required: Yes
EnableBaseline
- Description: Grants permission to enable a Baseline on a target
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  controltower:TagResource
GetBaseline
- Description: Grants permission to get Baseline details
- Access: Read
- Resources:
  Name: Baseline
  
  Required: Yes
GetBaselineOperation
- Description: Grants permission to get the current status of a particular Baseline operation
- Access: Read
GetEnabledBaseline
- Description: Grants permission to get an enabled Baseline
- Access: Read
- Resources:
  Name: EnabledBaseline
  
  Required: Yes
ListBaselines
- Description: Grants permission to list Baselines
- Access: List
ListEnabledBaselines
- Description: Grants permission to list enabled Baselines
- Access: List
ResetEnabledBaseline
- Description: Grants permission to reset an enabled Baseline
- Access: Write
- Resources:
  Name: EnabledBaseline
  
  Required: Yes
UpdateEnabledBaseline
- Description: Grants permission to update an enabled Baseline
- Access: Write
- Resources:
  Name: EnabledBaseline
  
  Required: Yes

Resources

Baseline
- Arn: arn:${Partition}:controltower:${Region}::baseline/${BaselineId}
EnabledBaseline
- Arn: arn:${Partition}:controltower:${Region}:${Account}:enabledbaseline/${EnabledBaselineId}
- Conditions:
  aws:ResourceTag/${TagKey}

Actions

AWS Control Tower (controltower)