Change log of AWS IAM permissions

2024-07-25

13 new actions, 2 new resources | 5 updated actions

Additions

Actions

CreateIdMappingTable
- Description: Grants permission to link an id mapping workflow with a collaboration by creating a new id mapping table
- Access: Write
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  entityresolution:AddPolicyStatement
  
  entityresolution:GetIdMappingWorkflow
CreateIdNamespaceAssociation
- Description: Grants permission to link an AWS Entity Resolution Id Namespace with a collaboration by creating a new association
- Access: Write
- Resources:
  Name: idnamespaceassociation
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  entityresolution:AddPolicyStatement
  
  entityresolution:GetIdNamespace
DeleteIdMappingTable
- Description: Grants permission to remove an id mapping table from a collaboration
- Access: Write
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Dependents:
  entityresolution:DeletePolicyStatement
DeleteIdNamespaceAssociation
- Description: Grants permission to remove an Id Namespace Association from a collaboration
- Access: Write
- Resources:
  Name: idnamespaceassociation
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Dependents:
  entityresolution:DeletePolicyStatement
GetCollaborationIdNamespaceAssociation
- Description: Grants permission to get id namespace association within a collaboration
- Access: Read
- Resources:
  Name: collaboration
  
  Required: Yes
  
  Name: idnamespaceassociation
  
  Required: Yes
GetIdMappingTable
- Description: Grants permission to view details of an id mapping table
- Access: Read
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
GetIdNamespaceAssociation
- Description: Grants permission to view details of an id namespace association
- Access: Read
- Resources:
  Name: idnamespaceassociation
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Dependents:
  entityresolution:GetIdNamespace
ListCollaborationIdNamespaceAssociations
- Description: Grants permission to list id namespace within a collaboration
- Access: List
- Resources:
  Name: collaboration
  
  Required: Yes
ListIdMappingTables
- Description: Grants permission to list available id mapping tables for a membership
- Access: List
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
ListIdNamespaceAssociations
- Description: Grants permission to list entity resolution data associations for a membership
- Access: List
- Resources:
  Name: idnamespaceassociation
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
PopulateIdMappingTable
- Description: Grants permission to start an Id Mapping Job in AWS Entity Resolution to generate id mapping results in cleanrooms collaboration.
- Access: Write
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Dependents:
  entityresolution:GetIdMappingWorkflow
UpdateIdMappingTable
- Description: Grants permission to update an id mapping table
- Access: Write
- Resources:
  Name: idmappingtable
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
UpdateIdNamespaceAssociation
- Description: Grants permission to update a entity resolution input association
- Access: Write
- Resources:
  Name: idnamespaceassociation
  
  Required: Yes
  
  Name: membership
  
  Required: Yes
- Dependents:
  entityresolution:GetIdNamespace

Resources

idmappingtable
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idmappingtable/${IdMappingTableId}
- Conditions:
  aws:ResourceTag/${TagKey}
idnamespaceassociation
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idnamespaceassociation/${IdNamespaceAssociationId}
- Conditions:
  aws:ResourceTag/${TagKey}

Updates

Actions

BatchGetSchema
- New_value: No
  
  Old_value: Yes
- ＋ idmappingtable
BatchGetSchemaAnalysisRule
- New_value: No
  
  Old_value: Yes
- ＋ idmappingtable
StartProtectedQuery
- New_value: No
  
  Old_value: Yes
- ＋ idmappingtable
TagResource
- ＋ idmappingtable
- ＋ idnamespaceassociation
UntagResource
- ＋ idmappingtable
- ＋ idnamespaceassociation

AWS Clean Rooms (cleanrooms)

Additions

Updates