Change log of AWS IAM permissions

2024-11-07

13 new actions, 2 new resources | 3 updated actions

Additions

Actions

CreateApi
- Description: Grants permission to create an API
- Access: Write
- Conditions:
  aws:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  iam:CreateServiceLinkedRole
CreateChannelNamespace
- Description: Grants permission to create a channel namespace
- Access: Write
- Resources:
  Name: channelNamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteApi
- Description: Grants permission to delete a API. This will also clean up every AppSync resource below that API
- Access: Write
- Resources:
  Name: api
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteChannelNamespace
- Description: Grants permission to delete a channel namespace
- Access: Write
- Resources:
  Name: channelNamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
EventConnect
- Description: Grants permission to connect to an Event API
- Access: Write
- Resources:
  Name: api
  
  Required: Yes
EventPublish
- Description: Grants permission to publish events to a channel namespace
- Access: Write
- Resources:
  Name: channelNamespace
  
  Required: Yes
EventSubscribe
- Description: Grants permission to subscribe to a channel namespace
- Access: Write
- Resources:
  Name: channelNamespace
  
  Required: Yes
GetApi
- Description: Grants permission to retrieve an API
- Access: Read
- Resources:
  Name: api
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetChannelNamespace
- Description: Grants permission to retrieve a channel namespace
- Access: Read
- Resources:
  Name: channelNamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListApis
- Description: Grants permission to list APIs
- Access: List
- Conditions:
  aws:ResourceTag/${TagKey}
ListChannelNamespaces
- Description: Grants permission to list channel namespace
- Access: List
- Resources:
  Name: api
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateApi
- Description: Grants permission to update an API
- Access: Write
- Resources:
  Name: api
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
- Dependents:
  iam:CreateServiceLinkedRole
UpdateChannelNamespace
- Description: Grants permission to update a channel namespace
- Access: Write
- Resources:
  Name: channelNamespace
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}

Resources

api
- Arn: arn:${Partition}:appsync:${Region}:${Account}:apis/${ApiId}
- Conditions:
  aws:ResourceTag/${TagKey}
channelNamespace
- Arn: arn:${Partition}:appsync:${Region}:${Account}:apis/${ApiId}/channelNamespace/${ChannelNamespaceName}
- Conditions:
  aws:ResourceTag/${TagKey}

Updates

Actions

ListTagsForResource
- ＋ api
- ＋ channelNamespace
TagResource
- ＋ api
- ＋ channelNamespace
UntagResource
- ＋ api
- ＋ channelNamespace
- ＋ aws:ResourceTag/${TagKey}

AWS AppSync (appsync)

Additions

Updates