Amazon AI Operations (aiops)

2024-12-07

22 new actions, 1 new resource, 3 new conditions

Additions

    Actions
  • CreateInvestigation
    • Description:  Grants permission to create a new investigation in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt

      kms:GenerateDataKey

      sts:SetContext
  • CreateInvestigationEvent
    • Description:  Grants permission to create a new investigation event in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt

      kms:GenerateDataKey

      sts:SetContext
  • CreateInvestigationGroup
    • Description:  Grants permission to create a new investigation group
    • Access:  Write
    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}
    • Dependents: 

      aiops:TagResource

      cloudtrail:DescribeTrails

      iam:PassRole

      kms:Decrypt

      kms:DescribeKey

      kms:GenerateDataKey

      sso:CreateApplication

      sso:DeleteApplication

      sso:PutApplicationAccessScope

      sso:PutApplicationAssignmentConfiguration

      sso:PutApplicationAuthenticationMethod

      sso:PutApplicationGrant

      sso:TagResource
  • CreateInvestigationResource
    • Description:  Grants permission to create an investigation resource in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      cloudwatch:DescribeAlarmHistory

      cloudwatch:DescribeAlarms

      cloudwatch:GetInsightRuleReport

      cloudwatch:GetMetricData

      kms:GenerateDataKey

      logs:GetQueryResults
  • DeleteInvestigation
    • Description:  Grants permission to delete an investigation in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      sts:SetContext
  • DeleteInvestigationGroup
    • Description:  Grants permission to delete the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      sso:DeleteApplication
  • DeleteInvestigationGroupPolicy
    • Description:  Grants permission to delete the investigation group policy attached to an investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

  • GetInvestigation
    • Description:  Grants permission to retrieve an investigation in the specified investigation group
    • Access:  Read
    • Resources: 

      Name: investigation-group

      Required: Yes

  • GetInvestigationEvent
    • Description:  Grants permission to retrieve an investigation event in the specified investigation group
    • Access:  Read
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt
  • GetInvestigationGroup
    • Description:  Grants permission to retrieve the specified investigation group
    • Access:  Read
    • Resources: 

      Name: investigation-group

      Required: Yes

  • GetInvestigationGroupPolicy
    • Description:  Grants permission to retrieve the investigation group policy attached to an investigation group
    • Access:  Read
    • Resources: 

      Name: investigation-group

      Required: Yes

  • GetInvestigationResource
    • Description:  Grants permission to retrieve an investigation resource in the specified investigation group
    • Access:  Read
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt
  • ListInvestigationEvents
    • Description:  Grants permission to list all investigation events in the specified investigation group
    • Access:  List
    • Resources: 

      Name: investigation-group

      Required: Yes

  • ListInvestigationGroups
    • Description:  Grants permission to list all investigation groups in the AWS account making the request
    • Access:  List
  • ListInvestigations
    • Description:  Grants permission to list all investigations that are in the specified investigation group
    • Access:  List
    • Resources: 

      Name: investigation-group

      Required: Yes

  • ListTagsForResource
    • Description:  Grants permission to list the tags for the specified resource
    • Access:  List
    • Resources: 

      Name: investigation-group

      Required: Yes

  • PutInvestigationGroupPolicy
    • Description:  Grants permission to create/update the investigation group policy attached to an investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

  • TagResource
    • Description:  Grants permission to add or update the specified tags for the specified resource
    • Access:  Tagging
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}
  • UntagResource
    • Description:  Grants permission to remove the specified tags from the specified resource
    • Access:  Tagging
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Conditions: 

      aws:TagKeys
  • UpdateInvestigation
    • Description:  Grants permission to update an investigation in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt

      kms:GenerateDataKey

      sts:SetContext
  • UpdateInvestigationEvent
    • Description:  Grants permission to update an investigation event in the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      kms:Decrypt

      kms:GenerateDataKey

      sts:SetContext
  • UpdateInvestigationGroup
    • Description:  Grants permission to update the specified investigation group
    • Access:  Write
    • Resources: 

      Name: investigation-group

      Required: Yes

    • Dependents: 

      cloudtrail:DescribeTrails

      iam:PassRole

      kms:Decrypt

      kms:DescribeKey

      kms:GenerateDataKey

      sso:CreateApplication

      sso:DeleteApplication

      sso:PutApplicationAccessScope

      sso:PutApplicationAssignmentConfiguration

      sso:PutApplicationAuthenticationMethod

      sso:PutApplicationGrant

      sso:TagResource
    Resources
  • investigation-group
    • Arn:  arn:${Partition}:aiops:${Region}:${Account}:investigation-group/${InvestigationGroupId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString