2024-12-07
5 new actions, 1 new resource, 1 new condition | 6 updated actions
Additions
Actions
-
AssociateResourceTypes
-
Description:
Grants permission to add all specified resource types to the RecordingGroup of configuration recorder and includes those resource types when recording
-
Access:
Write
-
Resources:
Name: ConfigurationRecorder
Required: Yes
-
DeleteServiceLinkedConfigurationRecorder
-
Description:
Grants permission to delete the service-linked configuration recorder
-
Access:
Write
-
Resources:
Name: ConfigurationRecorder
Required: Yes
-
Conditions:
config:ConfigurationRecorderServicePrincipal
-
DisassociateResourceTypes
-
Description:
Grants permission to remove all specified resource types from the RecordingGroup of configuration recorder and excludes these resource types when recording
-
Access:
Write
-
Resources:
Name: ConfigurationRecorder
Required: Yes
-
ListConfigurationRecorders
-
Description:
Grants permission to list the configuration recorder summaries for an AWS account in an AWS Region
-
Access:
List
-
PutServiceLinkedConfigurationRecorder
-
Description:
Grants permission to create a new service-linked configuration recorder to record the resource configurations in scope for the linked service
-
Access:
Write
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
config:ConfigurationRecorderServicePrincipal
-
Dependents:
iam:CreateServiceLinkedRole
iam:PassRole
Resources
-
ConfigurationRecorder
-
Arn:
arn:${Partition}:config:${Region}:${Account}:configuration-recorder/${RecorderName}/${RecorderId}
-
Conditions:
aws:ResourceTag/${TagKey}