Change log of AWS IAM permissions

2024-12-07

28 new actions, 2 new resources, 2 new conditions

Additions

Actions

CreateNamespace
- Description: Grants permission to create a namespace
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
CreateTable
- Description: Grants permission to create a table
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
- Conditions:
  s3tables:namespace
CreateTableBucket
- Description: Grants permission to create a table bucket
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
DeleteNamespace
- Description: Grants permission to delete a namespace
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
- Conditions:
  s3tables:namespace
DeleteTable
- Description: Grants permission to delete a table
- Access: Write
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
DeleteTableBucket
- Description: Grants permission to delete a table bucket
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
DeleteTableBucketPolicy
- Description: Grants permission to delete a policy on a table bucket
- Access: Permissions management
- Resources:
  Name: TableBucket
  
  Required: Yes
DeleteTablePolicy
- Description: Grants permission to delete a policy on a table
- Access: Permissions management
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetNamespace
- Description: Grants permission to get a namespace
- Access: Read
- Resources:
  Name: TableBucket
  
  Required: Yes
- Conditions:
  s3tables:namespace
GetTable
- Description: Grants permission to retrieve a table
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetTableBucket
- Description: Grants permission to retrieve a table bucket
- Access: Read
- Resources:
  Name: TableBucket
  
  Required: Yes
GetTableBucketMaintenanceConfiguration
- Description: Grants permission to retrieve a maintenance configuration on a table bucket
- Access: Read
- Resources:
  Name: TableBucket
  
  Required: Yes
GetTableBucketPolicy
- Description: Grants permission to retrieve a policy on a table bucket
- Access: Read
- Resources:
  Name: TableBucket
  
  Required: Yes
GetTableData
- Description: Grants permission to read metadata and data objects from a table storage endpoint using S3 APIs
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetTableMaintenanceConfiguration
- Description: Grants permission to retrieve a maintenance configuration on a table
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetTableMaintenanceJobStatus
- Description: Grants permission to retrieve the status of maintenance jobs on a table
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetTableMetadataLocation
- Description: Grants permission to retrieve the metadata location of a table
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
GetTablePolicy
- Description: Grants permission to retrieve a policy on a table
- Access: Read
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
ListNamespaces
- Description: Grants permission to list namespaces
- Access: List
- Resources:
  Name: TableBucket
  
  Required: Yes
ListTableBuckets
- Description: Grants permission to list table buckets
- Access: List
ListTables
- Description: Grants permission to list tables
- Access: List
- Resources:
  Name: TableBucket
  
  Required: Yes
- Conditions:
  s3tables:namespace
PutTableBucketMaintenanceConfiguration
- Description: Grants permission to put a maintenance configuration on a table bucket
- Access: Write
- Resources:
  Name: TableBucket
  
  Required: Yes
PutTableBucketPolicy
- Description: Grants permission to create or overwrite a policy on a table bucket
- Access: Permissions management
- Resources:
  Name: TableBucket
  
  Required: Yes
PutTableData
- Description: Grants permission to write metadata and data objects to a table storage endpoint using S3 APIs
- Access: Write
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
PutTableMaintenanceConfiguration
- Description: Grants permission to put a maintenance configuration on a table
- Access: Write
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
PutTablePolicy
- Description: Grants permission to create or overwrite a policy on a table
- Access: Permissions management
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName
RenameTable
- Description: Grants permission to rename a table or move a table across namespaces
- Access: Write
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
UpdateTableMetadataLocation
- Description: Grants permission to update the metadata location of a table
- Access: Write
- Resources:
  Name: Table
  
  Required: Yes
- Conditions:
  s3tables:namespace
  
  s3tables:tableName

Resources

TableBucket
- Arn: arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}
Table
- Arn: arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}/table/${TableID}
- Conditions:
  s3tables:namespace
  
  s3tables:tableName

Conditions

s3tables:namespace
- Description: Filters access by the namespaces created in the table bucket
- Type: String
s3tables:tableName
- Description: Filters access by the name of the tables in the table bucket
- Type: String

Amazon S3 Tables (s3tables)

Additions