AWS Application Migration Service (mgn)

Additions

Actions

• CreateNetworkMigrationDefinition
  
  • Description:  Grants permission to create a network migration definition
  • Access:  Write
• DeleteNetworkMigrationDefinition
  
  • Description:  Grants permission to delete a network migration definition
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• GetNetworkMigrationDefinition
  
  • Description:  Grants permission to get a network migration definition
  • Access:  Read
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• GetNetworkMigrationMapperSegmentConstruct
  
  • Description:  Grants permission to get a network migration mapper segment construct
  • Access:  Read
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationAnalyses
  
  • Description:  Grants permission to list network migration analyses
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationAnalysisResults
  
  • Description:  Grants permission to list network migration analysis results
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationCodeGenerationSegments
  
  • Description:  Grants permission to list network migration code generation segments
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationCodeGenerations
  
  • Description:  Grants permission to list network migration code generations
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationDefinitions
  
  • Description:  Grants permission to list network migration definitions
  • Access:  List
• ListNetworkMigrationDeployedStacks
  
  • Description:  Grants permission to list network migration deployed stacks
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationDeployedStacksDeletions
  
  • Description:  Grants permission to list network migration deployed stacks deletions
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationDeployments
  
  • Description:  Grants permission to list network migration deployments
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationExecutions
  
  • Description:  Grants permission to list network migration executions
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationMapperSegmentConstructs
  
  • Description:  Grants permission to list network migration mapper segment constructs
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationMapperSegments
  
  • Description:  Grants permission to list network migration mapper segments
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• ListNetworkMigrationMappings
  
  • Description:  Grants permission to list network migration mappings
  • Access:  List
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• StartNetworkMigrationAnalysis
  
  • Description:  Grants permission to start a network migration analysis
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

  • Dependents: 

    directconnect:DescribeConnections

    directconnect:DescribeDirectConnectGatewayAssociations

    directconnect:DescribeDirectConnectGatewayAttachments

    directconnect:DescribeDirectConnectGateways

    directconnect:DescribeVirtualGateways

    directconnect:DescribeVirtualInterfaces

    ec2:AuthorizeSecurityGroupIngress

    ec2:CreateNetworkInsightsPath

    ec2:CreateNetworkInterface

    ec2:CreateSecurityGroup

    ec2:CreateTags

    ec2:DeleteNetworkInsightsAnalysis

    ec2:DeleteNetworkInsightsPath

    ec2:DeleteNetworkInterface

    ec2:DeleteSecurityGroup

    ec2:DeleteTags

    ec2:DescribeAvailabilityZones

    ec2:DescribeCustomerGateways

    ec2:DescribeInstances

    ec2:DescribeInternetGateways

    ec2:DescribeManagedPrefixLists

    ec2:DescribeNatGateways

    ec2:DescribeNetworkAcls

    ec2:DescribeNetworkInsightsAnalyses

    ec2:DescribeNetworkInsightsPaths

    ec2:DescribeNetworkInterfaces

    ec2:DescribePrefixLists

    ec2:DescribeRegions

    ec2:DescribeRouteTables

    ec2:DescribeSecurityGroups

    ec2:DescribeSubnets

    ec2:DescribeTransitGatewayAttachments

    ec2:DescribeTransitGatewayConnects

    ec2:DescribeTransitGatewayPeeringAttachments

    ec2:DescribeTransitGatewayRouteTables

    ec2:DescribeTransitGatewayVpcAttachments

    ec2:DescribeTransitGateways

    ec2:DescribeVpcEndpointServiceConfigurations

    ec2:DescribeVpcEndpoints

    ec2:DescribeVpcPeeringConnections

    ec2:DescribeVpcs

    ec2:DescribeVpnConnections

    ec2:DescribeVpnGateways

    ec2:GetManagedPrefixListEntries

    ec2:GetTransitGatewayRouteTablePropagations

    ec2:SearchTransitGatewayRoutes

    ec2:StartNetworkInsightsAnalysis

    elasticloadbalancing:DescribeListeners

    elasticloadbalancing:DescribeLoadBalancerAttributes

    elasticloadbalancing:DescribeLoadBalancers

    elasticloadbalancing:DescribeRules

    elasticloadbalancing:DescribeTags

    elasticloadbalancing:DescribeTargetGroupAttributes

    elasticloadbalancing:DescribeTargetGroups

    elasticloadbalancing:DescribeTargetHealth

    globalaccelerator:ListAccelerators

    globalaccelerator:ListCustomRoutingAccelerators

    globalaccelerator:ListCustomRoutingEndpointGroups

    globalaccelerator:ListCustomRoutingListeners

    globalaccelerator:ListCustomRoutingPortMappings

    globalaccelerator:ListEndpointGroups

    globalaccelerator:ListListeners

    network-firewall:DescribeFirewall

    network-firewall:DescribeFirewallPolicy

    network-firewall:DescribeResourcePolicy

    network-firewall:DescribeRuleGroup

    network-firewall:ListFirewallPolicies

    network-firewall:ListFirewalls

    network-firewall:ListRuleGroups

    tiros:CreateQuery

    tiros:ExtendQuery

    tiros:GetQueryAnswer

    tiros:GetQueryExplanation

    tiros:GetQueryExtensionAccounts

• StartNetworkMigrationCodeGeneration
  
  • Description:  Grants permission to start network migration code generation
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• StartNetworkMigrationDeployedStacksDeletion
  
  • Description:  Grants permission to start deletion of network migration deployed stacks
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

  • Dependents: 

    ec2:AcceptTransitGatewayVpcAttachment

    ec2:AssociateNatGatewayAddress

    ec2:AssociateRouteTable

    ec2:AssociateSubnetCidrBlock

    ec2:AssociateTransitGatewayRouteTable

    ec2:AssociateVpcCidrBlock

    ec2:AttachInternetGateway

    ec2:AttachVolume

    ec2:AuthorizeSecurityGroupEgress

    ec2:AuthorizeSecurityGroupIngress

    ec2:DeleteInternetGateway

    ec2:DeleteLaunchTemplate

    ec2:DeleteLaunchTemplateVersions

    ec2:DeleteNatGateway

    ec2:DeleteNetworkAcl

    ec2:DeleteNetworkAclEntry

    ec2:DeleteNetworkInsightsAnalysis

    ec2:DeleteNetworkInsightsPath

    ec2:DeleteNetworkInterface

    ec2:DeleteRoute

    ec2:DeleteRouteTable

    ec2:DeleteSecurityGroup

    ec2:DeleteSnapshot

    ec2:DeleteSubnet

    ec2:DeleteTransitGateway

    ec2:DeleteTransitGatewayRoute

    ec2:DeleteTransitGatewayRouteTable

    ec2:DeleteTransitGatewayVpcAttachment

    ec2:DeleteVolume

    ec2:DeleteVpc

    ec2:DetachInternetGateway

    ec2:DetachVolume

    ec2:DisableTransitGatewayRouteTablePropagation

    ec2:DisassociateNatGatewayAddress

    ec2:DisassociateRouteTable

    ec2:DisassociateTransitGatewayRouteTable

    ec2:EnableTransitGatewayRouteTablePropagation

    ec2:ModifyInstanceAttribute

    ec2:ModifyLaunchTemplate

    ec2:ModifySubnetAttribute

    ec2:ModifyTransitGateway

    ec2:ModifyTransitGatewayVpcAttachment

    ec2:ModifyVolume

    ec2:ModifyVpcAttribute

    ec2:RejectTransitGatewayVpcAttachment

    ec2:ReleaseAddress

    ec2:ReplaceNetworkAclAssociation

    ec2:ReplaceNetworkAclEntry

    ec2:ReplaceRoute

    ec2:ReplaceTransitGatewayRoute

    ec2:RevokeSecurityGroupEgress

    ec2:RevokeSecurityGroupIngress

    ec2:SearchTransitGatewayRoutes

• StartNetworkMigrationDeployment
  
  • Description:  Grants permission to start a network migration deployment
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

  • Dependents: 

    ec2:AcceptTransitGatewayVpcAttachment

    ec2:AssociateNatGatewayAddress

    ec2:AssociateRouteTable

    ec2:AssociateSubnetCidrBlock

    ec2:AssociateTransitGatewayRouteTable

    ec2:AssociateVpcCidrBlock

    ec2:AttachInternetGateway

    ec2:AttachVolume

    ec2:AuthorizeSecurityGroupEgress

    ec2:AuthorizeSecurityGroupIngress

    ec2:CreateNatGateway

    ec2:CreateNetworkAcl

    ec2:CreateNetworkAclEntry

    ec2:CreateNetworkInsightsPath

    ec2:CreateNetworkInterface

    ec2:CreateRoute

    ec2:CreateRouteTable

    ec2:CreateSecurityGroup

    ec2:CreateSubnet

    ec2:CreateTags

    ec2:CreateTransitGatewayRoute

    ec2:CreateTransitGatewayRouteTable

    ec2:CreateTransitGatewayVpcAttachment

    ec2:DeleteInternetGateway

    ec2:DeleteLaunchTemplate

    ec2:DeleteLaunchTemplateVersions

    ec2:DeleteNatGateway

    ec2:DeleteNetworkAcl

    ec2:DeleteNetworkAclEntry

    ec2:DeleteNetworkInsightsAnalysis

    ec2:DeleteNetworkInsightsPath

    ec2:DeleteNetworkInterface

    ec2:DeleteRoute

    ec2:DeleteRouteTable

    ec2:DeleteSecurityGroup

    ec2:DeleteSnapshot

    ec2:DeleteSubnet

    ec2:DeleteTransitGateway

    ec2:DeleteTransitGatewayRoute

    ec2:DeleteTransitGatewayRouteTable

    ec2:DeleteTransitGatewayVpcAttachment

    ec2:DeleteVolume

    ec2:DeleteVpc

    ec2:DescribeAccountAttributes

    ec2:DescribeAddresses

    ec2:DescribeAvailabilityZones

    ec2:DescribeCustomerGateways

    ec2:DescribeEgressOnlyInternetGateways

    ec2:DescribeHosts

    ec2:DescribeImages

    ec2:DescribeInstanceAttribute

    ec2:DescribeInstanceStatus

    ec2:DescribeInstanceTypes

    ec2:DescribeInstances

    ec2:DescribeInternetGateways

    ec2:DescribeLaunchTemplateVersions

    ec2:DescribeLaunchTemplates

    ec2:DescribeManagedPrefixLists

    ec2:DescribeNatGateways

    ec2:DescribeNetworkAcls

    ec2:DescribeNetworkInsightsAnalyses

    ec2:DescribeNetworkInsightsPaths

    ec2:DescribeNetworkInterfaces

    ec2:DescribePrefixLists

    ec2:DescribeRegions

    ec2:DescribeRouteTables

    ec2:DescribeSecurityGroupRules

    ec2:DescribeSecurityGroups

    ec2:DescribeSnapshots

    ec2:DescribeSubnets

    ec2:DescribeTransitGatewayAttachments

    ec2:DescribeTransitGatewayConnects

    ec2:DescribeTransitGatewayPeeringAttachments

    ec2:DescribeTransitGatewayRouteTables

    ec2:DescribeTransitGatewayVpcAttachments

    ec2:DescribeTransitGateways

    ec2:DescribeVolumes

    ec2:DescribeVpcEndpointServiceConfigurations

    ec2:DescribeVpcEndpoints

    ec2:DescribeVpcPeeringConnections

    ec2:DescribeVpcs

    ec2:DescribeVpnConnections

    ec2:DescribeVpnGateways

    ec2:DetachInternetGateway

    ec2:DetachVolume

    ec2:DisableTransitGatewayRouteTablePropagation

    ec2:DisassociateNatGatewayAddress

    ec2:DisassociateRouteTable

    ec2:DisassociateTransitGatewayRouteTable

    ec2:EnableTransitGatewayRouteTablePropagation

    ec2:GetEbsDefaultKmsKeyId

    ec2:GetEbsEncryptionByDefault

    ec2:GetManagedPrefixListEntries

    ec2:GetTransitGatewayRouteTableAssociations

    ec2:GetTransitGatewayRouteTablePropagations

    ec2:ModifyInstanceAttribute

    ec2:ModifyLaunchTemplate

    ec2:ModifySubnetAttribute

    ec2:ModifyTransitGateway

    ec2:ModifyTransitGatewayVpcAttachment

    ec2:ModifyVolume

    ec2:ModifyVpcAttribute

    ec2:RejectTransitGatewayVpcAttachment

    ec2:ReleaseAddress

    ec2:ReplaceNetworkAclAssociation

    ec2:ReplaceNetworkAclEntry

    ec2:ReplaceRoute

    ec2:ReplaceTransitGatewayRoute

    ec2:RevokeSecurityGroupEgress

    ec2:RevokeSecurityGroupIngress

    ec2:SearchTransitGatewayRoutes

    ec2:StartNetworkInsightsAnalysis

• StartNetworkMigrationMapping
  
  • Description:  Grants permission to start a network migration mapping
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• UpdateNetworkMigrationDefinition
  
  • Description:  Grants permission to update a network migration definition
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• UpdateNetworkMigrationMapperSegment
  
  • Description:  Grants permission to update a network migration mapper segment
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

• UpdateNetworkMigrationMapperSegmentConstruct
  
  • Description:  Grants permission to update a network migration mapper segment construct
  • Access:  Write
  • Resources: 

    Name: NetworkMigrationDefinitionResource

    Required: Yes

Resources

• NetworkMigrationDefinitionResource
  
  • Arn:  arn:${Partition}:mgn:${Region}:${Account}:network-migration-definition/${NetworkMigrationDefinitionID}
  • Conditions: 

    aws:ResourceTag/${TagKey}