AWS Migration Hub (mgh)

Additions

Actions

• AcceptConnection
  
  • Description:  Grants permission to accept a connection
  • Access:  Write
  • Resources: 

    Name: ConnectionResource

    Required: Yes

  • Conditions: 

    aws:TagKeys

    aws:RequestTag/${TagKey}

• AssociateAutomationUnitRole
  
  • Description:  Grants permission to associate an IAM role to an automation unit
  • Access:  Write
  • Resources: 

    Name: AutomationUnitResource

    Required: Yes

• AssociateSourceResource
  
  • Description:  Grants permission to associate source resource
  • Access:  Write
  • Resources: 

    Name: migrationTask

    Required: Yes

• BatchAssociateIamRoleWithConnection
  
  • Description:  Grants permission to batch-associate IAM roles with a connection
  • Access:  Write
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• BatchDisassociateIamRoleFromConnection
  
  • Description:  Grants permission to batch-disassociate IAM roles from a connection
  • Access:  Write
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• CreateAutomationRun
  
  • Description:  Grants permission to create an automation unit run
  • Access:  Write
• CreateAutomationUnit
  
  • Description:  Grants permission to create an automation unit
  • Access:  Write
• DeleteAutomationRun
  
  • Description:  Grants permission to delete an automation unit run
  • Access:  Write
  • Resources: 

    Name: AutomationRunResource

    Required: Yes

• DeleteAutomationUnit
  
  • Description:  Grants permission to delete an automation unit
  • Access:  Write
  • Resources: 

    Name: AutomationUnitResource

    Required: Yes

• DeleteConnection
  
  • Description:  Grants permission to delete a connection
  • Access:  Write
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• DescribeAutomationRun
  
  • Description:  Grants permission to describe an automation unit run
  • Access:  Read
  • Resources: 

    Name: AutomationRunResource

    Required: Yes

• DescribeAutomationUnit
  
  • Description:  Grants permission to describe an automation unit
  • Access:  Read
  • Resources: 

    Name: AutomationUnitResource

    Required: Yes

• DisassociateAutomationUnitRole
  
  • Description:  Grants permission to disassociate an IAM role from an automation unit
  • Access:  Write
  • Resources: 

    Name: AutomationUnitResource

    Required: Yes

• DisassociateSourceResource
  
  • Description:  Grants permission to diassociate source resource
  • Access:  Write
  • Resources: 

    Name: migrationTask

    Required: Yes

• GetConnection
  
  • Description:  Grants permission to get a connection
  • Access:  Read
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• ListAutomationRuns
  
  • Description:  Grants permission to list automation unit runs
  • Access:  List
• ListAutomationUnits
  
  • Description:  Grants permission to list automation units
  • Access:  List
• ListConnectionRoles
  
  • Description:  Grants permission to list connection roles
  • Access:  List
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• ListConnections
  
  • Description:  Grants permission to list connections
  • Access:  List
• ListMigrationTaskUpdates
  
  • Description:  Grants permission to list migration tasks updates
  • Access:  List
  • Resources: 

    Name: migrationTask

    Required: Yes

• ListSourceResources
  
  • Description:  Grants permission to list source resources
  • Access:  List
  • Resources: 

    Name: migrationTask

    Required: Yes

• ListTagsForResource
  
  • Description:  Grants permission to list tags for a resource
  • Access:  List
• RejectConnection
  
  • Description:  Grants permission to reject a connection
  • Access:  Write
  • Resources: 

    Name: ConnectionResource

    Required: Yes

• TagResource
  
  • Description:  Grants permission to tag a resource
  • Access:  Tagging
  • Conditions: 

    aws:TagKeys

    aws:RequestTag/${TagKey}

• UntagResource
  
  • Description:  Grants permission to untag a resource
  • Access:  Tagging
  • Conditions: 

    aws:TagKeys

Resources

• AutomationRunResource
  
  • Arn:  arn:${Partition}:mgh:${Region}:${Account}:automation-run/${RunID}
  • Conditions: 

    mgh:AutomationRunResourceRunID

• AutomationUnitResource
  
  • Arn:  arn:${Partition}:mgh:${Region}:${Account}:automation-unit/${AutomationUnitId}
  • Conditions: 

    mgh:AutomationUnitResourceAutomationUnitArn

• ConnectionResource
  
  • Arn:  arn:${Partition}:mgh:${Region}:${Account}:${ConnectionArn}
  • Conditions: 

    aws:ResourceTag/${TagKey}

    mgh:ConnectionResourceConnectionArn

Conditions

• aws:RequestTag/${TagKey}
  
  • Description:  Filters access based on the tags that are passed in the request
  • Type:  String
• aws:ResourceTag/${TagKey}
  
  • Description:  Filters access based on the tags associated with the resource
  • Type:  String
• aws:TagKeys
  
  • Description:  Filters access based on the tag keys that are passed in the request
  • Type:  ArrayOfString
• mgh:AutomationRunResourceRunID
  
  • Description:  AutomationRunResource resource runID identifier
  • Type:  String
• mgh:AutomationUnitResourceAutomationUnitArn
  
  • Description:  AutomationUnitResource resource automationUnitArn identifier
  • Type:  ARN
• mgh:ConnectionResourceConnectionArn
  
  • Description:  ConnectionResource resource connectionArn identifier
  • Type:  String