Change log of AWS IAM permissions

2025-11-22

11 new actions, 1 new resource, 4 new conditions | 4 updated actions

Additions

Actions

AcceptDelegationRequest
- Description: Accepts a delegation request resource, granting the requested temporary access
- Access: Write
- Resources:
  Name: delegation-request
  
  Required: Yes
AssociateDelegationRequest
- Description: Associates a delegation request resource with the calling identity
- Access: Write
- Resources:
  Name: delegation-request
  
  Required: Yes
CreateDelegationRequest
- Description: Creates an IAM delegation request resource for temporary access delegation
- Access: Write
- Resources:
  Name: delegation-request
  
  Required: Yes
- Conditions:
  iam:DelegationDuration
  
  iam:NotificationChannel
  
  iam:TemplateArn
DisableOutboundWebIdentityFederation
- Description: Disables the outbound identity federation feature for the callers account
- Access: Write
EnableOutboundWebIdentityFederation
- Description: Enables the outbound identity federation feature for the callers account
- Access: Write
GetDelegationRequest
- Description: Retrieves information about a specific delegation request
- Access: Read
- Resources:
  Name: delegation-request
  
  Required: Yes
GetHumanReadableSummary
- Description: Retrieves a human readable summary for a given entity. At this time, only delegation request are supported
- Access: Read
- Resources:
  Name: delegation-request
  
  Required: Yes
GetOutboundWebIdentityFederationInfo
- Description: Retrieves the configuration information for the outbound identity federation feature for the callers account
- Access: Read
ListDelegationRequests
- Description: Lists delegation requests based on the specified criteria
- Access: List
- Conditions:
  iam:DelegationRequestOwner
RejectDelegationRequest
- Description: Rejects a delegation request, denying the requested temporary access
- Access: Write
- Resources:
  Name: delegation-request
  
  Required: Yes
SendDelegationToken
- Description: Sends the exchange token for an accepted delegation request
- Access: Write
- Resources:
  Name: delegation-request
  
  Required: Yes

Resources

delegation-request
- Arn: arn:${Partition}:iam::${Account}:delegation-request/${DelegationRequestId}
- Conditions:
  iam:DelegationRequestOwner

Conditions

iam:DelegationDuration
- Description: Filters access based on the requested delegation duration
- Type: String
iam:DelegationRequestOwner
- Description: Filters access based on the delegation request owner
- Type: ARN
iam:NotificationChannel
- Description: Filters access based on the requested notification channel
- Type: String
iam:TemplateArn
- Description: Filters access based on the requested template ARN
- Type: ARN

Updates

Actions

DeleteSAMLProvider
- ＋ iam:PermissionsBoundary
GetUser
- ＋ iam:PermissionsBoundary
UpdateSigningCertificate
- ＋ iam:PermissionsBoundary
UploadSigningCertificate
- ＋ iam:PermissionsBoundary

AWS Identity and Access Management (IAM) (iam)

Additions

Updates