{"Account": {"administer-resource": ["account:AcceptPrimaryEmailUpdate", "account:CloseAccount", "account:DeleteAlternateContact", "account:DisableRegion", "account:EnableRegion", "account:PutAccountName", "account:PutAlternateContact", "account:PutChallengeQuestions", "account:PutContactInformation", "account:StartPrimaryEmailUpdate"], "delete-data": ["account:CloseAccount"], "read-config": ["account:GetAccountInformation", "account:GetAlternateContact", "account:GetChallengeQuestions", "account:GetContactInformation", "account:GetGovCloudAccountInformation", "account:GetPrimaryEmail", "account:GetRegionOptStatus", "account:ListRegions"]}, "Athena": {"administer-resource": ["athena:CancelCapacityReservation", "athena:CancelQueryExecution", "athena:CreateCapacityReservation", "athena:CreateDataCatalog", "athena:CreatePresignedNotebookUrl", "athena:CreateWorkGroup", "athena:DeleteCapacityReservation", "athena:DeleteDataCatalog", "athena:PutCapacityAssignmentConfiguration", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateCapacityReservation", "athena:UpdateDataCatalog", "athena:UpdateWorkGroup"], "delete-data": ["athena:DeleteNotebook"], "read-config": ["athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:GetCalculationExecution", "athena:GetCalculationExecutionStatus", "athena:GetCapacityAssignmentConfiguration", "athena:GetCapacityReservation", "athena:GetCatalogs", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetExecutionEngine", "athena:GetExecutionEngines", "athena:GetNamedQuery", "athena:GetNamespace", "athena:GetNamespaces", "athena:GetNotebookMetadata", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryExecutions", "athena:GetQueryRuntimeStatistics", "athena:GetResourceDashboard", "athena:GetSession", "athena:GetSessionStatus", "athena:GetTable", "athena:GetTableMetadata", "athena:GetTables", "athena:GetWorkGroup", "athena:ListApplicationDPUSizes", "athena:ListCalculationExecutions", "athena:ListCapacityReservations", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListExecutors", "athena:ListNamedQueries", "athena:ListNotebookMetadata", "athena:ListNotebookSessions", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListSessions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups"], "read-data": ["athena:ExportNotebook", "athena:GetCalculationExecutionCode", "athena:GetQueryResults", "athena:GetQueryResultsStream"], "use-resource": ["athena:GetSessionEndpoint", "athena:StartSession"], "write-data": ["athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:DeleteNamedQuery", "athena:DeletePreparedStatement", "athena:DeleteWorkGroup", "athena:ImportNotebook", "athena:RunQuery", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:TagResource", "athena:UntagResource", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement"]}, "Bedrock": {"administer-resource": ["bedrock:AllowVendedLogDeliveryForResource", "bedrock:AssociateAgentCollaborator", "bedrock:AssociateAgentKnowledgeBase", "bedrock:AssociateThirdPartyKnowledgeBase", "bedrock:BatchDeleteEvaluationJob", "bedrock:CancelAutomatedReasoningPolicyBuildWorkflow", "bedrock:CopyBlueprintStage", "bedrock:CreateAgent", "bedrock:CreateAgentActionGroup", "bedrock:CreateAgentAlias", "bedrock:CreateAutomatedReasoningPolicy", "bedrock:CreateAutomatedReasoningPolicyTestCase", "bedrock:CreateAutomatedReasoningPolicyVersion", "bedrock:CreateBlueprint", "bedrock:CreateBlueprintVersion", "bedrock:CreateCustomModel", "bedrock:CreateCustomModelDeployment", "bedrock:CreateDataAutomationProject", "bedrock:CreateDataSource", "bedrock:CreateEvaluationJob", "bedrock:CreateFlow", "bedrock:CreateFlowAlias", "bedrock:CreateFlowVersion", "bedrock:CreateFoundationModelAgreement", "bedrock:CreateGuardrail", "bedrock:CreateGuardrailVersion", "bedrock:CreateInferenceProfile", "bedrock:CreateKnowledgeBase", "bedrock:CreateMarketplaceModelEndpoint", "bedrock:CreateModelCopyJob", "bedrock:CreateModelCustomizationJob", "bedrock:CreateModelEvaluationJob", "bedrock:CreateModelImportJob", "bedrock:CreatePrompt", "bedrock:CreatePromptRouter", "bedrock:CreatePromptVersion", "bedrock:CreateProvisionedModelThroughput", "bedrock:DeleteAgent", "bedrock:DeleteAgentActionGroup", "bedrock:DeleteAgentAlias", "bedrock:DeleteAgentVersion", "bedrock:DeleteAutomatedReasoningPolicy", "bedrock:DeleteAutomatedReasoningPolicyBuildWorkflow", "bedrock:DeleteAutomatedReasoningPolicyTestCase", "bedrock:DeleteBlueprint", "bedrock:DeleteCustomModel", "bedrock:DeleteCustomModelDeployment", "bedrock:DeleteDataAutomationProject", "bedrock:DeleteDataSource", "bedrock:DeleteEnforcedGuardrailConfiguration", "bedrock:DeleteFlow", "bedrock:DeleteFlowAlias", "bedrock:DeleteFlowVersion", "bedrock:DeleteFoundationModelAgreement", "bedrock:DeleteGuardrail", "bedrock:DeleteImportedModel", "bedrock:DeleteInferenceProfile", "bedrock:DeleteKnowledgeBase", "bedrock:DeleteMarketplaceModelAgreement", "bedrock:DeleteMarketplaceModelEndpoint", "bedrock:DeleteModelInvocationLoggingConfiguration", "bedrock:DeletePrompt", "bedrock:DeletePromptRouter", "bedrock:DeleteProvisionedModelThroughput", "bedrock:DeleteResourcePolicy", "bedrock:DeregisterMarketplaceModelEndpoint", "bedrock:DisassociateAgentCollaborator", "bedrock:DisassociateAgentKnowledgeBase", "bedrock:InvokeBlueprintOptimizationAsync", "bedrock:PrepareAgent", "bedrock:PrepareFlow", "bedrock:PutEnforcedGuardrailConfiguration", "bedrock:PutFoundationModelEntitlement", "bedrock:PutModelInvocationLoggingConfiguration", "bedrock:PutResourcePolicy", "bedrock:PutUseCaseForModelAccess", "bedrock:RegisterMarketplaceModelEndpoint", "bedrock:StartAutomatedReasoningPolicyBuildWorkflow", "bedrock:StartAutomatedReasoningPolicyTestWorkflow", "bedrock:StartFlowExecution", "bedrock:StartIngestionJob", "bedrock:StopEvaluationJob", "bedrock:StopFlowExecution", "bedrock:StopIngestionJob", "bedrock:StopModelCustomizationJob", "bedrock:StopModelInvocationJob", "bedrock:TagResource", "bedrock:UntagResource", "bedrock:UpdateAgent", "bedrock:UpdateAgentActionGroup", "bedrock:UpdateAgentAlias", "bedrock:UpdateAgentCollaborator", "bedrock:UpdateAgentKnowledgeBase", "bedrock:UpdateAutomatedReasoningPolicy", "bedrock:UpdateAutomatedReasoningPolicyAnnotations", "bedrock:UpdateAutomatedReasoningPolicyTestCase", "bedrock:UpdateBlueprint", "bedrock:UpdateCustomModelDeployment", "bedrock:UpdateDataAutomationProject", "bedrock:UpdateDataSource", "bedrock:UpdateFlow", "bedrock:UpdateFlowAlias", "bedrock:UpdateGuardrail", "bedrock:UpdateKnowledgeBase", "bedrock:UpdateMarketplaceModelEndpoint", "bedrock:UpdatePrompt", "bedrock:UpdateProvisionedModelThroughput"], "delete-data": ["bedrock:DeleteAgentMemory", "bedrock:DeleteKnowledgeBaseDocuments"], "read-config": ["bedrock:ExportAutomatedReasoningPolicyVersion", "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentAlias", "bedrock:GetAgentCollaborator", "bedrock:GetAgentKnowledgeBase", "bedrock:GetAgentVersion", "bedrock:GetAsyncInvoke", "bedrock:GetAutomatedReasoningPolicy", "bedrock:GetAutomatedReasoningPolicyAnnotations", "bedrock:GetAutomatedReasoningPolicyBuildWorkflow", "bedrock:GetAutomatedReasoningPolicyBuildWorkflowResultAssets", "bedrock:GetAutomatedReasoningPolicyNextScenario", "bedrock:GetAutomatedReasoningPolicyTestCase", "bedrock:GetAutomatedReasoningPolicyTestResult", "bedrock:GetBlueprint", "bedrock:GetBlueprintOptimizationStatus", "bedrock:GetBlueprintRecommendation", "bedrock:GetCustomModel", "bedrock:GetCustomModelDeployment", "bedrock:GetDataAutomationProject", "bedrock:GetDataAutomationStatus", "bedrock:GetDataSource", "bedrock:GetEvaluationJob", "bedrock:GetExecutionFlowSnapshot", "bedrock:GetFlow", "bedrock:GetFlowAlias", "bedrock:GetFlowExecution", "bedrock:GetFlowVersion", "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability", "bedrock:GetGuardrail", "bedrock:GetImportedModel", "bedrock:GetInferenceProfile", "bedrock:GetIngestionJob", "bedrock:GetKnowledgeBase", "bedrock:GetKnowledgeBaseDocuments", "bedrock:GetMarketplaceModelEndpoint", "bedrock:GetModelCopyJob", "bedrock:GetModelCustomizationJob", "bedrock:GetModelEvaluationJob", "bedrock:GetModelImportJob", "bedrock:GetModelInvocationJob", "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:GetPrompt", "bedrock:GetPromptRouter", "bedrock:GetProvisionedModelThroughput", "bedrock:GetResourcePolicy", "bedrock:GetUseCaseForModelAccess", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentCollaborators", "bedrock:ListAgentKnowledgeBases", "bedrock:ListAgents", "bedrock:ListAgentVersions", "bedrock:ListAsyncInvokes", "bedrock:ListAutomatedReasoningPolicies", "bedrock:ListAutomatedReasoningPolicyBuildWorkflows", "bedrock:ListAutomatedReasoningPolicyTestCases", "bedrock:ListAutomatedReasoningPolicyTestResults", "bedrock:ListBlueprints", "bedrock:ListCustomModelDeployments", "bedrock:ListCustomModels", "bedrock:ListDataAutomationProjects", "bedrock:ListDataSources", "bedrock:ListEnforcedGuardrailsConfiguration", "bedrock:ListEvaluationJobs", "bedrock:ListFlowAliases", "bedrock:ListFlowExecutionEvents", "bedrock:ListFlowExecutions", "bedrock:ListFlows", "bedrock:ListFlowVersions", "bedrock:ListFoundationModelAgreementOffers", "bedrock:ListFoundationModels", "bedrock:ListGuardrails", "bedrock:ListImportedModels", "bedrock:ListInferenceProfiles", "bedrock:ListIngestionJobs", "bedrock:ListKnowledgeBaseDocuments", "bedrock:ListKnowledgeBases", "bedrock:ListMarketplaceModelEndpoints", "bedrock:ListModelCopyJobs", "bedrock:ListModelCustomizationJobs", "bedrock:ListModelEvaluationJobs", "bedrock:ListModelImportJobs", "bedrock:ListModelInvocationJobs", "bedrock:ListPromptRouters", "bedrock:ListPrompts", "bedrock:ListProvisionedModelThroughputs", "bedrock:ListTagsForResource", "bedrock:RenderPrompt", "bedrock:ValidateFlowDefinition"], "read-data": ["bedrock:ApplyGuardrail", "bedrock:CountTokens", "bedrock:DetectGeneratedContent", "bedrock:GenerateQuery", "bedrock:GetAgentMemory", "bedrock:GetInvocationStep", "bedrock:GetSession", "bedrock:InvokeAgent", "bedrock:InvokeAutomatedReasoningPolicy", "bedrock:InvokeFlow", "bedrock:InvokeInlineAgent", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream", "bedrock:ListInvocations", "bedrock:ListInvocationSteps", "bedrock:ListSessions", "bedrock:OptimizePrompt", "bedrock:Retrieve", "bedrock:RetrieveAndGenerate"], "use-resource": ["bedrock:CallWithBearerToken", "bedrock:InvokeDataAutomation", "bedrock:InvokeTool"], "write-data": ["bedrock:CreateInvocation", "bedrock:CreateModelInvocationJob", "bedrock:CreateSession", "bedrock:DeleteSession", "bedrock:EndSession", "bedrock:IngestKnowledgeBaseDocuments", "bedrock:InvokeBlueprintRecommendationAsync", "bedrock:InvokeBuilder", "bedrock:InvokeDataAutomationAsync", "bedrock:PutInvocationStep", "bedrock:Rerank", "bedrock:StartIngestionJob", "bedrock:StopIngestionJob", "bedrock:StopModelCustomizationJob", "bedrock:UpdateSession"]}, "CloudTrail": {"administer-resource": ["cloudtrail:AddTags", "cloudtrail:CreateChannel", "cloudtrail:CreateDashboard", "cloudtrail:CreateEventDataStore", "cloudtrail:CreateServiceLinkedChannel", "cloudtrail:CreateTrail", "cloudtrail:DeleteChannel", "cloudtrail:DeleteDashboard", "cloudtrail:DeleteEventDataStore", "cloudtrail:DeleteResourcePolicy", "cloudtrail:DeleteServiceLinkedChannel", "cloudtrail:DeleteTrail", "cloudtrail:DeregisterOrganizationDelegatedAdmin", "cloudtrail:DisableFederation", "cloudtrail:EnableFederation", "cloudtrail:PutEventConfiguration", "cloudtrail:PutEventSelectors", "cloudtrail:PutInsightSelectors", "cloudtrail:PutResourcePolicy", "cloudtrail:RegisterOrganizationDelegatedAdmin", "cloudtrail:RemoveTags", "cloudtrail:RestoreEventDataStore", "cloudtrail:StartEventDataStoreIngestion", "cloudtrail:StartImport", "cloudtrail:StartLogging", "cloudtrail:StopEventDataStoreIngestion", "cloudtrail:StopImport", "cloudtrail:StopLogging", "cloudtrail:UpdateChannel", "cloudtrail:UpdateDashboard", "cloudtrail:UpdateEventDataStore", "cloudtrail:UpdateServiceLinkedChannel", "cloudtrail:UpdateTrail"], "delete-data": ["cloudtrail:DeleteTrail"], "read-config": ["cloudtrail:DescribeQuery", "cloudtrail:DescribeTrails", "cloudtrail:GetChannel", "cloudtrail:GetDashboard", "cloudtrail:GetEventConfiguration", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetImport", "cloudtrail:GetInsightSelectors", "cloudtrail:GetResourcePolicy", "cloudtrail:GetServiceLinkedChannel", "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:ListChannels", "cloudtrail:ListDashboards", "cloudtrail:ListEventDataStores", "cloudtrail:ListImportFailures", "cloudtrail:ListImports", "cloudtrail:ListPublicKeys", "cloudtrail:ListQueries", "cloudtrail:ListServiceLinkedChannels", "cloudtrail:ListTags", "cloudtrail:ListTrails", "cloudtrail:SearchSampleQueries"], "read-data": ["cloudtrail:GenerateQueryResultsSummary", "cloudtrail:GetEventDataStoreData", "cloudtrail:GetQueryResults", "cloudtrail:ListInsightsData", "cloudtrail:LookupEvents", "cloudtrail:StartDashboardRefresh", "cloudtrail:StartQuery"], "write-data": ["cloudtrail:CancelQuery", "cloudtrail:GenerateQuery", "cloudtrail:StartImport", "cloudtrail:StartQuery"]}, "DynamoDB": {"administer-resource": ["dynamodb:AssociateTableReplica", "dynamodb:CreateBackup", "dynamodb:CreateGlobalTable", "dynamodb:CreateGlobalTableWitness", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteGlobalTableWitness", "dynamodb:DeleteResourcePolicy", "dynamodb:DeleteTableReplica", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:ImportTable", "dynamodb:InjectError", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutResourcePolicy", "dynamodb:ReplicateSettings", "dynamodb:RestoreTableFromAwsBackup", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:UpdateAbacStatus", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateGlobalTable", "dynamodb:UpdateGlobalTableSettings", "dynamodb:UpdateGlobalTableVersion", "dynamodb:UpdateKinesisStreamingDestination", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"], "delete-data": ["dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:PartiQLDelete"], "read-config": ["dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeEndpoints", "dynamodb:DescribeExport", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeImport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:GetAbacStatus", "dynamodb:GetResourcePolicy", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListGlobalTables", "dynamodb:ListImports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource"], "read-data": ["dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:PartiQLSelect", "dynamodb:Query", "dynamodb:ReadDataForReplication", "dynamodb:Scan"], "write-data": ["dynamodb:BatchWriteItem", "dynamodb:CreateTableReplica", "dynamodb:ImportTable", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate", "dynamodb:PutItem", "dynamodb:RestoreTableFromAwsBackup", "dynamodb:StartAwsBackupJob", "dynamodb:UpdateItem", "dynamodb:WriteDataForReplication"]}, "DynamoDB Accelerator (DAX)": {"administer-resource": ["dax:CreateCluster", "dax:CreateParameterGroup", "dax:CreateSubnetGroup", "dax:DecreaseReplicationFactor", "dax:IncreaseReplicationFactor", "dax:RebootNode", "dax:TagResource", "dax:UntagResource", "dax:UpdateCluster", "dax:UpdateParameterGroup", "dax:UpdateSubnetGroup"], "delete-data": ["dax:DeleteCluster", "dax:DeleteItem", "dax:DeleteParameterGroup", "dax:DeleteSubnetGroup"], "read-config": ["dax:DescribeClusters", "dax:DescribeDefaultParameters", "dax:DescribeEvents", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags"], "read-data": ["dax:BatchGetItem", "dax:ConditionCheckItem", "dax:GetItem", "dax:Query", "dax:Scan"], "write-data": ["dax:BatchWriteItem", "dax:PutItem", "dax:UpdateItem"]}, "DynamoDB Streams": {"read-config": ["dynamodbstreams:DescribeStream", "dynamodbstreams:ListStreams"], "read-data": ["dynamodbstreams:GetRecords", "dynamodbstreams:GetShardIterator"]}, "EC2": {"administer-resource": ["ec2:AcceptAddressTransfer", "ec2:AcceptCapacityReservationBillingOwnership", "ec2:AcceptReservedInstancesExchangeQuote", "ec2:AcceptTransitGatewayMulticastDomainAssociations", "ec2:AcceptTransitGatewayPeeringAttachment", "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AcceptVpcEndpointConnections", "ec2:AcceptVpcPeeringConnection", "ec2:AdvertiseByoipCidr", "ec2:AllocateAddress", "ec2:AllocateHosts", "ec2:AllocateIpamPoolCidr", "ec2:ApplySecurityGroupsToClientVpnTargetNetwork", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssignPrivateNatGatewayAddress", "ec2:AssociateAddress", "ec2:AssociateCapacityReservationBillingOwner", "ec2:AssociateClientVpnTargetNetwork", "ec2:AssociateDhcpOptions", "ec2:AssociateEnclaveCertificateIamRole", "ec2:AssociateIamInstanceProfile", "ec2:AssociateInstanceEventWindow", "ec2:AssociateIpamByoasn", "ec2:AssociateIpamResourceDiscovery", "ec2:AssociateNatGatewayAddress", "ec2:AssociateRouteServer", "ec2:AssociateRouteTable", "ec2:AssociateSecurityGroupVpc", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateTransitGatewayMulticastDomain", "ec2:AssociateTransitGatewayPolicyTable", "ec2:AssociateTransitGatewayRouteTable", "ec2:AssociateTrunkInterface", "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:AssociateVpcCidrBlock", "ec2:AttachApplianceToNatGateway", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachResourcesToPlacementGroup", "ec2:AttachVerifiedAccessTrustProvider", "ec2:AttachVolume", "ec2:AttachVpnGateway", "ec2:AuthorizeClientVpnIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:BundleInstance", "ec2:CancelBundleTask", "ec2:CancelCapacityReservation", "ec2:CancelCapacityReservationFleets", "ec2:CancelConversionTask", "ec2:CancelDeclarativePoliciesReport", "ec2:CancelExportTask", "ec2:CancelImageLaunchPermission", "ec2:CancelImportTask", "ec2:CancelReservedInstancesListing", "ec2:CancelSpotFleetRequests", "ec2:CancelSpotInstanceRequests", "ec2:ConfirmProductInstance", "ec2:CreateCapacityManagerDataExport", "ec2:CreateCapacityReservation", "ec2:CreateCapacityReservationBySplitting", "ec2:CreateCapacityReservationFleet", "ec2:CreateCarrierGateway", "ec2:CreateClientVpnEndpoint", "ec2:CreateClientVpnRoute", "ec2:CreateCoipCidr", "ec2:CreateCoipPool", "ec2:CreateCoipPoolPermission", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDelegateMacVolumeOwnershipTask", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFleet", "ec2:CreateImageUsageReport", "ec2:CreateInstanceConnectEndpoint", "ec2:CreateInstanceEventWindow", "ec2:CreateInternetGateway", "ec2:CreateInterruptibleCapacityReservationAllocation", "ec2:CreateIpam", "ec2:CreateIpamExternalResourceVerificationToken", "ec2:CreateIpamPolicy", "ec2:CreateIpamPool", "ec2:CreateIpamPrefixListResolver", "ec2:CreateIpamPrefixListResolverTarget", "ec2:CreateIpamResourceDiscovery", "ec2:CreateIpamScope", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTable", "ec2:CreateLocalGatewayRouteTablePermission", "ec2:CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateLocalGatewayVirtualInterface", "ec2:CreateLocalGatewayVirtualInterfaceGroup", "ec2:CreateMacSystemIntegrityProtectionModificationTask", "ec2:CreateManagedPrefixList", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInsightsAccessScope", "ec2:CreateNetworkInsightsPath", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateOdbNetworkPeering", "ec2:CreatePlacementGroup", "ec2:CreatePublicIpv4Pool", "ec2:CreateReplaceRootVolumeTask", "ec2:CreateReservedInstancesListing", "ec2:CreateRestoreImageTask", "ec2:CreateRoute", "ec2:CreateRouteServer", "ec2:CreateRouteServerEndpoint", "ec2:CreateRouteServerPeer", "ec2:CreateRouteTable", "ec2:CreateSecondaryNetwork", "ec2:CreateSecondarySubnet", "ec2:CreateSecurityGroup", "ec2:CreateSpotDatafeedSubscription", "ec2:CreateStoreImageTask", "ec2:CreateSubnet", "ec2:CreateSubnetCidrReservation", "ec2:CreateTags", "ec2:CreateTrafficMirrorFilter", "ec2:CreateTrafficMirrorFilterRule", "ec2:CreateTrafficMirrorSession", "ec2:CreateTrafficMirrorTarget", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayConnect", "ec2:CreateTransitGatewayConnectPeer", "ec2:CreateTransitGatewayMeteringPolicy", "ec2:CreateTransitGatewayMeteringPolicyEntry", "ec2:CreateTransitGatewayMulticastDomain", "ec2:CreateTransitGatewayPeeringAttachment", "ec2:CreateTransitGatewayPolicyTable", "ec2:CreateTransitGatewayPrefixListReference", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayRouteTableAnnouncement", "ec2:CreateTransitGatewayVpcAttachment", "ec2:CreateVerifiedAccessEndpoint", "ec2:CreateVerifiedAccessGroup", "ec2:CreateVerifiedAccessInstance", "ec2:CreateVerifiedAccessTrustProvider", "ec2:CreateVpc", "ec2:CreateVpcBlockPublicAccessExclusion", "ec2:CreateVpcEncryptionControl", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConcentrator", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCapacityManagerDataExport", "ec2:DeleteCarrierGateway", "ec2:DeleteClientVpnEndpoint", "ec2:DeleteClientVpnRoute", "ec2:DeleteCoipCidr", "ec2:DeleteCoipPool", "ec2:DeleteCoipPoolPermission", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFleets", "ec2:DeleteImageUsageReport", "ec2:DeleteInstanceConnectEndpoint", "ec2:DeleteInstanceEventWindow", "ec2:DeleteInternetGateway", "ec2:DeleteIpam", "ec2:DeleteIpamExternalResourceVerificationToken", "ec2:DeleteIpamPolicy", "ec2:DeleteIpamPool", "ec2:DeleteIpamPrefixListResolver", "ec2:DeleteIpamPrefixListResolverTarget", "ec2:DeleteIpamResourceDiscovery", "ec2:DeleteIpamScope", "ec2:DeleteKeyPair", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTable", "ec2:DeleteLocalGatewayRouteTablePermission", "ec2:DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteLocalGatewayVirtualInterface", "ec2:DeleteLocalGatewayVirtualInterfaceGroup", "ec2:DeleteManagedPrefixList", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInsightsAccessScope", "ec2:DeleteNetworkInsightsAnalysis", "ec2:DeleteNetworkInsightsPath", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteOdbNetworkPeering", "ec2:DeletePlacementGroup", "ec2:DeletePublicIpv4Pool", "ec2:DeleteQueuedReservedInstances", "ec2:DeleteResourcePolicy", "ec2:DeleteRoute", "ec2:DeleteRouteServer", "ec2:DeleteRouteServerEndpoint", "ec2:DeleteRouteServerPeer", "ec2:DeleteRouteTable", "ec2:DeleteSecondaryNetwork", "ec2:DeleteSecondarySubnet", "ec2:DeleteSecurityGroup", "ec2:DeleteSpotDatafeedSubscription", "ec2:DeleteSubnet", "ec2:DeleteSubnetCidrReservation", "ec2:DeleteTags", "ec2:DeleteTrafficMirrorFilter", "ec2:DeleteTrafficMirrorFilterRule", "ec2:DeleteTrafficMirrorSession", "ec2:DeleteTrafficMirrorTarget", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayConnect", "ec2:DeleteTransitGatewayConnectPeer", "ec2:DeleteTransitGatewayMeteringPolicy", "ec2:DeleteTransitGatewayMeteringPolicyEntry", "ec2:DeleteTransitGatewayMulticastDomain", "ec2:DeleteTransitGatewayPeeringAttachment", "ec2:DeleteTransitGatewayPolicyTable", "ec2:DeleteTransitGatewayPrefixListReference", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayRouteTableAnnouncement", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVerifiedAccessEndpoint", "ec2:DeleteVerifiedAccessGroup", "ec2:DeleteVerifiedAccessInstance", "ec2:DeleteVerifiedAccessTrustProvider", "ec2:DeleteVpc", "ec2:DeleteVpcBlockPublicAccessExclusion", "ec2:DeleteVpcEncryptionControl", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConcentrator", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DeprovisionByoipCidr", "ec2:DeprovisionIpamByoasn", "ec2:DeprovisionIpamPoolCidr", "ec2:DeprovisionPublicIpv4PoolCidr", "ec2:DeregisterImage", "ec2:DeregisterInstanceEventNotificationAttributes", "ec2:DeregisterTransitGatewayMulticastGroupMembers", "ec2:DeregisterTransitGatewayMulticastGroupSources", "ec2:DetachApplianceFromNatGateway", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachResourcesFromPlacementGroup", "ec2:DetachVerifiedAccessTrustProvider", "ec2:DetachVolume", "ec2:DetachVpnGateway", "ec2:DisableAddressTransfer", "ec2:DisableAllowedImagesSettings", "ec2:DisableAwsNetworkPerformanceMetricSubscription", "ec2:DisableCapacityManager", "ec2:DisableEbsEncryptionByDefault", "ec2:DisableFastLaunch", "ec2:DisableFastSnapshotRestores", "ec2:DisableImage", "ec2:DisableImageBlockPublicAccess", "ec2:DisableImageDeprecation", "ec2:DisableImageDeregistrationProtection", "ec2:DisableInstanceSqlHaStandbyDetections", "ec2:DisableIpamOrganizationAdminAccount", "ec2:DisableIpamPolicy", "ec2:DisableRouteServerPropagation", "ec2:DisableSerialConsoleAccess", "ec2:DisableSnapshotBlockPublicAccess", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLink", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateCapacityReservationBillingOwner", "ec2:DisassociateClientVpnTargetNetwork", "ec2:DisassociateEnclaveCertificateIamRole", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateInstanceEventWindow", "ec2:DisassociateIpamByoasn", "ec2:DisassociateIpamResourceDiscovery", "ec2:DisassociateNatGatewayAddress", "ec2:DisassociateRouteServer", "ec2:DisassociateRouteTable", "ec2:DisassociateSecurityGroupVpc", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateTransitGatewayMulticastDomain", "ec2:DisassociateTransitGatewayPolicyTable", "ec2:DisassociateTransitGatewayRouteTable", "ec2:DisassociateTrunkInterface", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVpcCidrBlock", "ec2:EnableAddressTransfer", "ec2:EnableAllowedImagesSettings", "ec2:EnableAwsNetworkPerformanceMetricSubscription", "ec2:EnableCapacityManager", "ec2:EnableEbsEncryptionByDefault", "ec2:EnableFastLaunch", "ec2:EnableFastSnapshotRestores", "ec2:EnableImage", "ec2:EnableImageBlockPublicAccess", "ec2:EnableImageDeprecation", "ec2:EnableImageDeregistrationProtection", "ec2:EnableInstanceSqlHaStandbyDetections", "ec2:EnableIpamOrganizationAdminAccount", "ec2:EnableIpamPolicy", "ec2:EnableReachabilityAnalyzerOrganizationSharing", "ec2:EnableRouteServerPropagation", "ec2:EnableSerialConsoleAccess", "ec2:EnableSnapshotBlockPublicAccess", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:EnableVgwRoutePropagation", "ec2:EnableVolumeIO", "ec2:EnableVpcClassicLink", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetPasswordData", "ec2:ImportByoipCidrToIpam", "ec2:ImportClientVpnClientCertificateRevocationList", "ec2:ImportKeyPair", "ec2:InjectApiError", "ec2:InjectVolumeIOLatency", "ec2:LockSnapshot", "ec2:ModifyAddressAttribute", "ec2:ModifyAvailabilityZoneGroup", "ec2:ModifyCapacityReservation", "ec2:ModifyCapacityReservationFleet", "ec2:ModifyClientVpnEndpoint", "ec2:ModifyDefaultCreditSpecification", "ec2:ModifyEbsDefaultKmsKeyId", "ec2:ModifyFleet", "ec2:ModifyFpgaImageAttribute", "ec2:ModifyHosts", "ec2:ModifyIdentityIdFormat", "ec2:ModifyIdFormat", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifyInstanceCapacityReservationAttributes", "ec2:ModifyInstanceConnectEndpoint", "ec2:ModifyInstanceCpuOptions", "ec2:ModifyInstanceCreditSpecification", "ec2:ModifyInstanceEventStartTime", "ec2:ModifyInstanceEventWindow", "ec2:ModifyInstanceMaintenanceOptions", "ec2:ModifyInstanceMetadataDefaults", "ec2:ModifyInstanceMetadataOptions", "ec2:ModifyInstanceNetworkPerformanceOptions", "ec2:ModifyInstancePlacement", "ec2:ModifyIpam", "ec2:ModifyIpamPolicyAllocationRules", "ec2:ModifyIpamPool", "ec2:ModifyIpamPrefixListResolver", "ec2:ModifyIpamPrefixListResolverTarget", "ec2:ModifyIpamResourceCidr", "ec2:ModifyIpamResourceDiscovery", "ec2:ModifyIpamScope", "ec2:ModifyLaunchTemplate", "ec2:ModifyLocalGatewayRoute", "ec2:ModifyManagedPrefixList", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyOdbNetworkPeering", "ec2:ModifyPrivateDnsNameOptions", "ec2:ModifyPublicIpDnsNameOptions", "ec2:ModifyReservedInstances", "ec2:ModifyRouteServer", "ec2:ModifySecurityGroupRules", "ec2:ModifySnapshotAttribute", "ec2:ModifySnapshotTier", "ec2:ModifySpotFleetRequest", "ec2:ModifySubnetAttribute", "ec2:ModifyTrafficMirrorFilterNetworkServices", "ec2:ModifyTrafficMirrorFilterRule", "ec2:ModifyTrafficMirrorSession", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayMeteringPolicy", "ec2:ModifyTransitGatewayPrefixListReference", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:ModifyVerifiedAccessEndpoint", "ec2:ModifyVerifiedAccessEndpointPolicy", "ec2:ModifyVerifiedAccessGroup", "ec2:ModifyVerifiedAccessGroupPolicy", "ec2:ModifyVerifiedAccessInstance", "ec2:ModifyVerifiedAccessInstanceLoggingConfiguration", "ec2:ModifyVerifiedAccessTrustProvider", "ec2:ModifyVolume", "ec2:ModifyVolumeAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcBlockPublicAccessExclusion", "ec2:ModifyVpcBlockPublicAccessOptions", "ec2:ModifyVpcEncryptionControl", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePayerResponsibility", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:ModifyVpnConnection", "ec2:ModifyVpnConnectionOptions", "ec2:ModifyVpnTunnelCertificate", "ec2:ModifyVpnTunnelOptions", "ec2:MonitorInstances", "ec2:MoveAddressToVpc", "ec2:MoveByoipCidrToIpam", "ec2:MoveCapacityReservationInstances", "ec2:PauseVolumeIO", "ec2:ProvisionByoipCidr", "ec2:ProvisionIpamByoasn", "ec2:ProvisionIpamPoolCidr", "ec2:ProvisionPublicIpv4PoolCidr", "ec2:PurchaseCapacityBlock", "ec2:PurchaseCapacityBlockExtension", "ec2:PurchaseHostReservation", "ec2:PurchaseReservedInstancesOffering", "ec2:PurchaseScheduledInstances", "ec2:PutResourcePolicy", "ec2:RegisterImage", "ec2:RegisterInstanceEventNotificationAttributes", "ec2:RegisterTransitGatewayMulticastGroupMembers", "ec2:RegisterTransitGatewayMulticastGroupSources", "ec2:RejectCapacityReservationBillingOwnership", "ec2:RejectTransitGatewayMulticastDomainAssociations", "ec2:RejectTransitGatewayPeeringAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReleaseHosts", "ec2:ReleaseIpamPoolAllocation", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:ReplaceImageCriteriaInAllowedImagesSettings", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ReplaceTransitGatewayRoute", "ec2:ReplaceVpnTunnel", "ec2:ReportInstanceStatus", "ec2:RequestSpotFleet", "ec2:RequestSpotInstances", "ec2:ResetAddressAttribute", "ec2:ResetEbsDefaultKmsKeyId", "ec2:ResetFpgaImageAttribute", "ec2:ResetImageAttribute", "ec2:ResetInstanceAttribute", "ec2:ResetNetworkInterfaceAttribute", "ec2:ResetSnapshotAttribute", "ec2:RestoreAddressToClassic", "ec2:RestoreImageFromRecycleBin", "ec2:RestoreManagedPrefixListVersion", "ec2:RestoreSnapshotFromRecycleBin", "ec2:RestoreSnapshotTier", "ec2:RestoreVolumeFromRecycleBin", "ec2:RevokeClientVpnIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:SendDiagnosticInterrupt", "ec2:SendSpotInstanceInterruptions", "ec2:StartVpcEndpointServicePrivateDnsVerification", "ec2:TerminateClientVpnConnections", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UnassignPrivateNatGatewayAddress", "ec2:UnlockSnapshot", "ec2:UnmonitorInstances", "ec2:UpdateCapacityManagerOrganizationsAccess", "ec2:UpdateInterruptibleCapacityReservationAllocation", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:WithdrawByoipCidr"], "delete-data": ["ec2:DeleteFlowLogs", "ec2:DeleteFpgaImage", "ec2:DeleteKeyPair", "ec2:DeleteNetworkInsightsAccessScopeAnalysis", "ec2:DeleteSnapshot", "ec2:DeleteVolume"], "read-config": ["ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAddressesAttribute", "ec2:DescribeAddressTransfers", "ec2:DescribeAggregateIdFormat", "ec2:DescribeAvailabilityZones", "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions", "ec2:DescribeBundleTasks", "ec2:DescribeByoipCidrs", "ec2:DescribeCapacityBlockExtensionHistory", "ec2:DescribeCapacityBlockExtensionOfferings", "ec2:DescribeCapacityBlockOfferings", "ec2:DescribeCapacityBlocks", "ec2:DescribeCapacityBlockStatus", "ec2:DescribeCapacityManagerDataExports", "ec2:DescribeCapacityReservationBillingRequests", "ec2:DescribeCapacityReservationFleets", "ec2:DescribeCapacityReservations", "ec2:DescribeCapacityReservationTopology", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnConnections", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeClientVpnRoutes", "ec2:DescribeClientVpnTargetNetworks", "ec2:DescribeCoipPools", "ec2:DescribeConversionTasks", "ec2:DescribeCustomerGateways", "ec2:DescribeDeclarativePoliciesReports", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeElasticGpus", "ec2:DescribeExportImageTasks", "ec2:DescribeExportTasks", "ec2:DescribeFastLaunchImages", "ec2:DescribeFastSnapshotRestores", "ec2:DescribeFleetHistory", "ec2:DescribeFleetInstances", "ec2:DescribeFleets", "ec2:DescribeFlowLogs", "ec2:DescribeFpgaImageAttribute", "ec2:DescribeFpgaImages", "ec2:DescribeHostReservationOfferings", "ec2:DescribeHostReservations", "ec2:DescribeHosts", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeIdentityIdFormat", "ec2:DescribeIdFormat", "ec2:DescribeImageAttribute", "ec2:DescribeImageReferences", "ec2:DescribeImages", "ec2:DescribeImageUsageReportEntries", "ec2:DescribeImageUsageReports", "ec2:DescribeImportImageTasks", "ec2:DescribeImportSnapshotTasks", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceConnectEndpoints", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeInstanceEventNotificationAttributes", "ec2:DescribeInstanceEventWindows", "ec2:DescribeInstanceImageMetadata", "ec2:DescribeInstances", "ec2:DescribeInstanceSqlHaHistoryStates", "ec2:DescribeInstanceSqlHaStates", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTopology", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeInternetGateways", "ec2:DescribeIpamByoasn", "ec2:DescribeIpamExternalResourceVerificationTokens", "ec2:DescribeIpamPolicies", "ec2:DescribeIpamPools", "ec2:DescribeIpamPrefixListResolvers", "ec2:DescribeIpamPrefixListResolverTargets", "ec2:DescribeIpamResourceDiscoveries", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DescribeIpams", "ec2:DescribeIpamScopes", "ec2:DescribeIpv6Pools", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeLocalGatewayVirtualInterfaceGroups", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeLockedSnapshots", "ec2:DescribeMacHosts", "ec2:DescribeMacModificationTasks", "ec2:DescribeManagedPrefixLists", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInsightsAccessScopeAnalyses", "ec2:DescribeNetworkInsightsAccessScopes", "ec2:DescribeNetworkInsightsAnalyses", "ec2:DescribeNetworkInsightsPaths", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeOutpostLags", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribePrincipalIdFormat", "ec2:DescribePublicIpv4Pools", "ec2:DescribeRegions", "ec2:DescribeReplaceRootVolumeTasks", "ec2:DescribeReservedInstances", "ec2:DescribeReservedInstancesListings", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeRouteServerEndpoints", "ec2:DescribeRouteServerPeers", "ec2:DescribeRouteServers", "ec2:DescribeRouteTables", "ec2:DescribeScheduledInstanceAvailability", "ec2:DescribeScheduledInstances", "ec2:DescribeSecondaryInterfaces", "ec2:DescribeSecondaryNetworks", "ec2:DescribeSecondarySubnets", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroupVpcAssociations", "ec2:DescribeServiceLinkVirtualInterfaces", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshots", "ec2:DescribeSnapshotTierStatus", "ec2:DescribeSpotDatafeedSubscription", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeStoreImageTasks", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorFilterRules", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnectPeers", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayMeteringPolicies", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayPolicyTables", "ec2:DescribeTransitGatewayRouteTableAnnouncements", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTrunkInterfaceAssociations", "ec2:DescribeVerifiedAccessEndpoints", "ec2:DescribeVerifiedAccessGroups", "ec2:DescribeVerifiedAccessInstanceLoggingConfigurations", "ec2:DescribeVerifiedAccessInstances", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:DescribeVerifiedAccessTrustProviders", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcBlockPublicAccessExclusions", "ec2:DescribeVpcBlockPublicAccessOptions", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEncryptionControls", "ec2:DescribeVpcEndpointAssociations", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConcentrators", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:ExportClientVpnClientCertificateRevocationList", "ec2:ExportClientVpnClientConfiguration", "ec2:ExportVerifiedAccessInstanceClientConfiguration", "ec2:GetActiveVpnTunnelStatus", "ec2:GetAllowedImagesSettings", "ec2:GetAssociatedEnclaveCertificateIamRoles", "ec2:GetAssociatedIpv6PoolCidrs", "ec2:GetAwsNetworkPerformanceData", "ec2:GetCapacityManagerAttributes", "ec2:GetCapacityManagerMetricData", "ec2:GetCapacityManagerMetricDimensions", "ec2:GetCapacityReservationUsage", "ec2:GetCoipPoolUsage", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot", "ec2:GetDeclarativePoliciesReportSummary", "ec2:GetDefaultCreditSpecification", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ec2:GetEnabledIpamPolicy", "ec2:GetFlowLogsIntegrationTemplate", "ec2:GetGroupsForCapacityReservation", "ec2:GetHostReservationPurchasePreview", "ec2:GetImageAncestry", "ec2:GetImageBlockPublicAccessState", "ec2:GetInstanceMetadataDefaults", "ec2:GetInstanceTpmEkPub", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetInstanceUefiData", "ec2:GetIpamAddressHistory", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses", "ec2:GetIpamDiscoveredResourceCidrs", "ec2:GetIpamPolicyAllocationRules", "ec2:GetIpamPolicyOrganizationTargets", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetIpamPrefixListResolverRules", "ec2:GetIpamPrefixListResolverVersionEntries", "ec2:GetIpamPrefixListResolverVersions", "ec2:GetIpamResourceCidrs", "ec2:GetLaunchTemplateData", "ec2:GetManagedPrefixListAssociations", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetPasswordData", "ec2:GetReservedInstancesExchangeQuote", "ec2:GetResourcePolicy", "ec2:GetRouteServerAssociations", "ec2:GetRouteServerPropagations", "ec2:GetRouteServerRoutingDatabase", "ec2:GetSecurityGroupsForVpc", "ec2:GetSerialConsoleAccessStatus", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetSpotPlacementScores", "ec2:GetSubnetCidrReservations", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayMeteringPolicyEntries", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayPolicyTableAssociations", "ec2:GetTransitGatewayPolicyTableEntries", "ec2:GetTransitGatewayPrefixListReferences", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:GetVerifiedAccessEndpointPolicy", "ec2:GetVerifiedAccessEndpointTargets", "ec2:GetVerifiedAccessGroupPolicy", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:GetVpcResourcesBlockingEncryptionEnforcement", "ec2:GetVpnConnectionDeviceSampleConfiguration", "ec2:GetVpnConnectionDeviceTypes", "ec2:GetVpnTunnelReplacementStatus", "ec2:ListImagesInRecycleBin", "ec2:ListSnapshotsInRecycleBin", "ec2:ListVolumesInRecycleBin", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayMulticastGroups", "ec2:SearchTransitGatewayRoutes", "ec2:StartDeclarativePoliciesReport"], "use-resource": ["ec2:RebootInstances", "ec2:RunInstances", "ec2:RunScheduledInstances", "ec2:StartInstances", "ec2:StartNetworkInsightsAccessScopeAnalysis", "ec2:StartNetworkInsightsAnalysis", "ec2:StopInstances", "ec2:TerminateInstances"], "write-data": ["ec2:CopyFpgaImage", "ec2:CopyImage", "ec2:CopySnapshot", "ec2:CopyVolumes", "ec2:CreateFlowLogs", "ec2:CreateFpgaImage", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateRestoreImageTask", "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:CreateStoreImageTask", "ec2:CreateVolume", "ec2:ExportImage", "ec2:ExportTransitGatewayRoutes", "ec2:ImportImage", "ec2:ImportInstance", "ec2:ImportSnapshot", "ec2:ImportVolume"]}, "ECR": {"administer-resource": ["ecr:CreatePullThroughCacheRule", "ecr:CreateRepository", "ecr:CreateRepositoryCreationTemplate", "ecr:DeleteLifecyclePolicy", "ecr:DeletePullThroughCacheRule", "ecr:DeleteRegistryPolicy", "ecr:DeleteRepository", "ecr:DeleteRepositoryCreationTemplate", "ecr:DeleteRepositoryPolicy", "ecr:DeleteSigningConfiguration", "ecr:DeregisterPullTimeUpdateExclusion", "ecr:PutAccountSetting", "ecr:PutImageScanningConfiguration", "ecr:PutImageTagMutability", "ecr:PutLifecyclePolicy", "ecr:PutRegistryPolicy", "ecr:PutRegistryScanningConfiguration", "ecr:PutReplicationConfiguration", "ecr:PutSigningConfiguration", "ecr:RegisterPullTimeUpdateExclusion", "ecr:ReplicateImage", "ecr:SetRepositoryPolicy", "ecr:StartImageScan", "ecr:TagResource", "ecr:UntagResource", "ecr:UpdateImageStorageClass", "ecr:UpdatePullThroughCacheRule", "ecr:UpdateRepositoryCreationTemplate"], "delete-data": ["ecr:BatchDeleteImage"], "read-config": ["ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribeImageReplicationStatus", "ecr:DescribeImages", "ecr:DescribeImageScanFindings", "ecr:DescribeImageSigningStatus", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:DescribeRepositoryCreationTemplate", "ecr:DescribeRepositoryCreationTemplates", "ecr:GetAccountSetting", "ecr:GetImageCopyStatus", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:GetRegistryPolicy", "ecr:GetRegistryScanningConfiguration", "ecr:GetRepositoryPolicy", "ecr:GetSigningConfiguration", "ecr:ListImages", "ecr:ListPullTimeUpdateExclusions", "ecr:ListTagsForResource", "ecr:StartLifecyclePolicyPreview", "ecr:ValidatePullThroughCacheRule"], "read-data": ["ecr:GetDownloadUrlForLayer"], "use-resource": ["ecr:GetAuthorizationToken"], "write-data": ["ecr:BatchImportUpstreamImage", "ecr:CompleteLayerUpload", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart"]}, "ECS": {"administer-resource": ["ecs:CreateCapacityProvider", "ecs:CreateCluster", "ecs:CreateExpressGatewayService", "ecs:CreateService", "ecs:CreateTaskSet", "ecs:DeleteAccountSetting", "ecs:DeleteAttributes", "ecs:DeleteCapacityProvider", "ecs:DeleteCluster", "ecs:DeleteExpressGatewayService", "ecs:DeleteService", "ecs:DeleteTaskDefinitions", "ecs:DeleteTaskSet", "ecs:DeregisterContainerInstance", "ecs:DeregisterTaskDefinition", "ecs:ExecuteCommand", "ecs:Poll", "ecs:PutAccountSetting", "ecs:PutAccountSettingDefault", "ecs:PutAttributes", "ecs:PutClusterCapacityProviders", "ecs:PutSystemLogEvents", "ecs:RegisterContainerInstance", "ecs:RegisterTaskDefinition", "ecs:StopServiceDeployment", "ecs:TagResource", "ecs:UntagResource", "ecs:UpdateCapacityProvider", "ecs:UpdateCluster", "ecs:UpdateClusterSettings", "ecs:UpdateContainerAgent", "ecs:UpdateContainerInstancesState", "ecs:UpdateExpressGatewayService", "ecs:UpdateService", "ecs:UpdateServicePrimaryTaskSet", "ecs:UpdateTaskProtection", "ecs:UpdateTaskSet"], "read-config": ["ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeExpressGatewayService", "ecs:DescribeServiceDeployments", "ecs:DescribeServiceRevisions", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:DescribeTaskSets", "ecs:DiscoverPollEndpoint", "ecs:GetTaskProtection", "ecs:ListAccountSettings", "ecs:ListAttributes", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServiceDeployments", "ecs:ListServices", "ecs:ListServicesByNamespace", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "ecs:ListTasks"], "use-resource": ["ecs:RunTask", "ecs:StartTask", "ecs:StartTelemetrySession", "ecs:StopTask"], "write-data": ["ecs:SubmitAttachmentStateChanges", "ecs:SubmitContainerStateChange", "ecs:SubmitTaskStateChange"]}, "EFS": {"administer-resource": ["elasticfilesystem:ClientRootAccess", "elasticfilesystem:CreateAccessPoint", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:CreateReplicationConfiguration", "elasticfilesystem:CreateTags", "elasticfilesystem:DeleteAccessPoint", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteFileSystemPolicy", "elasticfilesystem:DeleteMountTarget", "elasticfilesystem:DeleteReplicationConfiguration", "elasticfilesystem:DeleteTags", "elasticfilesystem:ModifyMountTargetSecurityGroups", "elasticfilesystem:PutAccountPreferences", "elasticfilesystem:PutBackupPolicy", "elasticfilesystem:PutFileSystemPolicy", "elasticfilesystem:PutLifecycleConfiguration", "elasticfilesystem:Restore", "elasticfilesystem:TagResource", "elasticfilesystem:UntagResource", "elasticfilesystem:UpdateFileSystem", "elasticfilesystem:UpdateFileSystemProtection"], "delete-data": ["elasticfilesystem:ClientRootAccess", "elasticfilesystem:DeleteFileSystem"], "read-config": ["elasticfilesystem:ClientRootAccess", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:DescribeTags", "elasticfilesystem:ListTagsForResource"], "read-data": ["elasticfilesystem:ClientMount", "elasticfilesystem:ReplicationRead"], "write-data": ["elasticfilesystem:Backup", "elasticfilesystem:ClientRootAccess", "elasticfilesystem:ClientWrite", "elasticfilesystem:ReplicationWrite"]}, "EKS": {"administer-resource": ["eks:AssociateAccessPolicy", "eks:AssociateEncryptionConfig", "eks:AssociateIdentityProviderConfig", "eks:CreateAccessEntry", "eks:CreateAddon", "eks:CreateCapability", "eks:CreateCluster", "eks:CreateEksAnywhereSubscription", "eks:CreateFargateProfile", "eks:CreateNodegroup", "eks:CreatePodIdentityAssociation", "eks:DeleteAccessEntry", "eks:DeleteAddon", "eks:DeleteCapability", "eks:DeleteCluster", "eks:DeleteEksAnywhereSubscription", "eks:DeleteFargateProfile", "eks:DeleteNodegroup", "eks:DeletePodIdentityAssociation", "eks:DeregisterCluster", "eks:DisassociateAccessPolicy", "eks:DisassociateIdentityProviderConfig", "eks:MutateViaKubernetesApi", "eks:RegisterCluster", "eks:StartInsightsRefresh", "eks:TagResource", "eks:UntagResource", "eks:UpdateAccessEntry", "eks:UpdateAddon", "eks:UpdateCapability", "eks:UpdateClusterConfig", "eks:UpdateClusterVersion", "eks:UpdateEksAnywhereSubscription", "eks:UpdateNodegroupConfig", "eks:UpdateNodegroupVersion", "eks:UpdatePodIdentityAssociation"], "read-config": ["eks:AccessKubernetesApi", "eks:DescribeAccessEntry", "eks:DescribeAddon", "eks:DescribeAddonConfiguration", "eks:DescribeAddonVersions", "eks:DescribeCapability", "eks:DescribeCluster", "eks:DescribeClusterVersions", "eks:DescribeEksAnywhereSubscription", "eks:DescribeFargateProfile", "eks:DescribeIdentityProviderConfig", "eks:DescribeInsight", "eks:DescribeInsightsRefresh", "eks:DescribeNodegroup", "eks:DescribePodIdentityAssociation", "eks:DescribeUpdate", "eks:ListAccessEntries", "eks:ListAccessPolicies", "eks:ListAddons", "eks:ListAssociatedAccessPolicies", "eks:ListCapabilities", "eks:ListClusters", "eks:ListDashboardData", "eks:ListDashboardResources", "eks:ListEksAnywhereSubscriptions", "eks:ListFargateProfiles", "eks:ListIdentityProviderConfigs", "eks:ListInsights", "eks:ListNodegroups", "eks:ListPodIdentityAssociations", "eks:ListTagsForResource", "eks:ListUpdates"]}, "EMR": {"administer-resource": ["elasticmapreduce:AddInstanceFleet", "elasticmapreduce:AddInstanceGroups", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:AddTags", "elasticmapreduce:AttachEditor", "elasticmapreduce:CancelSteps", "elasticmapreduce:CreateEditor", "elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:CreateRepository", "elasticmapreduce:CreateSecurityConfiguration", "elasticmapreduce:CreateStudio", "elasticmapreduce:CreateStudioPresignedUrl", "elasticmapreduce:CreateStudioSessionMapping", "elasticmapreduce:DeleteEditor", "elasticmapreduce:DeleteRepository", "elasticmapreduce:DeleteSecurityConfiguration", "elasticmapreduce:DeleteStudio", "elasticmapreduce:DeleteStudioSessionMapping", "elasticmapreduce:DeleteWorkspaceAccess", "elasticmapreduce:DetachEditor", "elasticmapreduce:LinkRepository", "elasticmapreduce:ModifyCluster", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:ModifyInstanceGroups", "elasticmapreduce:PutAutoScalingPolicy", "elasticmapreduce:PutAutoTerminationPolicy", "elasticmapreduce:PutBlockPublicAccessConfiguration", "elasticmapreduce:PutManagedScalingPolicy", "elasticmapreduce:PutWorkspaceAccess", "elasticmapreduce:RemoveAutoScalingPolicy", "elasticmapreduce:RemoveAutoTerminationPolicy", "elasticmapreduce:RemoveManagedScalingPolicy", "elasticmapreduce:RemoveTags", "elasticmapreduce:RunJobFlow", "elasticmapreduce:SetKeepJobFlowAliveWhenNoSteps", "elasticmapreduce:SetTerminationProtection", "elasticmapreduce:SetUnhealthyNodeReplacement", "elasticmapreduce:SetVisibleToAllUsers", "elasticmapreduce:StartEditor", "elasticmapreduce:StopEditor", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:UnlinkRepository", "elasticmapreduce:UpdateEditor", "elasticmapreduce:UpdateRepository", "elasticmapreduce:UpdateStudio", "elasticmapreduce:UpdateStudioSessionMapping"], "delete-data": ["elasticmapreduce:DeleteEditor"], "read-config": ["elasticmapreduce:AccessAllEventLogs", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeNotebookExecution", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:DescribeReleaseLabel", "elasticmapreduce:DescribeRepository", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetAutoTerminationPolicy", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetOnClusterAppUIPresignedURL", "elasticmapreduce:GetPersistentAppUIPresignedURL", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListNotebookExecutions", "elasticmapreduce:ListReleaseLabels", "elasticmapreduce:ListRepositories", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ListWorkspaceAccessIdentities", "elasticmapreduce:ViewEventsFromAllClustersInConsole"], "use-resource": ["elasticmapreduce:GetClusterSessionCredentials", "elasticmapreduce:StartNotebookExecution", "elasticmapreduce:StopNotebookExecution"], "write-data": ["elasticmapreduce:OpenEditorInConsole"]}, "EventBridge": {"administer-resource": ["events:ActivateEventSource", "events:AllowVendedLogDeliveryForResource", "events:CancelReplay", "events:CreateApiDestination", "events:CreateArchive", "events:CreateConnection", "events:CreateEndpoint", "events:CreateEventBus", "events:CreatePartnerEventSource", "events:DeactivateEventSource", "events:DeauthorizeConnection", "events:DeleteApiDestination", "events:DeleteArchive", "events:DeleteConnection", "events:DeleteEndpoint", "events:DeleteEventBus", "events:DeletePartnerEventSource", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutPermission", "events:PutRule", "events:PutTargets", "events:RemovePermission", "events:RemoveTargets", "events:TagResource", "events:UntagResource", "events:UpdateApiDestination", "events:UpdateArchive", "events:UpdateConnection", "events:UpdateEndpoint", "events:UpdateEventBus"], "delete-data": ["events:DeleteArchive"], "read-config": ["events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeConnection", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeEventSource", "events:DescribePartnerEventSource", "events:DescribeReplay", "events:DescribeRule", "events:ListApiDestinations", "events:ListArchives", "events:ListConnections", "events:ListEndpoints", "events:ListEventBuses", "events:ListEventSources", "events:ListPartnerEventSourceAccounts", "events:ListPartnerEventSources", "events:ListReplays", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "events:TestEventPattern"], "read-data": ["events:RetrieveConnectionCredentials"], "use-resource": ["events:InvokeApiDestination"], "write-data": ["events:CreateArchive", "events:PutEvents", "events:PutPartnerEvents", "events:StartReplay"]}, "IAM": {"administer-resource": ["iam:AcceptDelegationRequest", "iam:AddRoleToInstanceProfile", "iam:AddUserToGroup", "iam:AssociateDelegationRequest", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateAccountAlias", "iam:CreateDelegationRequest", "iam:CreateGroup", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreateOpenIDConnectProvider", "iam:CreatePolicy", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateSAMLProvider", "iam:CreateServiceLinkedRole", "iam:CreateServiceSpecificCredential", "iam:CreateUser", "iam:CreateVirtualMFADevice", "iam:DeactivateMFADevice", "iam:DeleteAccessKey", "iam:DeleteAccountAlias", "iam:DeleteAccountPasswordPolicy", "iam:DeleteCloudFrontPublicKey", "iam:DeleteGroup", "iam:DeleteGroupPolicy", "iam:DeleteInstanceProfile", "iam:DeleteLoginProfile", "iam:DeleteOpenIDConnectProvider", "iam:DeletePolicy", "iam:DeletePolicyVersion", "iam:DeleteRole", "iam:DeleteRolePermissionsBoundary", "iam:DeleteRolePolicy", "iam:DeleteSAMLProvider", "iam:DeleteServerCertificate", "iam:DeleteServiceLinkedRole", "iam:DeleteServiceSpecificCredential", "iam:DeleteSigningCertificate", "iam:DeleteSSHPublicKey", "iam:DeleteUser", "iam:DeleteUserPermissionsBoundary", "iam:DeleteUserPolicy", "iam:DeleteVirtualMFADevice", "iam:DetachGroupPolicy", "iam:DetachRolePolicy", "iam:DetachUserPolicy", "iam:DisableOrganizationsRootCredentialsManagement", "iam:DisableOrganizationsRootSessions", "iam:DisableOutboundWebIdentityFederation", "iam:EnableMFADevice", "iam:EnableOrganizationsRootCredentialsManagement", "iam:EnableOrganizationsRootSessions", "iam:EnableOutboundWebIdentityFederation", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePermissionsBoundary", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:RejectDelegationRequest", "iam:RemoveClientIDFromOpenIDConnectProvider", "iam:RemoveRoleFromInstanceProfile", "iam:RemoveUserFromGroup", "iam:ResetServiceSpecificCredential", "iam:ResyncMFADevice", "iam:SendDelegationToken", "iam:SetDefaultPolicyVersion", "iam:SetSecurityTokenServicePreferences", "iam:TagInstanceProfile", "iam:TagMFADevice", "iam:TagOpenIDConnectProvider", "iam:TagPolicy", "iam:TagSAMLProvider", "iam:TagServerCertificate", "iam:UntagInstanceProfile", "iam:UntagMFADevice", "iam:UntagOpenIDConnectProvider", "iam:UntagPolicy", "iam:UntagSAMLProvider", "iam:UntagServerCertificate", "iam:UpdateAccessKey", "iam:UpdateAccountEmailAddress", "iam:UpdateAccountName", "iam:UpdateAccountPasswordPolicy", "iam:UpdateAssumeRolePolicy", "iam:UpdateCloudFrontPublicKey", "iam:UpdateGroup", "iam:UpdateLoginProfile", "iam:UpdateOpenIDConnectProviderThumbprint", "iam:UpdateRole", "iam:UpdateRoleDescription", "iam:UpdateSAMLProvider", "iam:UpdateServerCertificate", "iam:UpdateServiceSpecificCredential", "iam:UpdateSigningCertificate", "iam:UpdateSSHPublicKey", "iam:UpdateUser", "iam:UploadCloudFrontPublicKey", "iam:UploadServerCertificate", "iam:UploadSigningCertificate", "iam:UploadSSHPublicKey"], "read-config": ["iam:GetAccountAuthorizationDetails", "iam:GetAccountEmailAddress", "iam:GetAccountName", "iam:GetAccountPasswordPolicy", "iam:GetCloudFrontPublicKey", "iam:GetContextKeysForCustomPolicy", "iam:GetContextKeysForPrincipalPolicy", "iam:GetDelegationRequest", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetHumanReadableSummary", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetMFADevice", "iam:GetOpenIDConnectProvider", "iam:GetOutboundWebIdentityFederationInfo", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetSSHPublicKey", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAccountAliases", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListCloudFrontPublicKeys", "iam:ListDelegationRequests", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", "iam:ListInstanceProfileTags", "iam:ListMFADevices", "iam:ListMFADeviceTags", "iam:ListOpenIDConnectProviders", "iam:ListOpenIDConnectProviderTags", "iam:ListOrganizationsFeatures", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:ListPolicyTags", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListRoleTags", "iam:ListSAMLProviders", "iam:ListSAMLProviderTags", "iam:ListServerCertificates", "iam:ListServerCertificateTags", "iam:ListServiceSpecificCredentials", "iam:ListSigningCertificates", "iam:ListSSHPublicKeys", "iam:ListSTSRegionalEndpointsStatus", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListUserTags", "iam:ListVirtualMFADevices", "iam:SetSTSRegionalEndpointStatus"], "read-data": ["iam:GenerateCredentialReport", "iam:GenerateOrganizationsAccessReport", "iam:GenerateServiceLastAccessedDetails", "iam:GetAccessKeyLastUsed", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetOrganizationsAccessReport", "iam:GetServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetailsWithEntities", "iam:GetServiceLinkedRoleDeletionStatus", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy"], "write-data": ["iam:AddClientIDToOpenIDConnectProvider", "iam:TagRole", "iam:TagUser", "iam:UntagRole", "iam:UntagUser"]}, "Kinesis": {"administer-resource": ["kinesis:AddTagsToStream", "kinesis:CreateStream", "kinesis:DecreaseStreamRetentionPeriod", "kinesis:DeleteResourcePolicy", "kinesis:DeleteStream", "kinesis:DeregisterStreamConsumer", "kinesis:DisableEnhancedMonitoring", "kinesis:EnableEnhancedMonitoring", "kinesis:IncreaseStreamRetentionPeriod", "kinesis:InjectApiError", "kinesis:ListTagsForResource", "kinesis:MergeShards", "kinesis:PutResourcePolicy", "kinesis:RegisterStreamConsumer", "kinesis:RemoveTagsFromStream", "kinesis:SplitShard", "kinesis:StartStreamEncryption", "kinesis:StopStreamEncryption", "kinesis:SubscribeToShard", "kinesis:TagResource", "kinesis:UntagResource", "kinesis:UpdateAccountSettings", "kinesis:UpdateMaxRecordSize", "kinesis:UpdateShardCount", "kinesis:UpdateStreamMode", "kinesis:UpdateStreamWarmThroughput"], "delete-data": ["kinesis:DeleteStream"], "read-config": ["kinesis:DescribeAccountSettings", "kinesis:DescribeLimits", "kinesis:DescribeStream", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:GetResourcePolicy", "kinesis:GetShardIterator", "kinesis:ListShards", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream"], "read-data": ["kinesis:GetRecords"], "write-data": ["kinesis:PutRecord", "kinesis:PutRecords"]}, "Kinesis Analytics": {"administer-resource": ["kinesisanalytics:AddApplicationCloudWatchLoggingOption", "kinesisanalytics:AddApplicationInputProcessingConfiguration", "kinesisanalytics:AddApplicationVpcConfiguration", "kinesisanalytics:CreateApplication", "kinesisanalytics:CreateApplicationPresignedUrl", "kinesisanalytics:CreateApplicationSnapshot", "kinesisanalytics:DeleteApplication", "kinesisanalytics:DeleteApplicationCloudWatchLoggingOption", "kinesisanalytics:DeleteApplicationInputProcessingConfiguration", "kinesisanalytics:DeleteApplicationOutput", "kinesisanalytics:DeleteApplicationReferenceDataSource", "kinesisanalytics:DeleteApplicationSnapshot", "kinesisanalytics:DeleteApplicationVpcConfiguration", "kinesisanalytics:RollbackApplication", "kinesisanalytics:StartApplication", "kinesisanalytics:StopApplication", "kinesisanalytics:TagResource", "kinesisanalytics:UntagResource", "kinesisanalytics:UpdateApplication", "kinesisanalytics:UpdateApplicationMaintenanceConfiguration"], "delete-data": ["kinesisanalytics:DeleteApplication", "kinesisanalytics:DeleteApplicationSnapshot"], "read-config": ["kinesisanalytics:DescribeApplication", "kinesisanalytics:DescribeApplicationOperation", "kinesisanalytics:DescribeApplicationVersion", "kinesisanalytics:ListApplicationOperations", "kinesisanalytics:ListApplications", "kinesisanalytics:ListApplicationSnapshots", "kinesisanalytics:ListApplicationVersions", "kinesisanalytics:ListTagsForResource"], "read-data": ["kinesisanalytics:AddApplicationInput", "kinesisanalytics:AddApplicationReferenceDataSource", "kinesisanalytics:CreateApplication", "kinesisanalytics:CreateApplicationSnapshot", "kinesisanalytics:DescribeApplicationSnapshot", "kinesisanalytics:DiscoverInputSchema", "kinesisanalytics:GetApplicationState"], "write-data": ["kinesisanalytics:AddApplicationOutput", "kinesisanalytics:CreateApplication", "kinesisanalytics:UpdateApplication"]}, "KMS": {"administer-resource": ["kms:CancelKeyDeletion", "kms:ConnectCustomKeyStore", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DisableKey", "kms:DisableKeyRotation", "kms:DisconnectCustomKeyStore", "kms:EnableKey", "kms:EnableKeyRotation", "kms:PutKeyPolicy", "kms:ReplicateKey", "kms:RetireGrant", "kms:RevokeGrant", "kms:RotateKeyOnDemand", "kms:ScheduleKeyDeletion", "kms:SynchronizeMultiRegionKey", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion"], "delete-data": ["kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial"], "read-config": ["kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants"], "read-data": ["kms:Decrypt", "kms:Verify", "kms:VerifyMac"], "write-data": ["kms:DeriveSharedSecret", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyPair", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:GenerateDataKeyWithoutPlaintext", "kms:GenerateMac", "kms:GenerateRandom", "kms:ImportKeyMaterial", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Sign"]}, "Lambda": {"administer-resource": ["lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateAlias", "lambda:CreateCapacityProvider", "lambda:CreateCodeSigningConfig", "lambda:CreateEventSourceMapping", "lambda:CreateFunction", "lambda:CreateFunctionUrlConfig", "lambda:DeleteAlias", "lambda:DeleteCapacityProvider", "lambda:DeleteCodeSigningConfig", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteFunctionCodeSigningConfig", "lambda:DeleteFunctionConcurrency", "lambda:DeleteFunctionEventInvokeConfig", "lambda:DeleteFunctionUrlConfig", "lambda:DeleteLayerVersion", "lambda:DeleteProvisionedConcurrencyConfig", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:PassCapacityProvider", "lambda:PublishLayerVersion", "lambda:PublishVersion", "lambda:PutFunctionCodeSigningConfig", "lambda:PutFunctionConcurrency", "lambda:PutFunctionEventInvokeConfig", "lambda:PutFunctionRecursionConfig", "lambda:PutFunctionScalingConfig", "lambda:PutProvisionedConcurrencyConfig", "lambda:PutRuntimeManagementConfig", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateAlias", "lambda:UpdateCapacityProvider", "lambda:UpdateCodeSigningConfig", "lambda:UpdateEventSourceMapping", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionCodeSigningConfig", "lambda:UpdateFunctionConfiguration", "lambda:UpdateFunctionEventInvokeConfig", "lambda:UpdateFunctionUrlConfig"], "delete-data": ["lambda:DeleteLayerVersion"], "read-config": ["lambda:GetAccountSettings", "lambda:GetAlias", "lambda:GetCapacityProvider", "lambda:GetCodeSigningConfig", "lambda:GetDurableExecution", "lambda:GetDurableExecutionHistory", "lambda:GetDurableExecutionState", "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetFunctionRecursionConfig", "lambda:GetFunctionScalingConfig", "lambda:GetFunctionUrlConfig", "lambda:GetLayerVersion", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:GetProvisionedConcurrencyConfig", "lambda:GetRuntimeManagementConfig", "lambda:ListAliases", "lambda:ListCapacityProviders", "lambda:ListCodeSigningConfigs", "lambda:ListDurableExecutionsByFunction", "lambda:ListEventSourceMappings", "lambda:ListFunctionEventInvokeConfigs", "lambda:ListFunctions", "lambda:ListFunctionsByCodeSigningConfig", "lambda:ListFunctionUrlConfigs", "lambda:ListFunctionVersionsByCapacityProvider", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListTags", "lambda:ListVersionsByFunction"], "use-resource": ["lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:InvokeFunctionUrl"], "write-data": ["lambda:CheckpointDurableExecution", "lambda:PublishLayerVersion", "lambda:PublishVersion", "lambda:SendDurableExecutionCallbackFailure", "lambda:SendDurableExecutionCallbackHeartbeat", "lambda:SendDurableExecutionCallbackSuccess", "lambda:StopDurableExecution"]}, "Organizations": {"administer-resource": ["organizations:AcceptHandshake", "organizations:AttachPolicy", "organizations:CancelHandshake", "organizations:CloseAccount", "organizations:CreateAccount", "organizations:CreateGovCloudAccount", "organizations:CreateOrganization", "organizations:CreateOrganizationalUnit", "organizations:CreatePolicy", "organizations:DeclineHandshake", "organizations:DeleteOrganization", "organizations:DeleteOrganizationalUnit", "organizations:DeletePolicy", "organizations:DeleteResourcePolicy", "organizations:DeregisterDelegatedAdministrator", "organizations:DetachPolicy", "organizations:DisableAWSServiceAccess", "organizations:DisablePolicyType", "organizations:EnableAllFeatures", "organizations:EnableAWSServiceAccess", "organizations:EnablePolicyType", "organizations:InviteAccountToOrganization", "organizations:InviteOrganizationToTransferResponsibility", "organizations:LeaveOrganization", "organizations:MoveAccount", "organizations:PutResourcePolicy", "organizations:RegisterDelegatedAdministrator", "organizations:RemoveAccountFromOrganization", "organizations:TagResource", "organizations:TerminateResponsibilityTransfer", "organizations:UntagResource", "organizations:UpdateOrganizationalUnit", "organizations:UpdatePolicy", "organizations:UpdateResponsibilityTransfer"], "delete-data": ["organizations:CloseAccount", "organizations:DeleteOrganization"], "read-config": ["organizations:DescribeAccount", "organizations:DescribeCreateAccountStatus", "organizations:DescribeEffectivePolicy", "organizations:DescribeHandshake", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:DescribeResourcePolicy", "organizations:DescribeResponsibilityTransfer", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAccountsWithInvalidEffectivePolicy", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListCreateAccountStatus", "organizations:ListDelegatedAdministrators", "organizations:ListDelegatedServicesForAccount", "organizations:ListEffectivePolicyValidationErrors", "organizations:ListHandshakesForAccount", "organizations:ListHandshakesForOrganization", "organizations:ListInboundResponsibilityTransfers", "organizations:ListOrganizationalUnitsForParent", "organizations:ListOutboundResponsibilityTransfers", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy"]}, "RDS": {"administer-resource": ["rds:AddRoleToDBCluster", "rds:AddRoleToDBInstance", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:AuthorizeDBSecurityGroupIngress", "rds:BacktrackDBCluster", "rds:CopyCustomDBEngineVersion", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CopyDBSnapshot", "rds:CopyOptionGroup", "rds:CreateBlueGreenDeployment", "rds:CreateCustomAvailabilityZone", "rds:CreateCustomDBEngineVersion", "rds:CreateDBCluster", "rds:CreateDBClusterEndpoint", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBInstanceReadReplica", "rds:CreateDBParameterGroup", "rds:CreateDBProxy", "rds:CreateDBProxyEndpoint", "rds:CreateDBSecurityGroup", "rds:CreateDBShardGroup", "rds:CreateDBSnapshot", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:CreateIntegration", "rds:CreateOptionGroup", "rds:CreateTenantDatabase", "rds:DeleteBlueGreenDeployment", "rds:DeleteCustomAvailabilityZone", "rds:DeleteCustomDBEngineVersion", "rds:DeleteDBCluster", "rds:DeleteDBClusterEndpoint", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBProxy", "rds:DeleteDBProxyEndpoint", "rds:DeleteDBSecurityGroup", "rds:DeleteDBShardGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DeleteInstallationMedia", "rds:DeleteIntegration", "rds:DeleteTenantDatabase", "rds:DeregisterDBProxyTargets", "rds:DisableHttpEndpoint", "rds:EnableHttpEndpoint", "rds:FailoverDBCluster", "rds:FailoverGlobalCluster", "rds:ImportInstallationMedia", "rds:ModifyActivityStream", "rds:ModifyCertificates", "rds:ModifyCurrentDBClusterCapacity", "rds:ModifyCustomDBEngineVersion", "rds:ModifyDBCluster", "rds:ModifyDBClusterEndpoint", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBProxy", "rds:ModifyDBProxyEndpoint", "rds:ModifyDBProxyTargetGroup", "rds:ModifyDBRecommendation", "rds:ModifyDBShardGroup", "rds:ModifyDBSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:ModifyIntegration", "rds:ModifyOptionGroup", "rds:ModifyRecommendation", "rds:ModifyTenantDatabase", "rds:PromoteReadReplica", "rds:PromoteReadReplicaDBCluster", "rds:PurchaseReservedDBInstancesOffering", "rds:RebootDBCluster", "rds:RebootDBInstance", "rds:RebootDBShardGroup", "rds:RegisterDBProxyTargets", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveRoleFromDBInstance", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromS3", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime", "rds:RestoreDBInstanceFromDBSnapshot", "rds:RestoreDBInstanceFromS3", "rds:RestoreDBInstanceToPointInTime", "rds:RevokeDBSecurityGroupIngress", "rds:StartActivityStream", "rds:StartDBCluster", "rds:StartDBInstance", "rds:StartDBInstanceAutomatedBackupsReplication", "rds:StopActivityStream", "rds:StopDBCluster", "rds:StopDBInstance", "rds:StopDBInstanceAutomatedBackupsReplication", "rds:SwitchoverBlueGreenDeployment", "rds:SwitchoverGlobalCluster", "rds:SwitchoverReadReplica"], "delete-data": ["rds:DeleteDBCluster", "rds:DeleteDBClusterAutomatedBackup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBInstanceAutomatedBackup", "rds:DeleteDBSnapshot", "rds:DeleteGlobalCluster", "rds:DeleteOptionGroup", "rds:DeleteTenantDatabase"], "read-config": ["rds:DescribeAccountAttributes", "rds:DescribeBlueGreenDeployments", "rds:DescribeCertificates", "rds:DescribeCustomAvailabilityZones", "rds:DescribeDBClusterAutomatedBackups", "rds:DescribeDBClusterBacktracks", "rds:DescribeDBClusterEndpoints", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBMajorEngineVersions", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rds:DescribeDBRecommendations", "rds:DescribeDBSecurityGroups", "rds:DescribeDBShardGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSnapshotTenantDatabases", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEvents", "rds:DescribeEventSubscriptions", "rds:DescribeExportTasks", "rds:DescribeGlobalClusters", "rds:DescribeInstallationMedia", "rds:DescribeIntegrations", "rds:DescribeOptionGroupOptions", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeRecommendationGroups", "rds:DescribeRecommendations", "rds:DescribeReservedDBInstances", "rds:DescribeReservedDBInstancesOfferings", "rds:DescribeSourceRegions", "rds:DescribeTenantDatabases", "rds:DescribeValidDBInstanceModifications", "rds:ListTagsForResource"], "read-data": ["rds:CrossRegionCommunication", "rds:DownloadCompleteDBLogFile", "rds:DownloadDBLogFilePortion", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBInstanceFromDBSnapshot"], "write-data": ["rds:CancelExportTask", "rds:CreateDBClusterSnapshot", "rds:CreateDBSnapshot", "rds:CrossRegionCommunication", "rds:StartExportTask"]}, "RDS Data": {"write-data": ["rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:ExecuteSql", "rds-data:ExecuteStatement", "rds-data:RollbackTransaction"]}, "RDS DB": {"use-resource": ["rds-db:connect"]}, "Redshift": {"administer-resource": ["redshift:AcceptReservedNodeExchange", "redshift:AddPartner", "redshift:AssociateDataShareConsumer", "redshift:AuthorizeClusterSecurityGroupIngress", "redshift:AuthorizeDataShare", "redshift:AuthorizeEndpointAccess", "redshift:AuthorizeInboundIntegration", "redshift:AuthorizeSnapshotAccess", "redshift:BatchDeleteClusterSnapshots", "redshift:BatchModifyClusterSnapshots", "redshift:CancelQuerySession", "redshift:CancelResize", "redshift:CopyClusterSnapshot", "redshift:CreateAuthenticationProfile", "redshift:CreateCluster", "redshift:CreateClusterParameterGroup", "redshift:CreateClusterSecurityGroup", "redshift:CreateClusterSnapshot", "redshift:CreateClusterSubnetGroup", "redshift:CreateClusterUser", "redshift:CreateCustomDomainAssociation", "redshift:CreateEndpointAccess", "redshift:CreateEventSubscription", "redshift:CreateHsmClientCertificate", "redshift:CreateHsmConfiguration", "redshift:CreateInboundIntegration", "redshift:CreateIntegration", "redshift:CreateQev2IdcApplication", "redshift:CreateRedshiftIdcApplication", "redshift:CreateSnapshotCopyGrant", "redshift:CreateSnapshotSchedule", "redshift:CreateUsageLimit", "redshift:DeauthorizeDataShare", "redshift:DeleteAuthenticationProfile", "redshift:DeleteCluster", "redshift:DeleteClusterParameterGroup", "redshift:DeleteClusterSecurityGroup", "redshift:DeleteClusterSnapshot", "redshift:DeleteClusterSubnetGroup", "redshift:DeleteCustomDomainAssociation", "redshift:DeleteEndpointAccess", "redshift:DeleteEventSubscription", "redshift:DeleteHsmClientCertificate", "redshift:DeleteHsmConfiguration", "redshift:DeleteIntegration", "redshift:DeletePartner", "redshift:DeleteQev2IdcApplication", "redshift:DeleteRedshiftIdcApplication", "redshift:DeleteResourcePolicy", "redshift:DeleteSnapshotCopyGrant", "redshift:DeleteSnapshotSchedule", "redshift:DeleteUsageLimit", "redshift:DeregisterNamespace", "redshift:DisableLogging", "redshift:DisableSnapshotCopy", "redshift:DisassociateDataShareConsumer", "redshift:EnableLogging", "redshift:EnableSnapshotCopy", "redshift:FailoverPrimaryCompute", "redshift:JoinGroup", "redshift:ModifyAquaConfiguration", "redshift:ModifyAuthenticationProfile", "redshift:ModifyAutonomicsDenylist", "redshift:ModifyCluster", "redshift:ModifyClusterDbRevision", "redshift:ModifyClusterIamRoles", "redshift:ModifyClusterMaintenance", "redshift:ModifyClusterParameterGroup", "redshift:ModifyClusterSnapshot", "redshift:ModifyClusterSnapshotSchedule", "redshift:ModifyClusterSubnetGroup", "redshift:ModifyCustomDomainAssociation", "redshift:ModifyEndpointAccess", "redshift:ModifyEventSubscription", "redshift:ModifyIntegration", "redshift:ModifyQev2IdcApplication", "redshift:ModifyRedshiftIdcApplication", "redshift:ModifyScheduledAction", "redshift:ModifySnapshotCopyRetentionPeriod", "redshift:ModifySnapshotSchedule", "redshift:ModifyUsageLimit", "redshift:PauseCluster", "redshift:PurchaseReservedNodeOffering", "redshift:PutResourcePolicy", "redshift:RebootCluster", "redshift:RegisterNamespace", "redshift:RejectDataShare", "redshift:ResetClusterParameterGroup", "redshift:ResizeCluster", "redshift:RestoreFromClusterSnapshot", "redshift:RestoreTableFromClusterSnapshot", "redshift:ResumeCluster", "redshift:RevokeClusterSecurityGroupIngress", "redshift:RevokeEndpointAccess", "redshift:RevokeSnapshotAccess", "redshift:RotateEncryptionKey", "redshift:UpdatePartnerStatus"], "delete-data": ["redshift:BatchDeleteClusterSnapshots", "redshift:DeleteCluster", "redshift:DeleteClusterSnapshot"], "read-config": ["redshift:DescribeAccountAttributes", "redshift:DescribeAuthenticationProfiles", "redshift:DescribeAutonomicsDenylist", "redshift:DescribeClusterDbRevisions", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterTracks", "redshift:DescribeClusterVersions", "redshift:DescribeCustomDomainAssociations", "redshift:DescribeDataShares", "redshift:DescribeDataSharesForConsumer", "redshift:DescribeDataSharesForProducer", "redshift:DescribeDefaultClusterParameters", "redshift:DescribeEndpointAccess", "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventCategories", "redshift:DescribeEvents", "redshift:DescribeEventSubscriptions", "redshift:DescribeHsmClientCertificates", "redshift:DescribeHsmConfigurations", "redshift:DescribeInboundIntegrations", "redshift:DescribeIntegrations", "redshift:DescribeLoggingStatus", "redshift:DescribeNodeConfigurationOptions", "redshift:DescribeOrderableClusterOptions", "redshift:DescribePartners", "redshift:DescribeQev2IdcApplications", "redshift:DescribeQuery", "redshift:DescribeRedshiftIdcApplications", "redshift:DescribeReservedNodeExchangeStatus", "redshift:DescribeReservedNodeOfferings", "redshift:DescribeReservedNodes", "redshift:DescribeResize", "redshift:DescribeSavedQueries", "redshift:DescribeScheduledActions", "redshift:DescribeSnapshotCopyGrants", "redshift:DescribeSnapshotSchedules", "redshift:DescribeStorage", "redshift:DescribeTable", "redshift:DescribeTableRestoreStatus", "redshift:DescribeTags", "redshift:DescribeUsageLimits", "redshift:GetReservedNodeExchangeConfigurationOptions", "redshift:GetReservedNodeExchangeOfferings", "redshift:GetResourcePolicy", "redshift:ListDatabases", "redshift:ListRecommendations", "redshift:ListSavedQueries", "redshift:ListSchemas", "redshift:ListTables"], "read-data": ["redshift:FetchResults", "redshift:ViewQueriesFromConsole"], "use-resource": ["redshift:GetClusterCredentials", "redshift:GetClusterCredentialsWithIAM", "redshift:GetIdentityCenterAuthToken"], "write-data": ["redshift:CancelQuery", "redshift:CopyClusterSnapshot", "redshift:CreateSavedQuery", "redshift:CreateScheduledAction", "redshift:CreateTags", "redshift:DeleteSavedQueries", "redshift:DeleteScheduledAction", "redshift:DeleteTags", "redshift:ExecuteQuery", "redshift:ModifySavedQuery", "redshift:ViewQueriesInConsole"]}, "Resource Access Manager": {"administer-resource": ["ram:AcceptResourceShareInvitation", "ram:AssociateResourceShare", "ram:AssociateResourceSharePermission", "ram:CreatePermission", "ram:CreatePermissionVersion", "ram:CreateResourceShare", "ram:DeletePermission", "ram:DeletePermissionVersion", "ram:DeleteResourceShare", "ram:DisassociateResourceShare", "ram:DisassociateResourceSharePermission", "ram:EnableSharingWithAwsOrganization", "ram:PromotePermissionCreatedFromPolicy", "ram:PromoteResourceShareCreatedFromPolicy", "ram:RejectResourceShareInvitation", "ram:ReplacePermissionAssociations", "ram:SetDefaultPermissionVersion", "ram:TagResource", "ram:UntagResource", "ram:UpdateResourceShare"], "read-config": ["ram:GetPermission", "ram:GetResourcePolicies", "ram:GetResourceShareAssociations", "ram:GetResourceShareInvitations", "ram:GetResourceShares", "ram:ListPendingInvitationResources", "ram:ListPermissionAssociations", "ram:ListPermissions", "ram:ListPermissionVersions", "ram:ListPrincipals", "ram:ListReplacePermissionAssociationsWork", "ram:ListResources", "ram:ListResourceSharePermissions", "ram:ListResourceTypes"]}, "S3": {"administer-resource": ["s3:AssociateAccessGrantsIdentityCenter", "s3:BypassGovernanceRetention", "s3:CreateAccessGrant", "s3:CreateAccessGrantsInstance", "s3:CreateAccessGrantsLocation", "s3:CreateAccessPoint", "s3:CreateAccessPointForObjectLambda", "s3:CreateBucket", "s3:CreateBucketMetadataTableConfiguration", "s3:CreateJob", "s3:CreateMultiRegionAccessPoint", "s3:CreateStorageLensGroup", "s3:DeleteAccessGrant", "s3:DeleteAccessGrantsInstance", "s3:DeleteAccessGrantsInstanceResourcePolicy", "s3:DeleteAccessGrantsLocation", "s3:DeleteAccessPoint", "s3:DeleteAccessPointForObjectLambda", "s3:DeleteAccessPointPolicy", "s3:DeleteAccessPointPolicyForObjectLambda", "s3:DeleteBucket", "s3:DeleteBucketMetadataTableConfiguration", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteIntelligentTieringConfiguration", "s3:DeleteJobTagging", "s3:DeleteMultiRegionAccessPoint", "s3:DeleteStorageLensConfiguration", "s3:DeleteStorageLensConfigurationTagging", "s3:DeleteStorageLensGroup", "s3:DissociateAccessGrantsIdentityCenter", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PauseReplication", "s3:PutAccelerateConfiguration", "s3:PutAccessGrantsInstanceResourcePolicy", "s3:PutAccessPointConfigurationForObjectLambda", "s3:PutAccessPointPolicy", "s3:PutAccessPointPolicyForObjectLambda", "s3:PutAccessPointPublicAccessBlock", "s3:PutAccountPublicAccessBlock", "s3:PutAnalyticsConfiguration", "s3:PutBucketAbac", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketOwnershipControls", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutIntelligentTieringConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutMultiRegionAccessPointPolicy", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectVersionAcl", "s3:PutReplicationConfiguration", "s3:PutStorageLensConfiguration", "s3:PutStorageLensConfigurationTagging", "s3:SubmitMultiRegionAccessPointRoutes", "s3:TagResource", "s3:UntagResource", "s3:UpdateAccessGrantsLocation", "s3:UpdateBucketMetadataInventoryTableConfiguration", "s3:UpdateBucketMetadataJournalTableConfiguration", "s3:UpdateObjectEncryption", "s3:UpdateStorageLensGroup"], "delete-data": ["s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging"], "read-config": ["s3:DescribeJob", "s3:DescribeMultiRegionAccessPointOperation", "s3:GetAccelerateConfiguration", "s3:GetAccessGrant", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsInstanceForPrefix", "s3:GetAccessGrantsInstanceResourcePolicy", "s3:GetAccessGrantsLocation", "s3:GetAccessPoint", "s3:GetAccessPointConfigurationForObjectLambda", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucketAbac", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketMetadataTableConfiguration", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetIntelligentTieringConfiguration", "s3:GetInventoryConfiguration", "s3:GetJobTagging", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetMultiRegionAccessPointRoutes", "s3:GetObjectAcl", "s3:GetObjectAttributes", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTagging", "s3:GetObjectVersionAcl", "s3:GetObjectVersionAttributes", "s3:GetObjectVersionTagging", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:ListAccessGrants", "s3:ListAccessGrantsInstances", "s3:ListAccessGrantsLocations", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListCallerAccessGrants", "s3:ListJobs", "s3:ListMultipartUploadParts", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", "s3:ListStorageLensGroups", "s3:ListTagsForResource"], "read-data": ["s3:GetObject", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:GetStorageLensDashboard", "s3:HeadBucket", "s3:ListBucketByTags"], "use-resource": ["s3:GetDataAccess"], "write-data": ["s3:AbortMultipartUpload", "s3:InitiateReplication", "s3:PutBucketTagging", "s3:PutObject", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus"]}, "Secrets Manager": {"administer-resource": ["secretsmanager:CancelRotateSecret", "secretsmanager:CreateSecret", "secretsmanager:DeleteResourcePolicy", "secretsmanager:DeleteSecret", "secretsmanager:PutResourcePolicy", "secretsmanager:RemoveRegionsFromReplication", "secretsmanager:ReplicateSecretToRegions", "secretsmanager:RestoreSecret", "secretsmanager:RotateSecret", "secretsmanager:StopReplicationToReplica", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage"], "delete-data": ["secretsmanager:DeleteSecret"], "read-config": ["secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "secretsmanager:ValidateResourcePolicy"], "read-data": ["secretsmanager:BatchGetSecretValue", "secretsmanager:GetRandomPassword", "secretsmanager:GetSecretValue"], "write-data": ["secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:RotateSecret", "secretsmanager:UpdateSecret"]}, "SQS": {"administer-resource": ["sqs:AddPermission", "sqs:CancelMessageMoveTask", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:PurgeQueue", "sqs:RemovePermission", "sqs:SetQueueAttributes", "sqs:StartMessageMoveTask", "sqs:TagQueue", "sqs:UntagQueue"], "delete-data": ["sqs:DeleteMessage", "sqs:DeleteMessageBatch", "sqs:DeleteQueue", "sqs:PurgeQueue"], "read-config": ["sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ListMessageMoveTasks", "sqs:ListQueues", "sqs:ListQueueTags"], "read-data": ["sqs:ReceiveMessage"], "write-data": ["sqs:ChangeMessageVisibility", "sqs:ChangeMessageVisibilityBatch", "sqs:SendMessage", "sqs:SendMessageBatch"]}, "STS": {"read-data": ["sts:GetAccessKeyInfo", "sts:GetCallerIdentity", "sts:GetDelegatedAccessToken", "sts:GetFederationToken", "sts:GetServiceBearerToken", "sts:GetSessionToken", "sts:GetWebIdentityToken"], "use-resource": ["sts:AssumeRole", "sts:AssumeRoleWithSAML", "sts:AssumeRoleWithWebIdentity", "sts:AssumeRoot"], "write-data": ["sts:DecodeAuthorizationMessage", "sts:SetContext", "sts:SetSourceIdentity", "sts:TagGetWebIdentityToken", "sts:TagSession"]}, "Systems Manager": {"administer-resource": ["ssm:AddTagsToResource", "ssm:CancelCommand", "ssm:CancelMaintenanceWindowExecution", "ssm:CreateActivation", "ssm:CreateAssociation", "ssm:CreateAssociationBatch", "ssm:CreateMaintenanceWindow", "ssm:CreateResourceDataSync", "ssm:DeleteActivation", "ssm:DeleteAssociation", "ssm:DeleteMaintenanceWindow", "ssm:DeleteResourceDataSync", "ssm:DeleteResourcePolicy", "ssm:DeregisterManagedInstance", "ssm:DeregisterPatchBaselineForPatchGroup", "ssm:DeregisterTargetFromMaintenanceWindow", "ssm:DeregisterTaskFromMaintenanceWindow", "ssm:LabelParameterVersion", "ssm:ModifyDocumentPermission", "ssm:PutCalendar", "ssm:PutResourcePolicy", "ssm:RegisterDefaultPatchBaseline", "ssm:RegisterManagedInstance", "ssm:RegisterPatchBaselineForPatchGroup", "ssm:RegisterTargetWithMaintenanceWindow", "ssm:RegisterTaskWithMaintenanceWindow", "ssm:RemoveTagsFromResource", "ssm:ResetServiceSetting", "ssm:SendAutomationSignal", "ssm:StartAssociationsOnce", "ssm:StartAutomationExecution", "ssm:StartChangeRequestExecution", "ssm:StartSession", "ssm:StopAutomationExecution", "ssm:TerminateSession", "ssm:UnlabelParameterVersion", "ssm:UpdateAssociation", "ssm:UpdateAssociationStatus", "ssm:UpdateDocumentDefaultVersion", "ssm:UpdateDocumentMetadata", "ssm:UpdateMaintenanceWindow", "ssm:UpdateMaintenanceWindowTarget", "ssm:UpdateMaintenanceWindowTask", "ssm:UpdateManagedInstanceRole", "ssm:UpdatePatchBaseline", "ssm:UpdateResourceDataSync", "ssm:UpdateServiceSetting"], "delete-data": ["ssm:DeleteDocument", "ssm:DeleteInventory", "ssm:DeleteOpsItem", "ssm:DeleteOpsMetadata", "ssm:DeleteParameter", "ssm:DeleteParameters", "ssm:DeletePatchBaseline"], "read-config": ["ssm:DescribeActivations", "ssm:DescribeAssociation", "ssm:DescribeAssociationExecutionTargets", "ssm:DescribeAvailablePatches", "ssm:DescribeDocument", "ssm:DescribeDocumentParameters", "ssm:DescribeDocumentPermission", "ssm:DescribeEffectiveInstanceAssociations", "ssm:DescribeInstanceAssociationsStatus", "ssm:DescribeInstanceProperties", "ssm:DescribeInventoryDeletions", "ssm:DescribeMaintenanceWindowExecutions", "ssm:DescribeMaintenanceWindowExecutionTasks", "ssm:DescribeMaintenanceWindows", "ssm:DescribeMaintenanceWindowSchedule", "ssm:DescribeMaintenanceWindowsForTarget", "ssm:DescribeMaintenanceWindowTargets", "ssm:DescribeMaintenanceWindowTasks", "ssm:DescribeParameters", "ssm:DescribePatchBaselines", "ssm:DescribePatchGroups", "ssm:DescribePatchProperties", "ssm:DescribeSessions", "ssm:GetCalendar", "ssm:GetCalendarState", "ssm:GetConnectionStatus", "ssm:GetDefaultPatchBaseline", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetInventorySchema", "ssm:GetMaintenanceWindow", "ssm:GetManifest", "ssm:GetParameterHistory", "ssm:GetPatchBaseline", "ssm:GetPatchBaselineForPatchGroup", "ssm:GetResourcePolicies", "ssm:GetServiceSetting", "ssm:ListAssociations", "ssm:ListAssociationVersions", "ssm:ListComplianceItems", "ssm:ListComplianceSummaries", "ssm:ListDocumentMetadataHistory", "ssm:ListDocuments", "ssm:ListDocumentVersions", "ssm:ListInstanceAssociations", "ssm:ListInventoryEntries", "ssm:ListOpsItemEvents", "ssm:ListOpsItemRelatedItems", "ssm:ListOpsMetadata", "ssm:ListResourceComplianceSummaries", "ssm:ListResourceDataSync", "ssm:ListTagsForResource"], "read-data": ["ssm:DescribeAssociationExecutions", "ssm:DescribeAutomationExecutions", "ssm:DescribeAutomationStepExecutions", "ssm:DescribeEffectivePatchesForPatchBaseline", "ssm:DescribeInstanceInformation", "ssm:DescribeInstancePatches", "ssm:DescribeInstancePatchStates", "ssm:DescribeInstancePatchStatesForPatchGroup", "ssm:DescribeMaintenanceWindowExecutionTaskInvocations", "ssm:DescribeOpsItems", "ssm:DescribePatchGroupState", "ssm:ExecuteAPI", "ssm:GetAccessToken", "ssm:GetAutomationExecution", "ssm:GetCommandInvocation", "ssm:GetDocument", "ssm:GetExecutionPreview", "ssm:GetInventory", "ssm:GetMaintenanceWindowExecution", "ssm:GetMaintenanceWindowExecutionTask", "ssm:GetMaintenanceWindowExecutionTaskInvocation", "ssm:GetMaintenanceWindowTask", "ssm:GetOpsItem", "ssm:GetOpsMetadata", "ssm:GetOpsSummary", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "ssm:ListCommandInvocations", "ssm:ListCommands", "ssm:ListNodes", "ssm:ListNodesSummary", "ssm:PutConfigurePackageResult", "ssm:StartExecutionPreview"], "use-resource": ["ssm:ResumeSession", "ssm:SendCommand", "ssm:StartAccessRequest", "ssm:StartSession"], "write-data": ["ssm:AssociateOpsItemRelatedItem", "ssm:CreateDocument", "ssm:CreateOpsItem", "ssm:CreateOpsMetadata", "ssm:CreatePatchBaseline", "ssm:CreateResourceDataSync", "ssm:DisassociateOpsItemRelatedItem", "ssm:PutComplianceItems", "ssm:PutInventory", "ssm:PutParameter", "ssm:UpdateDocument", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation", "ssm:UpdateOpsItem", "ssm:UpdateOpsMetadata"]}}