From b7c21ea6f7596f447f61bdb22990bd00d912412f Mon Sep 17 00:00:00 2001 From: MAMIP Bot Date: Mon, 2 Dec 2024 17:05:05 +0000 Subject: [PATCH] Update detected --- policies/AIOpsAssistantPolicy | 887 ++++++++++++++++++++++++++++++++++ 1 file changed, 887 insertions(+) create mode 100644 policies/AIOpsAssistantPolicy diff --git a/policies/AIOpsAssistantPolicy b/policies/AIOpsAssistantPolicy new file mode 100644 index 0000000000..b4b9dbf3bc --- /dev/null +++ b/policies/AIOpsAssistantPolicy @@ -0,0 +1,887 @@ +{ + "PolicyVersion": { + "CreateDate": "2024-12-02T16:21:06Z", + "VersionId": "v1", + "Document": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "access-analyzer:GetAnalyzer", + "access-analyzer:List*", + "acm-pca:Describe*", + "acm-pca:GetCertificate", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:List*", + "acm:DescribeCertificate", + "acm:GetAccountConfiguration", + "airflow:List*", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:GetDomainAssociation", + "amplify:List*", + "aoss:BatchGetCollection", + "aoss:BatchGetLifecyclePolicy", + "aoss:BatchGetVpcEndpoint", + "aoss:GetAccessPolicy", + "aoss:GetSecurityConfig", + "aoss:GetSecurityPolicy", + "aoss:List*", + "appconfig:GetApplication", + "appconfig:GetConfigurationProfile", + "appconfig:GetEnvironment", + "appconfig:GetHostedConfigurationVersion", + "appconfig:List*", + "appflow:Describe*", + "appflow:List*", + "application-autoscaling:Describe*", + "application-signals:BatchGetServiceLevelObjectiveBudgetReport", + "application-signals:GetService", + "application-signals:GetServiceLevelObjective", + "application-signals:List*", + "applicationinsights:Describe*", + "applicationinsights:List*", + "apprunner:Describe*", + "apprunner:List*", + "appstream:Describe*", + "appstream:List*", + "appsync:GetApiAssociation", + "appsync:GetDomainName", + "appsync:GetFunction", + "appsync:GetResolver", + "appsync:GetSourceApiAssociation", + "appsync:List*", + "aps:Describe*", + "aps:List*", + "arc-zonal-shift:GetManagedResource", + "arc-zonal-shift:List*", + "athena:GetCapacityAssignmentConfiguration", + "athena:GetCapacityReservation", + "athena:GetDataCatalog", + "athena:GetNamedQuery", + "athena:GetPreparedStatement", + "athena:GetWorkGroup", + "athena:List*", + "auditmanager:GetAssessment", + "auditmanager:List*", + "autoscaling:Describe*", + "backup-gateway:GetHypervisor", + "backup-gateway:List*", + "backup:Describe*", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:GetRestoreTestingPlan", + "backup:GetRestoreTestingSelection", + "backup:List*", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobQueues", + "batch:DescribeSchedulingPolicies", + "batch:List*", + "bedrock:GetAgent", + "bedrock:GetAgentActionGroup", + "bedrock:GetAgentAlias", + "bedrock:GetAgentKnowledgeBase", + "bedrock:GetDataSource", + "bedrock:GetGuardrail", + "bedrock:GetKnowledgeBase", + "bedrock:List*", + "budgets:Describe*", + "budgets:List*", + "ce:Describe*", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:List*", + "chatbot:Describe*", + "chatbot:GetMicrosoftTeamsChannelConfiguration", + "chatbot:List*", + "cleanrooms-ml:GetTrainingDataset", + "cleanrooms-ml:List*", + "cleanrooms:GetAnalysisTemplate", + "cleanrooms:GetCollaboration", + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "cleanrooms:GetConfiguredTableAssociation", + "cleanrooms:GetMembership", + "cleanrooms:List*", + "cloudformation:Describe*", + "cloudformation:GetResource", + "cloudformation:GetStackPolicy", + "cloudformation:GetTemplate", + "cloudformation:List*", + "cloudfront:Describe*", + "cloudfront:GetCachePolicy", + "cloudfront:GetCloudFrontOriginAccessIdentity", + "cloudfront:GetContinuousDeploymentPolicy", + "cloudfront:GetDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:GetFunction", + "cloudfront:GetKeyGroup", + "cloudfront:GetMonitoringSubscription", + "cloudfront:GetOriginAccessControl", + "cloudfront:GetOriginRequestPolicy", + "cloudfront:GetPublicKey", + "cloudfront:GetRealtimeLogConfig", + "cloudfront:GetResponseHeadersPolicy", + "cloudfront:List*", + "cloudtrail:Describe*", + "cloudtrail:GetChannel", + "cloudtrail:GetEventDataStore", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", + "cloudtrail:GetQueryResults", + "cloudtrail:GetResourcePolicy", + "cloudtrail:GetTrail", + "cloudtrail:GetTrailStatus", + "cloudtrail:List*", + "cloudtrail:LookupEvents", + "cloudtrail:StartQuery", + "cloudwatch:Describe*", + "cloudwatch:GenerateQuery", + "cloudwatch:GetDashboard", + "cloudwatch:GetInsightRuleReport", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStream", + "cloudwatch:GetService", + "cloudwatch:GetServiceLevelObjective", + "cloudwatch:List*", + "codeartifact:Describe*", + "codeartifact:GetDomainPermissionsPolicy", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:List*", + "codebuild:BatchGetFleets", + "codebuild:List*", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codedeploy:BatchGetDeployments", + "codedeploy:BatchGetDeploymentTargets", + "codedeploy:GetApplication", + "codedeploy:GetDeploymentConfig", + "codedeploy:List*", + "codeguru-profiler:Describe*", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy", + "codeguru-profiler:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:List*", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:List*", + "codestar-connections:GetConnection", + "codestar-connections:GetRepositoryLink", + "codestar-connections:GetSyncConfiguration", + "codestar-connections:List*", + "codestar-notifications:Describe*", + "codestar-notifications:List*", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:ListIdentityPools", + "cognito-identity:ListTagsForResource", + "cognito-idp:AdminListGroupsForUser", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeRiskConfiguration", + "cognito-idp:DescribeUserImportJob", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:GetGroup", + "cognito-idp:GetLogDeliveryConfiguration", + "cognito-idp:GetUICustomization", + "cognito-idp:GetUserPoolMfaConfig", + "cognito-idp:GetWebACLForResource", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListResourceServers", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListUsers", + "cognito-idp:ListTagsForResource", + "comprehend:Describe*", + "comprehend:List*", + "config:Describe*", + "config:GetStoredQuery", + "config:List*", + "connect:Describe*", + "connect:GetTaskTemplate", + "connect:List*", + "databrew:Describe*", + "databrew:List*", + "datapipeline:Describe*", + "datapipeline:GetPipelineDefinition", + "datapipeline:List*", + "datasync:Describe*", + "datasync:List*", + "deadline:GetFarm", + "deadline:GetFleet", + "deadline:GetLicenseEndpoint", + "deadline:GetMonitor", + "deadline:GetQueue", + "deadline:GetQueueEnvironment", + "deadline:GetQueueFleetAssociation", + "deadline:GetStorageProfile", + "deadline:List*", + "detective:GetMembers", + "detective:List*", + "devicefarm:GetDevicePool", + "devicefarm:GetInstanceProfile", + "devicefarm:GetNetworkProfile", + "devicefarm:GetProject", + "devicefarm:GetTestGridProject", + "devicefarm:GetVPCEConfiguration", + "devicefarm:List*", + "devops-guru:Describe*", + "devops-guru:GetResourceCollection", + "devops-guru:List*", + "dms:Describe*", + "dms:List*", + "ds:Describe*", + "dynamodb:Describe*", + "dynamodb:GetResourcePolicy", + "dynamodb:List*", + "ec2:Describe*", + "ec2:GetAssociatedEnclaveCertificateIamRoles", + "ec2:GetIpamPoolAllocations", + "ec2:GetIpamPoolCidrs", + "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeContent", + "ec2:GetSnapshotBlockPublicAccessState", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:GetVerifiedAccessEndpointPolicy", + "ec2:GetVerifiedAccessGroupPolicy", + "ec2:GetVerifiedAccessInstanceWebAcl", + "ec2:SearchLocalGatewayRoutes", + "ec2:SearchTransitGatewayRoutes", + "ecr:Describe*", + "ecr:GetLifecyclePolicy", + "ecr:GetRegistryPolicy", + "ecr:GetRepositoryPolicy", + "ecr:List*", + "ecs:Describe*", + "ecs:List*", + "eks:Describe*", + "eks:List*", + "elastic-inference:Describe*", + "elasticache:Describe*", + "elasticache:List*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticfilesystem:Describe*", + "elasticloadbalancing:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:List*", + "emr-containers:Describe*", + "emr-containers:List*", + "emr-serverless:GetApplication", + "emr-serverless:List*", + "es:Describe*", + "es:List*", + "events:Describe*", + "events:List*", + "evidently:GetExperiment", + "evidently:GetFeature", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:GetSegment", + "evidently:List*", + "firehose:Describe*", + "firehose:List*", + "fis:GetExperimentTemplate", + "fis:GetTargetAccountConfiguration", + "fis:List*", + "fms:GetNotificationChannel", + "fms:GetPolicy", + "fms:List*", + "forecast:Describe*", + "forecast:List*", + "frauddetector:BatchGetVariable", + "frauddetector:Describe*", + "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", + "frauddetector:GetEntityTypes", + "frauddetector:GetEventTypes", + "frauddetector:GetExternalModels", + "frauddetector:GetLabels", + "frauddetector:GetListElements", + "frauddetector:GetListsMetadata", + "frauddetector:GetModelVersion", + "frauddetector:GetOutcomes", + "frauddetector:GetRules", + "frauddetector:GetVariables", + "frauddetector:List*", + "fsx:Describe*", + "gamelift:Describe*", + "gamelift:List*", + "globalaccelerator:Describe*", + "globalaccelerator:List*", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetJob", + "glue:GetRegistry", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTags", + "glue:GetTrigger", + "glue:List*", + "glue:querySchemaVersionMetadata", + "grafana:Describe*", + "grafana:List*", + "greengrass:Describe*", + "greengrass:GetDeployment", + "greengrass:List*", + "groundstation:GetConfig", + "groundstation:GetDataflowEndpointGroup", + "groundstation:GetMissionProfile", + "groundstation:List*", + "guardduty:GetDetector", + "guardduty:GetFilter", + "guardduty:GetIPSet", + "guardduty:GetMalwareProtectionPlan", + "guardduty:GetMasterAccount", + "guardduty:GetMembers", + "guardduty:GetThreatIntelSet", + "guardduty:List*", + "health:DescribeEvents", + "health:DescribeEventDetails", + "healthlake:Describe*", + "healthlake:List*", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetInstanceProfile", + "iam:GetLoginProfile", + "iam:GetOpenIDConnectProvider", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetSAMLProvider", + "iam:GetServerCertificate", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListOpenIDConnectProviders", + "iam:ListServerCertificates", + "iam:ListVirtualMFADevices", + "identitystore:DescribeGroup", + "identitystore:DescribeGroupMembership", + "identitystore:ListGroupMemberships", + "identitystore:ListGroups", + "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", + "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImage", + "imagebuilder:GetImagePipeline", + "imagebuilder:GetImageRecipe", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetLifecyclePolicy", + "imagebuilder:GetWorkflow", + "imagebuilder:List*", + "inspector2:List*", + "inspector:Describe*", + "inspector:List*", + "internetmonitor:GetMonitor", + "internetmonitor:List*", + "iot:Describe*", + "iot:GetPackage", + "iot:GetPackageVersion", + "iot:GetPolicy", + "iot:GetThingShadow", + "iot:GetTopicRule", + "iot:GetTopicRuleDestination", + "iot:GetV2LoggingOptions", + "iot:List*", + "iotanalytics:Describe*", + "iotanalytics:List*", + "iotevents:Describe*", + "iotevents:List*", + "iotfleethub:Describe*", + "iotfleethub:List*", + "iotsitewise:Describe*", + "iotsitewise:List*", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", + "iotwireless:GetFuotaTask", + "iotwireless:GetMulticastGroup", + "iotwireless:GetNetworkAnalyzerConfiguration", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGateway", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:List*", + "ivs:GetChannel", + "ivs:GetEncoderConfiguration", + "ivs:GetPlaybackRestrictionPolicy", + "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:List*", + "ivschat:GetLoggingConfiguration", + "ivschat:GetRoom", + "ivschat:List*", + "kafka:Describe*", + "kafka:GetClusterPolicy", + "kafka:List*", + "kafkaconnect:Describe*", + "kafkaconnect:List*", + "kendra:Describe*", + "kendra:List*", + "kinesis:Describe*", + "kinesis:List*", + "kinesisanalytics:Describe*", + "kinesisanalytics:List*", + "kinesisvideo:Describe*", + "kms:DescribeKey", + "kms:ListResourceTags", + "kms:ListKeys", + "lakeformation:Describe*", + "lakeformation:GetLFTag", + "lakeformation:GetResourceLFTags", + "lakeformation:List*", + "lambda:GetAlias", + "lambda:GetCodeSigningConfig", + "lambda:GetEventSourceMapping", + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetFunctionConfiguration", + "lambda:GetFunctionEventInvokeConfig", + "lambda:GetFunctionRecursionConfig", + "lambda:GetFunctionUrlConfig", + "lambda:GetLayerVersion", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:GetRuntimeManagementConfig", + "lambda:List*", + "launchwizard:GetDeployment", + "launchwizard:List*", + "lex:Describe*", + "lex:List*", + "license-manager:GetLicense", + "license-manager:List*", + "lightsail:GetAlarms", + "lightsail:GetBuckets", + "lightsail:GetCertificates", + "lightsail:GetContainerServices", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetInstance", + "lightsail:GetInstances", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:GetStaticIp", + "lightsail:GetStaticIps", + "logs:Describe*", + "logs:FilterLogEvents", + "logs:GetDataProtectionPolicy", + "logs:GetDelivery", + "logs:GetDeliveryDestination", + "logs:GetDeliveryDestinationPolicy", + "logs:GetDeliverySource", + "logs:GetLogAnomalyDetector", + "logs:GetLogDelivery", + "logs:GetQueryResults", + "logs:List*", + "logs:StartQuery", + "logs:StopLiveTail", + "logs:StopQuery", + "logs:TestMetricFilter", + "lookoutmetrics:Describe*", + "lookoutmetrics:List*", + "lookoutvision:Describe*", + "lookoutvision:List*", + "m2:GetApplication", + "m2:GetEnvironment", + "m2:List*", + "macie2:GetAllowList", + "macie2:GetCustomDataIdentifier", + "macie2:GetFindingsFilter", + "macie2:GetMacieSession", + "macie2:List*", + "mediaconnect:Describe*", + "mediaconnect:List*", + "medialive:Describe*", + "medialive:GetCloudWatchAlarmTemplate", + "medialive:GetCloudWatchAlarmTemplateGroup", + "medialive:GetEventBridgeRuleTemplate", + "medialive:GetEventBridgeRuleTemplateGroup", + "medialive:GetSignalMap", + "medialive:List*", + "mediapackage-vod:Describe*", + "mediapackage-vod:List*", + "mediapackage:Describe*", + "mediapackage:List*", + "mediapackagev2:GetChannel", + "mediapackagev2:GetChannelGroup", + "mediapackagev2:GetChannelPolicy", + "mediapackagev2:GetOriginEndpoint", + "mediapackagev2:GetOriginEndpointPolicy", + "mediapackagev2:List*", + "memorydb:Describe*", + "memorydb:List*", + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:List*", + "mq:Describe*", + "mq:List*", + "network-firewall:Describe*", + "network-firewall:List*", + "networkmanager:Describe*", + "networkmanager:GetConnectAttachment", + "networkmanager:GetConnectPeer", + "networkmanager:GetCoreNetwork", + "networkmanager:GetCoreNetworkPolicy", + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:GetDevices", + "networkmanager:GetLinkAssociations", + "networkmanager:GetLinks", + "networkmanager:GetSites", + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:GetTransitGatewayPeering", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:GetTransitGatewayRouteTableAttachment", + "networkmanager:GetVpcAttachment", + "networkmanager:List*", + "nimble:GetLaunchProfile", + "nimble:GetStreamingImage", + "nimble:GetStudio", + "nimble:GetStudioComponent", + "nimble:List*", + "oam:GetLink", + "oam:GetSink", + "oam:GetSinkPolicy", + "oam:List*", + "omics:GetAnnotationStore", + "omics:GetReferenceStore", + "omics:GetRunGroup", + "omics:GetSequenceStore", + "omics:GetVariantStore", + "omics:GetWorkflow", + "omics:List*", + "opsworks-cm:Describe*", + "opsworks-cm:List*", + "organizations:Describe*", + "organizations:List*", + "osis:GetPipeline", + "osis:List*", + "payment-cryptography:GetAlias", + "payment-cryptography:GetKey", + "payment-cryptography:List*", + "pca-connector-ad:GetConnector", + "pca-connector-ad:GetDirectoryRegistration", + "pca-connector-ad:GetServicePrincipalName", + "pca-connector-ad:GetTemplate", + "pca-connector-ad:GetTemplateGroupAccessControlEntry", + "pca-connector-ad:List*", + "pca-connector-scep:GetChallengeMetadata", + "pca-connector-scep:GetConnector", + "pca-connector-scep:List*", + "personalize:Describe*", + "personalize:List*", + "pipes:Describe*", + "pipes:List*", + "proton:GetEnvironmentTemplate", + "proton:GetServiceTemplate", + "proton:List*", + "qbusiness:GetApplication", + "qbusiness:GetDataSource", + "qbusiness:GetIndex", + "qbusiness:GetPlugin", + "qbusiness:GetRetriever", + "qbusiness:GetWebExperience", + "qbusiness:List*", + "qldb:Describe*", + "qldb:List*", + "ram:GetPermission", + "ram:List*", + "rds:Describe*", + "rds:List*", + "redshift-serverless:GetNamespace", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:List*", + "redshift:Describe*", + "refactor-spaces:GetApplication", + "refactor-spaces:GetEnvironment", + "refactor-spaces:GetRoute", + "refactor-spaces:List*", + "rekognition:Describe*", + "rekognition:List*", + "resiliencehub:Describe*", + "resiliencehub:List*", + "resource-explorer-2:GetDefaultView", + "resource-explorer-2:GetIndex", + "resource-explorer-2:GetView", + "resource-explorer-2:List*", + "resource-groups:GetGroup", + "resource-groups:GetGroupConfiguration", + "resource-groups:GetGroupQuery", + "resource-groups:GetTags", + "resource-groups:List*", + "robomaker:Describe*", + "robomaker:List*", + "route53-recovery-control-config:Describe*", + "route53-recovery-control-config:List*", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:List*", + "route53:GetDNSSEC", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:List*", + "route53profiles:GetProfile", + "route53profiles:GetProfileAssociation", + "route53profiles:GetProfileResourceAssociation", + "route53profiles:List*", + "route53resolver:GetFirewallDomainList", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:GetOutpostResolver", + "route53resolver:GetResolverConfig", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:GetResolverQueryLogConfigAssociation", + "route53resolver:GetResolverRule", + "route53resolver:GetResolverRuleAssociation", + "route53resolver:List*", + "rum:GetAppMonitor", + "rum:List*", + "s3-outposts:GetAccessPoint", + "s3-outposts:GetAccessPointPolicy", + "s3-outposts:GetBucket", + "s3-outposts:GetBucketPolicy", + "s3-outposts:GetBucketTagging", + "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:List*", + "s3:GetAccelerateConfiguration", + "s3:GetAccessGrant", + "s3:GetAccessGrantsInstance", + "s3:GetAccessGrantsLocation", + "s3:GetAccessPoint", + "s3:GetAccessPointConfigurationForObjectLambda", + "s3:GetAccessPointForObjectLambda", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyForObjectLambda", + "s3:GetAccessPointPolicyStatusForObjectLambda", + "s3:GetAnalyticsConfiguration", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketOwnershipControls", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "S3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetIntelligentTieringConfiguration", + "s3:GetInventoryConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetMetricsConfiguration", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus", + "s3:GetReplicationConfiguration", + "s3:GetStorageLensConfiguration", + "s3:GetStorageLensConfigurationTagging", + "s3:GetStorageLensGroup", + "s3:List*", + "sagemaker:Describe*", + "sagemaker:List*", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:List*", + "schemas:Describe*", + "schemas:GetResourcePolicy", + "schemas:List*", + "secretsmanager:Describe*", + "secretsmanager:GetResourcePolicy", + "secretsmanager:List*", + "securityhub:BatchGetAutomationRules", + "securityhub:BatchGetSecurityControls", + "securityhub:Describe*", + "securityhub:GetConfigurationPolicy", + "securityhub:GetConfigurationPolicyAssociation", + "securityhub:GetEnabledStandards", + "securityhub:GetFindingAggregator", + "securityhub:GetInsights", + "securityhub:List*", + "securitylake:GetSubscriber", + "securitylake:List*", + "servicecatalog:Describe*", + "servicecatalog:GetApplication", + "servicecatalog:GetAttributeGroup", + "servicecatalog:List*", + "servicequotas:GetServiceQuota", + "ses:Describe*", + "ses:GetAccount", + "ses:GetAddonInstance", + "ses:GetAddonSubscription", + "ses:GetArchive", + "ses:GetConfigurationSet", + "ses:GetConfigurationSetEventDestinations", + "ses:GetContactList", + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps", + "ses:GetEmailIdentity", + "ses:GetEmailTemplate", + "ses:GetIngressPoint", + "ses:GetRelay", + "ses:GetRuleSet", + "ses:GetTemplate", + "ses:GetTrafficPolicy", + "ses:List*", + "shield:Describe*", + "shield:List*", + "signer:GetSigningProfile", + "signer:List*", + "sns:GetDataProtectionPolicy", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:List*", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:List*", + "ssm-contacts:GetContact", + "ssm-contacts:GetContactChannel", + "ssm-contacts:List*", + "ssm-incidents:GetReplicationSet", + "ssm-incidents:GetResponsePlan", + "ssm-incidents:List*", + "ssm-sap:GetApplication", + "ssm-sap:List*", + "ssm:Describe*", + "ssm:GetDefaultPatchBaseline", + "ssm:GetDocument", + "ssm:GetParameters", + "ssm:GetPatchBaseline", + "ssm:GetResourcePolicies", + "ssm:List*", + "sso-directory:SearchGroups", + "sso-directory:SearchUsers", + "sso:GetInlinePolicyForPermissionSet", + "sso:GetManagedApplicationInstance", + "sso:GetPermissionsBoundaryForPermissionSet", + "sso:GetSharedSsoConfiguration", + "sso:ListAccountAssignments", + "sso:ListApplicationAssignments", + "sso:ListApplications", + "sso:ListCustomerManagedPolicyReferencesInPermissionSet", + "sso:ListInstances", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListTagsForResource", + "states:Describe*", + "states:List*", + "synthetics:Describe*", + "synthetics:GetCanary", + "synthetics:GetGroup", + "synthetics:List*", + "tag:GetResources", + "timestream:Describe*", + "timestream:List*", + "transfer:Describe*", + "transfer:List*", + "verifiedpermissions:GetIdentitySource", + "verifiedpermissions:GetPolicy", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetPolicyTemplate", + "verifiedpermissions:GetSchema", + "verifiedpermissions:List*", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:GetAuthPolicy", + "vpc-lattice:GetListener", + "vpc-lattice:GetResourcePolicy", + "vpc-lattice:GetRule", + "vpc-lattice:GetService", + "vpc-lattice:GetServiceNetwork", + "vpc-lattice:GetServiceNetworkServiceAssociation", + "vpc-lattice:GetServiceNetworkVpcAssociation", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:List*", + "wafv2:GetIPSet", + "wafv2:GetLoggingConfiguration", + "wafv2:GetRegexPatternSet", + "wafv2:GetRuleGroup", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:List*", + "workspaces-web:GetBrowserSettings", + "workspaces-web:GetIdentityProvider", + "workspaces-web:GetNetworkSettings", + "workspaces-web:GetPortal", + "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetTrustStore", + "workspaces-web:GetUserAccessLoggingSettings", + "workspaces-web:GetUserSettings", + "workspaces-web:List*", + "workspaces:Describe*", + "xray:BatchGetTraces", + "xray:GetGroup", + "xray:GetGroups", + "xray:GetSamplingRules", + "xray:GetServiceGraph", + "xray:GetTraceSummaries", + "xray:List*" + ], + "Resource": "*", + "Effect": "Allow", + "Sid": "AIOPSServiceAccess" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetObjectAcl" + ], + "Resource": [ + "arn:aws:s3:::amplify", + "arn:aws:s3:::cdk--assets--*" + ], + "Effect": "Allow", + "Condition": { + "StringEquals": { + "aws:ViaAWSService": [ + "amplify.amazonaws.com" + ], + "aws:PrincipalAccount": [ + "${aws:ResourceAccount}" + ] + } + }, + "Sid": "AIOPSS3AccessForAmplify" + }, + { + "Action": [ + "apigateway:GET" + ], + "Resource": [ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/restapis/*/deployments", + "arn:aws:apigateway:*::/restapis/*/deployments/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations/*", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/apis/*/deployments", + "arn:aws:apigateway:*::/apis/*/deployments/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*" + ], + "Effect": "Allow", + "Sid": "AIOPSAPIGatewayAccess" + } + ] + }, + "IsDefaultVersion": true + } +}