@cloud-copilot/iam-data
Version:
1,622 lines • 43.3 kB
JSON
{
"continueservicedeployment": {
"name": "ContinueServiceDeployment",
"description": "Grants permission to continue a paused service deployment",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "service-deployment",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createcapacityprovider": {
"name": "CreateCapacityProvider",
"description": "Grants permission to create a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "capacity-provider",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:instance-metadata-tags-propagation",
"ecs:propagate-tags"
],
"dependentActions": []
},
"createcluster": {
"name": "CreateCluster",
"description": "Grants permission to create a new Amazon ECS cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:capacity-provider",
"ecs:fargate-ephemeral-storage-kms-key"
],
"dependentActions": []
},
"createdaemon": {
"name": "CreateDaemon",
"description": "Grants permission to create a new daemon in a specified cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:capacity-provider",
"ecs:daemon-task-definition",
"ecs:enable-ecs-managed-tags",
"ecs:enable-execute-command",
"ecs:propagate-tags",
"ecs:task-cpu",
"ecs:task-memory"
],
"dependentActions": []
},
"createexpressgatewayservice": {
"name": "CreateExpressGatewayService",
"description": "Grants permission to create a new Amazon ECS Express Gateway service with cluster and task definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": [
"ecs:RegisterTaskDefinition",
"iam:PassRole"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:enable-ecs-managed-tags",
"ecs:propagate-tags",
"ecs:subnet",
"ecs:task-cpu",
"ecs:task-definition",
"ecs:task-memory"
],
"dependentActions": []
},
"createservice": {
"name": "CreateService",
"description": "Grants permission to run and maintain a desired number of tasks from a specified task definition via service creation",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:auto-assign-public-ip",
"ecs:capacity-provider",
"ecs:enable-ebs-volumes",
"ecs:enable-ecs-managed-tags",
"ecs:enable-execute-command",
"ecs:enable-service-connect",
"ecs:enable-vpc-lattice",
"ecs:namespace",
"ecs:propagate-tags",
"ecs:subnet",
"ecs:task-cpu",
"ecs:task-definition",
"ecs:task-memory"
],
"dependentActions": []
},
"createtaskset": {
"name": "CreateTaskSet",
"description": "Grants permission to create a new Amazon ECS task set",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-set",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:capacity-provider",
"ecs:cluster",
"ecs:service",
"ecs:task-definition"
],
"dependentActions": []
},
"deleteaccountsetting": {
"name": "DeleteAccountSetting",
"description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are disabled for new resources that are created",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"ecs:account-setting"
],
"dependentActions": []
},
"deleteattributes": {
"name": "DeleteAttributes",
"description": "Grants permission to delete one or more custom attributes from an Amazon ECS resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"deletecapacityprovider": {
"name": "DeleteCapacityProvider",
"description": "Grants permission to delete the specified capacity provider",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "capacity-provider",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletecluster": {
"name": "DeleteCluster",
"description": "Grants permission to delete the specified cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletedaemon": {
"name": "DeleteDaemon",
"description": "Grants permission to delete a specified daemon within a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"deletedaemontaskdefinition": {
"name": "DeleteDaemonTaskDefinition",
"description": "Grants permission to delete the specified daemon task definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "daemon-task-definition",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteexpressgatewayservice": {
"name": "DeleteExpressGatewayService",
"description": "Grants permission to delete a specified Express Gateway service",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"deleteservice": {
"name": "DeleteService",
"description": "Grants permission to delete a specified service within a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"deletetaskdefinitions": {
"name": "DeleteTaskDefinitions",
"description": "Grants permission to delete the specified task definitions by family and revision",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-definition",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletetaskset": {
"name": "DeleteTaskSet",
"description": "Grants permission to delete the specified task set",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-set",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
},
"deregistercontainerinstance": {
"name": "DeregisterContainerInstance",
"description": "Grants permission to deregister an Amazon ECS container instance from the specified cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deregistertaskdefinition": {
"name": "DeregisterTaskDefinition",
"description": "Grants permission to deregister the specified task definition by family and revision",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describecapacityproviders": {
"name": "DescribeCapacityProviders",
"description": "Grants permission to describe one or more Amazon ECS capacity providers",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "capacity-provider",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeclusters": {
"name": "DescribeClusters",
"description": "Grants permission to describes one or more of your clusters",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecontainerinstances": {
"name": "DescribeContainerInstances",
"description": "Grants permission to describes Amazon ECS container instances",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"describedaemon": {
"name": "DescribeDaemon",
"description": "Grants permission to describe the specified daemon running in your cluster",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"describedaemondeployments": {
"name": "DescribeDaemonDeployments",
"description": "Grants permission to describe one or more of your daemon deployments",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "daemon-deployment",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:daemon"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedaemonrevisions": {
"name": "DescribeDaemonRevisions",
"description": "Grants permission to describe one or more of your daemon revisions",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "daemon-revision",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:daemon"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedaemontaskdefinition": {
"name": "DescribeDaemonTaskDefinition",
"description": "Grants permission to describe a daemon task definition",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "daemon-task-definition",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeexpressgatewayservice": {
"name": "DescribeExpressGatewayService",
"description": "Grants permission to describe the specified Express Gateway service",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"describeservicedeployments": {
"name": "DescribeServiceDeployments",
"description": "Grants permission to describe one or more of your service deployments",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "service-deployment",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeservicerevisions": {
"name": "DescribeServiceRevisions",
"description": "Grants permission to describe one or more of your service revisions",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "service-revision",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeservices": {
"name": "DescribeServices",
"description": "Grants permission to describe the specified services running in your cluster",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"describetaskdefinition": {
"name": "DescribeTaskDefinition",
"description": "Grants permission to describe a task definition. You can specify a family and revision to find information about a specific task definition, or you can simply specify the family to find the latest ACTIVE revision in that family",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describetasksets": {
"name": "DescribeTaskSets",
"description": "Grants permission to describe Amazon ECS task sets",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "task-set",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
},
"describetasks": {
"name": "DescribeTasks",
"description": "Grants permission to describe a specified task or tasks",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "task",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"discoverpollendpoint": {
"name": "DiscoverPollEndpoint",
"description": "Grants permission to get an endpoint for the Amazon ECS agent to poll for updates",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"executecommand": {
"name": "ExecuteCommand",
"description": "Grants permission to run a command remotely on an Amazon ECS container",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:container-name",
"ecs:task"
],
"dependentActions": []
},
"gettaskprotection": {
"name": "GetTaskProtection",
"description": "Grants permission to retrieve the protection status of tasks in an Amazon ECS service",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "task",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"listaccountsettings": {
"name": "ListAccountSettings",
"description": "Grants permission to list the account settings for an Amazon ECS resource for a specified principal",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listattributes": {
"name": "ListAttributes",
"description": "Grants permission to lists the attributes for Amazon ECS resources within a specified target type and cluster",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listclusters": {
"name": "ListClusters",
"description": "Grants permission to get a list of existing clusters",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listcontainerinstances": {
"name": "ListContainerInstances",
"description": "Grants permission to get a list of container instances in a specified cluster",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listdaemondeployments": {
"name": "ListDaemonDeployments",
"description": "Grants permission to get a list of daemon deployments for a specified daemon",
"accessLevel": "List",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"listdaemontaskdefinitions": {
"name": "ListDaemonTaskDefinitions",
"description": "Grants permission to get a list of daemon task definitions that are registered to your account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listdaemons": {
"name": "ListDaemons",
"description": "Grants permission to get a list of daemons that are running in a specified cluster",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [
"ecs:cluster"
],
"dependentActions": []
},
"listservicedeployments": {
"name": "ListServiceDeployments",
"description": "Grants permission to get a list of service deployments for a specified service",
"accessLevel": "List",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"listservices": {
"name": "ListServices",
"description": "Grants permission to get a list of services that are running in a specified cluster",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [
"ecs:cluster"
],
"dependentActions": []
},
"listservicesbynamespace": {
"name": "ListServicesByNamespace",
"description": "Grants permission to get a list of services that are running in a specified AWS Cloud Map Namespace",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [
"ecs:namespace"
],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to get a list of tags for the specified resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "capacity-provider",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "container-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "service",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-set",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listtaskdefinitionfamilies": {
"name": "ListTaskDefinitionFamilies",
"description": "Grants permission to get a list of task definition families that are registered to your account (which may include task definition families that no longer have any ACTIVE task definitions)",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtaskdefinitions": {
"name": "ListTaskDefinitions",
"description": "Grants permission to get a list of task definitions that are registered to your account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtasks": {
"name": "ListTasks",
"description": "Grants permission to get a list of tasks for a specified cluster",
"accessLevel": "List",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"poll": {
"name": "Poll",
"isPermissionOnly": true,
"description": "Grants permission to an agent to connect with the Amazon ECS service to report status and get commands",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:cluster"
],
"dependentActions": []
},
"putaccountsetting": {
"name": "PutAccountSetting",
"description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are enabled for new resources that are created. Enabling this setting is required to use new Amazon ECS features such as resource tagging",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"ecs:account-setting"
],
"dependentActions": []
},
"putaccountsettingdefault": {
"name": "PutAccountSettingDefault",
"description": "Grants permission to modify the ARN and resource ID format of a resource type for all IAM users on an account for which no individual account setting has been set. Enabling this setting is required to use new Amazon ECS features such as resource tagging",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"ecs:account-setting"
],
"dependentActions": []
},
"putattributes": {
"name": "PutAttributes",
"description": "Grants permission to create or update an attribute on an Amazon ECS resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"putclustercapacityproviders": {
"name": "PutClusterCapacityProviders",
"description": "Grants permission to modify the available capacity providers and the default capacity provider strategy for a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:capacity-provider"
],
"dependentActions": []
},
"putsystemlogevents": {
"name": "PutSystemLogEvents",
"isPermissionOnly": true,
"description": "Grants permission to collect system logs from the container instances",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
{
"name": "container-instance",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:capacity-provider",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"registercontainerinstance": {
"name": "RegisterContainerInstance",
"description": "Grants permission to register an EC2 instance into the specified cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"registerdaemontaskdefinition": {
"name": "RegisterDaemonTaskDefinition",
"description": "Grants permission to register a new daemon task definition from the supplied family and containerDefinitions",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "daemon-task-definition",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:privileged",
"ecs:task-cpu",
"ecs:task-memory"
],
"dependentActions": []
},
"registertaskdefinition": {
"name": "RegisterTaskDefinition",
"description": "Grants permission to register a new task definition from the supplied family and containerDefinitions",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-definition",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ecs:compute-compatibility",
"ecs:privileged",
"ecs:task-cpu",
"ecs:task-memory"
],
"dependentActions": []
},
"runtask": {
"name": "RunTask",
"description": "Grants permission to start a task using random placement and the default Amazon ECS scheduler",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecs:capacity-provider",
"ecs:cluster",
"ecs:enable-ebs-volumes",
"ecs:enable-execute-command"
],
"dependentActions": []
},
"starttask": {
"name": "StartTask",
"description": "Grants permission to start a new task from the specified task definition on the specified container instance or instances",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecs:cluster",
"ecs:container-instances",
"ecs:enable-ebs-volumes",
"ecs:enable-execute-command"
],
"dependentActions": []
},
"starttelemetrysession": {
"name": "StartTelemetrySession",
"isPermissionOnly": true,
"description": "Grants permission to start a telemetry session",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:cluster"
],
"dependentActions": []
},
"stopservicedeployment": {
"name": "StopServiceDeployment",
"description": "Grants permission to stop an ongoing service deployment",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
{
"name": "service-deployment",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"stoptask": {
"name": "StopTask",
"description": "Grants permission to stop a running task",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"submitattachmentstatechanges": {
"name": "SubmitAttachmentStateChanges",
"description": "Grants permission to send an acknowledgement that attachments changed states",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"submitcontainerstatechange": {
"name": "SubmitContainerStateChange",
"description": "Grants permission to send an acknowledgement that a container changed states",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"submittaskstatechange": {
"name": "SubmitTaskStateChange",
"description": "Grants permission to send an acknowledgement that a task changed states",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to tag the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "capacity-provider",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "container-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "daemon",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "daemon-task-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "service",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-set",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecs:CreateAction"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to untag the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "capacity-provider",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "container-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "daemon",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "daemon-task-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "service",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task-set",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"updatecapacityprovider": {
"name": "UpdateCapacityProvider",
"description": "Grants permission to update the specified capacity provider",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "capacity-provider",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:instance-metadata-tags-propagation",
"ecs:propagate-tags"
],
"dependentActions": []
},
"updatecluster": {
"name": "UpdateCluster",
"description": "Grants permission to modify the configuration or settings to use for a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:fargate-ephemeral-storage-kms-key"
],
"dependentActions": []
},
"updateclustersettings": {
"name": "UpdateClusterSettings",
"description": "Grants permission to modify the settings to use for a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"updatecontaineragent": {
"name": "UpdateContainerAgent",
"description": "Grants permission to update the Amazon ECS container agent on a specified container instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"updatecontainerinstancesstate": {
"name": "UpdateContainerInstancesState",
"description": "Grants permission to the user to modify the status of an Amazon ECS container instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "container-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"updatedaemon": {
"name": "UpdateDaemon",
"description": "Grants permission to modify the parameters of a daemon",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "daemon",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:capacity-provider",
"ecs:daemon-task-definition",
"ecs:enable-ecs-managed-tags",
"ecs:enable-execute-command",
"ecs:propagate-tags",
"ecs:task-cpu",
"ecs:task-memory"
],
"dependentActions": []
},
"updateexpressgatewayservice": {
"name": "UpdateExpressGatewayService",
"description": "Grants permission to modify the parameters of an Express Gateway service",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:enable-ecs-managed-tags",
"ecs:propagate-tags",
"ecs:subnet",
"ecs:task-cpu",
"ecs:task-memory"
],
"dependentActions": []
},
"updateservice": {
"name": "UpdateService",
"description": "Grants permission to modify the parameters of a service",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
}
],
"conditionKeys": [
"ecs:auto-assign-public-ip",
"ecs:capacity-provider",
"ecs:enable-ebs-volumes",
"ecs:enable-ecs-managed-tags",
"ecs:enable-execute-command",
"ecs:enable-service-connect",
"ecs:enable-vpc-lattice",
"ecs:namespace",
"ecs:propagate-tags",
"ecs:subnet",
"ecs:task-cpu",
"ecs:task-definition",
"ecs:task-memory"
],
"dependentActions": []
},
"updateserviceprimarytaskset": {
"name": "UpdateServicePrimaryTaskSet",
"description": "Grants permission to modify the primary task set used in a service",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "service",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"updatetaskprotection": {
"name": "UpdateTaskProtection",
"description": "Grants permission to modify the protection status of a task",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster"
],
"dependentActions": []
},
"updatetaskset": {
"name": "UpdateTaskSet",
"description": "Grants permission to update the specified task set",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "task-set",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ecs:cluster",
"ecs:service"
],
"dependentActions": []
}
}