@cloud-copilot/iam-data
Version:
1,748 lines • 72.6 kB
JSON
{
"addtagstoresource": {
"name": "AddTagsToResource",
"description": "Grants permission to add or overwrite one or more tags for a specified AWS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "association",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "automation-execution",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "maintenancewindow",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsitem",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsmetadata",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parameter",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "patchbaseline",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"associateopsitemrelateditem": {
"name": "AssociateOpsItemRelatedItem",
"description": "Grants permission to associate RelatedItem to an OpsItem",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "opsitem",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"cancelcommand": {
"name": "CancelCommand",
"description": "Grants permission to cancel a specified Run Command command",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"cancelmaintenancewindowexecution": {
"name": "CancelMaintenanceWindowExecution",
"description": "Grants permission to cancel an in-progress maintenance window execution",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createactivation": {
"name": "CreateActivation",
"description": "Grants permission to create an activation that is used to register on-premises servers and virtual machines (VMs) with Systems Manager",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createassociation": {
"name": "CreateAssociation",
"description": "Grants permission to associate a specified Systems Manager document with specified instances or other targets",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "association",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createassociationbatch": {
"name": "CreateAssociationBatch",
"description": "Grants permission to combine entries for multiple CreateAssociation operations in a single command",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdocument": {
"name": "CreateDocument",
"description": "Grants permission to create a Systems Manager SSM document",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"ssm:DocumentType"
],
"dependentActions": []
},
"createmaintenancewindow": {
"name": "CreateMaintenanceWindow",
"description": "Grants permission to create a maintenance window",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createopsitem": {
"name": "CreateOpsItem",
"description": "Grants permission to create an OpsItem in OpsCenter",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createopsmetadata": {
"name": "CreateOpsMetadata",
"description": "Grants permission to create an OpsMetadata object for an AWS resource",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createpatchbaseline": {
"name": "CreatePatchBaseline",
"description": "Grants permission to create a patch baseline",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createresourcedatasync": {
"name": "CreateResourceDataSync",
"description": "Grants permission to create a resource data sync configuration, which regularly collects inventory data from managed instances and updates the data in an Amazon S3 bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "resourcedatasync",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:SyncType"
],
"dependentActions": []
},
"deleteactivation": {
"name": "DeleteActivation",
"description": "Grants permission to delete a specified activation for managed instances",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteassociation": {
"name": "DeleteAssociation",
"description": "Grants permission to disassociate a specified SSM document from a specified instance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "association",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletedocument": {
"name": "DeleteDocument",
"description": "Grants permission to delete a specified SSM document and its instance associations",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"deleteinventory": {
"name": "DeleteInventory",
"description": "Grants permission to delete a specified custom inventory type, or the data associated with a custom inventory type",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletemaintenancewindow": {
"name": "DeleteMaintenanceWindow",
"description": "Grants permission to delete a specified maintenance window",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteopsitem": {
"name": "DeleteOpsItem",
"description": "Grants permission to delete an OpsItem",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "opsitem",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteopsmetadata": {
"name": "DeleteOpsMetadata",
"description": "Grants permission to delete an OpsMetadata object",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "opsmetadata",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteparameter": {
"name": "DeleteParameter",
"description": "Grants permission to delete a specified SSM parameter",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteparameters": {
"name": "DeleteParameters",
"description": "Grants permission to delete multiple specified SSM parameters",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletepatchbaseline": {
"name": "DeletePatchBaseline",
"description": "Grants permission to delete a specified patch baseline",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "patchbaseline",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteresourcedatasync": {
"name": "DeleteResourceDataSync",
"description": "Grants permission to delete a specified resource data sync",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "resourcedatasync",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:SyncType"
],
"dependentActions": []
},
"deleteresourcepolicy": {
"name": "DeleteResourcePolicy",
"description": "Grants permission to delete a Systems Manager resource policy",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsitemgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parameter",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deregistermanagedinstance": {
"name": "DeregisterManagedInstance",
"description": "Grants permission to deregister a specified on-premises server or virtual machine (VM) from Systems Manager",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "managed-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:resourceTag/tag-key"
],
"dependentActions": []
},
"deregisterpatchbaselineforpatchgroup": {
"name": "DeregisterPatchBaselineForPatchGroup",
"description": "Grants permission to deregister a specified patch baseline from being the default patch baseline for a specified patch group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "patchbaseline",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deregistertargetfrommaintenancewindow": {
"name": "DeregisterTargetFromMaintenanceWindow",
"description": "Grants permission to deregister a specified target from a maintenance window",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "windowtarget",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deregistertaskfrommaintenancewindow": {
"name": "DeregisterTaskFromMaintenanceWindow",
"description": "Grants permission to deregister a specified task from a maintenance window",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "windowtask",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeactivations": {
"name": "DescribeActivations",
"description": "Grants permission to view details about a specified managed instance activation, such as when it was created and the number of instances registered using the activation",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeassociation": {
"name": "DescribeAssociation",
"description": "Grants permission to view details about the specified association for a specified instance or target",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "association",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeassociationexecutiontargets": {
"name": "DescribeAssociationExecutionTargets",
"description": "Grants permission to view information about a specified association execution",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "association",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeassociationexecutions": {
"name": "DescribeAssociationExecutions",
"description": "Grants permission to view all executions for a specified association",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "association",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeautomationexecutions": {
"name": "DescribeAutomationExecutions",
"description": "Grants permission to view details about all active and terminated Automation executions",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeautomationstepexecutions": {
"name": "DescribeAutomationStepExecutions",
"description": "Grants permission to view information about all active and terminated step executions in an Automation workflow",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "automation-execution",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeavailablepatches": {
"name": "DescribeAvailablePatches",
"description": "Grants permission to view all patches eligible to include in a patch baseline",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedocument": {
"name": "DescribeDocument",
"description": "Grants permission to view details about a specified SSM document",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"describedocumentparameters": {
"name": "DescribeDocumentParameters",
"description": "Grants permission to display information about SSM document parameters in the Systems Manager console (internal Systems Manager action)",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describedocumentpermission": {
"name": "DescribeDocumentPermission",
"description": "Grants permission to view the permissions for a specified SSM document",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"describeeffectiveinstanceassociations": {
"name": "DescribeEffectiveInstanceAssociations",
"description": "Grants permission to view all current associations for a specified instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeeffectivepatchesforpatchbaseline": {
"name": "DescribeEffectivePatchesForPatchBaseline",
"description": "Grants permission to view details about the patches currently associated with the specified patch baseline (Windows only)",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "patchbaseline",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeinstanceassociationsstatus": {
"name": "DescribeInstanceAssociationsStatus",
"description": "Grants permission to view the status of the associations for a specified instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeinstanceinformation": {
"name": "DescribeInstanceInformation",
"description": "Grants permission to view details about a specified instance",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeinstancepatchstates": {
"name": "DescribeInstancePatchStates",
"description": "Grants permission to view status details about patches on a specified instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ssm:resourceTag/${TagKey}"
],
"dependentActions": []
},
"describeinstancepatchstatesforpatchgroup": {
"name": "DescribeInstancePatchStatesForPatchGroup",
"description": "Grants permission to describe the high-level patch state for the instances in the specified patch group",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeinstancepatches": {
"name": "DescribeInstancePatches",
"description": "Grants permission to view general details about the patches on a specified instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ssm:resourceTag/${TagKey}"
],
"dependentActions": []
},
"describeinstanceproperties": {
"name": "DescribeInstanceProperties",
"description": "Grants permission to user's Amazon EC2 console to render managed instances' nodes",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeinventorydeletions": {
"name": "DescribeInventoryDeletions",
"description": "Grants permission to view details about a specified inventory deletion",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowexecutiontaskinvocations": {
"name": "DescribeMaintenanceWindowExecutionTaskInvocations",
"description": "Grants permission to view details of a specified task execution for a maintenance window",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowexecutiontasks": {
"name": "DescribeMaintenanceWindowExecutionTasks",
"description": "Grants permission to view details about the tasks that ran during a specified maintenance window execution",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowexecutions": {
"name": "DescribeMaintenanceWindowExecutions",
"description": "Grants permission to view the executions of a specified maintenance window",
"accessLevel": "List",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowschedule": {
"name": "DescribeMaintenanceWindowSchedule",
"description": "Grants permission to view details about upcoming executions of a specified maintenance window",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowtargets": {
"name": "DescribeMaintenanceWindowTargets",
"description": "Grants permission to view a list of the targets associated with a specified maintenance window",
"accessLevel": "List",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowtasks": {
"name": "DescribeMaintenanceWindowTasks",
"description": "Grants permission to view a list of the tasks associated with a specified maintenance window",
"accessLevel": "List",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindows": {
"name": "DescribeMaintenanceWindows",
"description": "Grants permission to view information about all or specified maintenance windows",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemaintenancewindowsfortarget": {
"name": "DescribeMaintenanceWindowsForTarget",
"description": "Grants permission to view information about the maintenance window targets and tasks associated with a specified instance",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeopsitems": {
"name": "DescribeOpsItems",
"description": "Grants permission to view details about specified OpsItems",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeparameters": {
"name": "DescribeParameters",
"description": "Grants permission to view details about a specified SSM parameter",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describepatchbaselines": {
"name": "DescribePatchBaselines",
"description": "Grants permission to view information about patch baselines that meet the specified criteria",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describepatchgroupstate": {
"name": "DescribePatchGroupState",
"description": "Grants permission to view aggregated status details for patches for a specified patch group",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describepatchgroups": {
"name": "DescribePatchGroups",
"description": "Grants permission to view information about the patch baseline for a specified patch group",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describepatchproperties": {
"name": "DescribePatchProperties",
"description": "Grants permission to view details of available patches for a specified operating system and patch property",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describesessions": {
"name": "DescribeSessions",
"description": "Grants permission to view a list of recent Session Manager sessions that meet the specified search criteria",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disassociateopsitemrelateditem": {
"name": "DisassociateOpsItemRelatedItem",
"description": "Grants permission to disassociate RelatedItem from an OpsItem",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "opsitem",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"executeapi": {
"name": "ExecuteAPI",
"description": "Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getaccesstoken": {
"name": "GetAccessToken",
"description": "Grants permission to return a credentials set to be used with just-in-time node access",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "opsitem",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getautomationexecution": {
"name": "GetAutomationExecution",
"description": "Grants permission to view details of a specified Automation execution",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "automation-execution",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getcalendar": {
"name": "GetCalendar",
"isPermissionOnly": true,
"description": "Grants permission to view details of a specific calendar",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getcalendarstate": {
"name": "GetCalendarState",
"description": "Grants permission to view the calendar state for a change calendar or a list of change calendars",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getcommandinvocation": {
"name": "GetCommandInvocation",
"description": "Grants permission to view details about the command execution of a specified invocation or plugin",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getconnectionstatus": {
"name": "GetConnectionStatus",
"description": "Grants permission to view the Session Manager connection status for a specified managed instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "task",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:resourceTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getdefaultpatchbaseline": {
"name": "GetDefaultPatchBaseline",
"description": "Grants permission to view the current default patch baseline for a specified operating system type",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "patchbaseline",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdeployablepatchsnapshotforinstance": {
"name": "GetDeployablePatchSnapshotForInstance",
"description": "Grants permission to retrieve the current patch baseline snapshot for a specified instance",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getdocument": {
"name": "GetDocument",
"description": "Grants permission to view the contents of a specified SSM document",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentCategories",
"ssm:DocumentType"
],
"dependentActions": []
},
"getexecutionpreview": {
"name": "GetExecutionPreview",
"description": "Grants permission to retrieve an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getinventory": {
"name": "GetInventory",
"description": "Grants permission to view instance inventory details per the specified criteria",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getinventoryschema": {
"name": "GetInventorySchema",
"description": "Grants permission to view a list of inventory types or attribute names for a specified inventory item type",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getmaintenancewindow": {
"name": "GetMaintenanceWindow",
"description": "Grants permission to view details about a specified maintenance window",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getmaintenancewindowexecution": {
"name": "GetMaintenanceWindowExecution",
"description": "Grants permission to view details about a specified maintenance window execution",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getmaintenancewindowexecutiontask": {
"name": "GetMaintenanceWindowExecutionTask",
"description": "Grants permission to view details about a specified maintenance window execution task",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getmaintenancewindowexecutiontaskinvocation": {
"name": "GetMaintenanceWindowExecutionTaskInvocation",
"description": "Grants permission to view details about a specific maintenance window task running on a specific target",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getmaintenancewindowtask": {
"name": "GetMaintenanceWindowTask",
"description": "Grants permission to view details about tasks registered with a specified maintenance window",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "maintenancewindow",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getmanifest": {
"name": "GetManifest",
"isPermissionOnly": true,
"description": "Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getopsitem": {
"name": "GetOpsItem",
"description": "Grants permission to view information about a specified OpsItem",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "opsitem",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getopsmetadata": {
"name": "GetOpsMetadata",
"description": "Grants permission to retrieve an OpsMetadata object",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "opsmetadata",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getopssummary": {
"name": "GetOpsSummary",
"description": "Grants permission to view summary information about OpsItems based on specified filters and aggregators",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "resourcedatasync",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getparameter": {
"name": "GetParameter",
"description": "Grants permission to view information about a specified parameter",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getparameterhistory": {
"name": "GetParameterHistory",
"description": "Grants permission to view details and changes for a specified parameter",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getparameters": {
"name": "GetParameters",
"description": "Grants permission to view information about multiple specified parameters",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getparametersbypath": {
"name": "GetParametersByPath",
"description": "Grants permission to view information about parameters in a specified hierarchy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:Recursive"
],
"dependentActions": []
},
"getpatchbaseline": {
"name": "GetPatchBaseline",
"description": "Grants permission to view information about a specified patch baseline",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "patchbaseline",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getpatchbaselineforpatchgroup": {
"name": "GetPatchBaselineForPatchGroup",
"description": "Grants permission to view the ID of the current patch baseline for a specified patch group",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getresourcepolicies": {
"name": "GetResourcePolicies",
"description": "Grants permission to retrieve lists of Systems Manager resource policies",
"accessLevel": "List",
"resourceTypes": [
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsitemgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parameter",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getservicesetting": {
"name": "GetServiceSetting",
"description": "Grants permission to view the account-level setting for an AWS service",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "servicesetting",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"labelparameterversion": {
"name": "LabelParameterVersion",
"description": "Grants permission to apply an identifying label to a specified version of a parameter",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parameter",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listassociationversions": {
"name": "ListAssociationVersions",
"description": "Grants permission to list versions of the specified association",
"accessLevel": "List",
"resourceTypes": [
{
"name": "association",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listassociations": {
"name": "ListAssociations",
"description": "Grants permission to list the associations for a specified SSM document or managed instance",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listcommandinvocations": {
"name": "ListCommandInvocations",
"description": "Grants permission to list information about command invocations sent to a specified instance",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listcommands": {
"name": "ListCommands",
"description": "Grants permission to list the commands sent to a specified instance",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listcomplianceitems": {
"name": "ListComplianceItems",
"description": "Grants permission to list compliance status for specified resource types on a specified resource",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listcompliancesummaries": {
"name": "ListComplianceSummaries",
"description": "Grants permission to list a summary count of compliant and noncompliant resources for a specified compliance type",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listdocumentmetadatahistory": {
"name": "ListDocumentMetadataHistory",
"description": "Grants permission to view metadata history about a specified SSM document",
"accessLevel": "List",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"listdocumentversions": {
"name": "ListDocumentVersions",
"description": "Grants permission to list all versions of a specified document",
"accessLevel": "List",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"listdocuments": {
"name": "ListDocuments",
"description": "Grants permission to view information about a specified SSM document",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listinstanceassociations": {
"name": "ListInstanceAssociations",
"description": "Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)",
"accessLevel": "List",
"resourceTypes": [
{
"name": "instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listinventoryentries": {
"name": "ListInventoryEntries",
"description": "Grants permission to view a list of specified inventory types for a specified instance",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listnodes": {
"name": "ListNodes",
"description": "Grants permission to view details about managed nodes based on specified filters",
"accessLevel": "List",
"resourceTypes": [
{
"name": "resourcedatasync",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listnodessummary": {
"name": "ListNodesSummary",
"description": "Grants permission to view summary information about managed nodes based on specified filters and aggregators",
"accessLevel": "List",
"resourceTypes": [
{
"name": "resourcedatasync",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listopsitemevents": {
"name": "ListOpsItemEvents",
"description": "Grants permission to view details about OpsItemEvents",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listopsitemrelateditems": {
"name": "ListOpsItemRelatedItems",
"description": "Grants permission to view details about OpsItem RelatedItems",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listopsmetadata": {
"name": "ListOpsMetadata",
"description": "Grants permission to view a list of OpsMetadata objects",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listresourcecompliancesummaries": {
"name": "ListResourceComplianceSummaries",
"description": "Grants permission to list resource-level summary count",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listresourcedatasync": {
"name": "ListResourceDataSync",
"description": "Grants permission to list information about resource data sync configurations in an account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [
"ssm:SyncType"
],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to view a list of resource tags for a specified resource",
"accessLevel": "List",
"resourceTypes": [
{
"name": "association",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "automation-execution",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "document",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "maintenancewindow",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managed-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsitem",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "opsmetadata",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parameter",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "patchbaseline",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"modifydocumentpermission": {
"name": "ModifyDocumentPermission",
"description": "Grants permission to share a custom SSM document publicly or privately with specified AWS accounts",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"ssm:DocumentType"
],
"dependentActions": []
},
"putcalendar": {
"name": "PutCalendar",
"isPermissionOnly": true,
"description": "Grants permission to create/edit a specific calendar",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "document",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putcomplianceitems": {
"name": "PutComplianceItems",
"description": "Grants permission to register a compliance type and