@cloud-copilot/iam-data
Version:
520 lines • 14.7 kB
JSON
{
"acceptinvitation": {
"name": "AcceptInvitation",
"description": "Grants permission to accept an invitation to become a member of a behavior graph",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetgraphmemberdatasources": {
"name": "BatchGetGraphMemberDatasources",
"description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetmembershipdatasources": {
"name": "BatchGetMembershipDatasources",
"description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"creategraph": {
"name": "CreateGraph",
"description": "Grants permission to create a behavior graph and begin to aggregate security information",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"detective:TagResource"
]
},
"createmembers": {
"name": "CreateMembers",
"description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletegraph": {
"name": "DeleteGraph",
"description": "Grants permission to delete a behavior graph and stop aggregating security information",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletemembers": {
"name": "DeleteMembers",
"description": "Grants permission to remove member accounts from a behavior graph managed by this account",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeorganizationconfiguration": {
"name": "DescribeOrganizationConfiguration",
"description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"organizations:DescribeOrganization"
]
},
"disableorganizationadminaccount": {
"name": "DisableOrganizationAdminAccount",
"description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"organizations:DescribeOrganization"
]
},
"disassociatemembership": {
"name": "DisassociateMembership",
"description": "Grants permission to remove the association of this account with a behavior graph",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"enableorganizationadminaccount": {
"name": "EnableOrganizationAdminAccount",
"description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole",
"organizations:DescribeOrganization",
"organizations:EnableAWSServiceAccess",
"organizations:RegisterDelegatedAdministrator"
]
},
"getfreetrialeligibility": {
"name": "GetFreeTrialEligibility",
"isPermissionOnly": true,
"description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getgraphingeststate": {
"name": "GetGraphIngestState",
"isPermissionOnly": true,
"description": "Grants permission to retrieve the data ingestion state of a behavior graph",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getinvestigation": {
"name": "GetInvestigation",
"description": "Grants permission to get an investigation's status and metadata",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getmembers": {
"name": "GetMembers",
"description": "Grants permission to retrieve details on specified members of a behavior graph",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getpricinginformation": {
"name": "GetPricingInformation",
"isPermissionOnly": true,
"description": "Grants permission to retrieve information about Amazon Detective's pricing",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getusageinformation": {
"name": "GetUsageInformation",
"isPermissionOnly": true,
"description": "Grants permission to list usage information of a behavior graph",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"invokeassistant": {
"name": "InvokeAssistant",
"isPermissionOnly": true,
"description": "Grants permission to invoke Detective's Assistant",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listdatasourcepackages": {
"name": "ListDatasourcePackages",
"description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listgraphs": {
"name": "ListGraphs",
"description": "Grants permission to list behavior graphs managed by this account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listhighdegreeentities": {
"name": "ListHighDegreeEntities",
"isPermissionOnly": true,
"description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listindicators": {
"name": "ListIndicators",
"description": "Grants permission to list the indicators of an investigation",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listinvestigations": {
"name": "ListInvestigations",
"description": "Grants permission to list the investigations of a behavior graph",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listinvitations": {
"name": "ListInvitations",
"description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listmembers": {
"name": "ListMembers",
"description": "Grants permission to retrieve details on all members of a behavior graph",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listorganizationadminaccount": {
"name": "ListOrganizationAdminAccount",
"description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"organizations:DescribeOrganization"
]
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list the tag values that are assigned to a behavior graph",
"accessLevel": "List",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"rejectinvitation": {
"name": "RejectInvitation",
"description": "Grants permission to reject an invitation to become a member of a behavior graph",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"searchgraph": {
"name": "SearchGraph",
"isPermissionOnly": true,
"description": "Grants permission to search the data stored in a behavior graph",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startinvestigation": {
"name": "StartInvestigation",
"description": "Grants permission to start investigations",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startmonitoringmember": {
"name": "StartMonitoringMember",
"description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to assign tag values to a behavior graph",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to remove tag values from a behavior graph",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updatedatasourcepackages": {
"name": "UpdateDatasourcePackages",
"description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateinvestigationstate": {
"name": "UpdateInvestigationState",
"description": "Grants permission to update an investigation's state and metadata",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateorganizationconfiguration": {
"name": "UpdateOrganizationConfiguration",
"description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "Graph",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"organizations:DescribeOrganization"
]
}
}