@cloud-copilot/iam-data
Version:
1,836 lines • 52.4 kB
JSON
{
"addtagstoresource": {
"name": "AddTagsToResource",
"description": "Grants permission to add tags to an ElastiCache resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parametergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "reserved-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscache",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscachesnapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subnetgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "user",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"authorizecachesecuritygroupingress": {
"name": "AuthorizeCacheSecurityGroupIngress",
"description": "Grants permission to authorize an EC2 security group on a ElastiCache security group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "securitygroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:AuthorizeSecurityGroupIngress"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"batchapplyupdateaction": {
"name": "BatchApplyUpdateAction",
"description": "Grants permission to apply ElastiCache service updates to sets of clusters and replication groups",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"s3:GetObject"
]
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"batchstopupdateaction": {
"name": "BatchStopUpdateAction",
"description": "Grants permission to stop ElastiCache service updates from being executed on a set of clusters",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"completemigration": {
"name": "CompleteMigration",
"description": "Grants permission to complete an online migration of data from hosted Redis on Amazon EC2 to ElastiCache",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"connect": {
"name": "Connect",
"description": "Grants permission to connect as a specified ElastiCache user to an ElastiCache Replication Group or ElastiCache serverless cache",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscache",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"copyserverlesscachesnapshot": {
"name": "CopyServerlessCacheSnapshot",
"description": "Grants permission to make a copy of an existing serverless cache snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscachesnapshot",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:KmsKeyId"
],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"copysnapshot": {
"name": "CopySnapshot",
"description": "Grants permission to make a copy of an existing snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:PutObject"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:KmsKeyId"
],
"dependentActions": []
},
"createcachecluster": {
"name": "CreateCacheCluster",
"description": "Grants permission to create a cache cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticache:AddTagsToResource",
"s3:GetObject"
]
},
{
"name": "cluster",
"required": false,
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:CacheNodeType",
"elasticache:EngineVersion",
"elasticache:EngineType",
"elasticache:MultiAZEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [
"elasticache:CacheNodeType",
"elasticache:EngineVersion",
"elasticache:EngineType",
"elasticache:MultiAZEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subnetgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"createcacheparametergroup": {
"name": "CreateCacheParameterGroup",
"description": "Grants permission to create a parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
"createcachesecuritygroup": {
"name": "CreateCacheSecurityGroup",
"description": "Grants permission to create a cache security group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "securitygroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createcachesubnetgroup": {
"name": "CreateCacheSubnetGroup",
"description": "Grants permission to create a cache subnet group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "subnetgroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createglobalreplicationgroup": {
"name": "CreateGlobalReplicationGroup",
"description": "Grants permission to create a global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"createreplicationgroup": {
"name": "CreateReplicationGroup",
"description": "Grants permission to create a replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticache:AddTagsToResource",
"s3:GetObject"
]
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "globalreplicationgroup",
"required": false,
"conditionKeys": [
"elasticache:NumNodeGroups",
"elasticache:CacheNodeType",
"elasticache:ReplicasPerNodeGroup",
"elasticache:EngineVersion",
"elasticache:EngineType",
"elasticache:AtRestEncryptionEnabled",
"elasticache:TransitEncryptionEnabled",
"elasticache:AutomaticFailoverEnabled",
"elasticache:MultiAZEnabled",
"elasticache:ClusterModeEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:KmsKeyId",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:NumNodeGroups",
"elasticache:CacheNodeType",
"elasticache:ReplicasPerNodeGroup",
"elasticache:EngineVersion",
"elasticache:EngineType",
"elasticache:AtRestEncryptionEnabled",
"elasticache:TransitEncryptionEnabled",
"elasticache:AutomaticFailoverEnabled",
"elasticache:MultiAZEnabled",
"elasticache:ClusterModeEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:KmsKeyId",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subnetgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"createserverlesscache": {
"name": "CreateServerlessCache",
"description": "Grants permission to create a serverless cache",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscache",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:EngineType",
"elasticache:EngineVersion",
"elasticache:SnapshotRetentionLimit",
"elasticache:KmsKeyId",
"elasticache:MinimumDataStorage",
"elasticache:MaximumDataStorage",
"elasticache:DataStorageUnit",
"elasticache:MinimumECPUPerSecond",
"elasticache:MaximumECPUPerSecond"
],
"dependentActions": [
"ec2:CreateTags",
"ec2:CreateVpcEndpoint",
"ec2:DeleteVpcEndpoints",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"elasticache:AddTagsToResource",
"s3:GetObject"
]
},
{
"name": "serverlesscachesnapshot",
"required": false,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createserverlesscachesnapshot": {
"name": "CreateServerlessCacheSnapshot",
"description": "Grants permission to create a copy of a serverless cache at a specific moment in time",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscache",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"elasticache:AddTagsToResource"
]
},
{
"name": "serverlesscachesnapshot",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:KmsKeyId"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createsnapshot": {
"name": "CreateSnapshot",
"description": "Grants permission to create a copy of an entire Redis cluster at a specific moment in time",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:KmsKeyId"
],
"dependentActions": [
"elasticache:AddTagsToResource",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:PutObject"
]
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"createuser": {
"name": "CreateUser",
"description": "Grants permission to create a user for Redis. Users are supported from Redis 6.0 onwards",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticache:UserAuthenticationMode"
],
"dependentActions": []
},
"createusergroup": {
"name": "CreateUserGroup",
"description": "Grants permission to create a user group for Redis. Groups are supported from Redis 6.0 onwards",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
},
{
"name": "usergroup",
"required": true,
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"decreasenodegroupsinglobalreplicationgroup": {
"name": "DecreaseNodeGroupsInGlobalReplicationGroup",
"description": "Grants permission to decrease the number of node groups in global replication groups",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticache:NumNodeGroups"
],
"dependentActions": []
},
"decreasereplicacount": {
"name": "DecreaseReplicaCount",
"description": "Grants permission to decrease the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:ReplicasPerNodeGroup"
],
"dependentActions": []
},
"deletecachecluster": {
"name": "DeleteCacheCluster",
"description": "Grants permission to delete a previously provisioned cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletecacheparametergroup": {
"name": "DeleteCacheParameterGroup",
"description": "Grants permission to delete the specified cache parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
"deletecachesecuritygroup": {
"name": "DeleteCacheSecurityGroup",
"description": "Grants permission to delete a cache security group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "securitygroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletecachesubnetgroup": {
"name": "DeleteCacheSubnetGroup",
"description": "Grants permission to delete a cache subnet group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "subnetgroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteglobalreplicationgroup": {
"name": "DeleteGlobalReplicationGroup",
"description": "Grants permission to delete an existing global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletereplicationgroup": {
"name": "DeleteReplicationGroup",
"description": "Grants permission to delete an existing replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteserverlesscache": {
"name": "DeleteServerlessCache",
"description": "Grants permission to delete a serverless cache",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscache",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"ec2:DescribeTags"
]
},
{
"name": "serverlesscachesnapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteserverlesscachesnapshot": {
"name": "DeleteServerlessCacheSnapshot",
"description": "Grants permission to delete a serverless cache snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscachesnapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletesnapshot": {
"name": "DeleteSnapshot",
"description": "Grants permission to delete an existing snapshot",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteuser": {
"name": "DeleteUser",
"description": "Grants permission to delete an existing user and thus remove it from all user groups and replication groups where it was assigned",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteusergroup": {
"name": "DeleteUserGroup",
"description": "Grants permission to delete an existing user group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "usergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecacheclusters": {
"name": "DescribeCacheClusters",
"description": "Grants permission to list information about provisioned cache clusters",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecacheengineversions": {
"name": "DescribeCacheEngineVersions",
"description": "Grants permission to list available cache engines and their versions",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describecacheparametergroups": {
"name": "DescribeCacheParameterGroups",
"description": "Grants permission to list cache parameter group descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecacheparameters": {
"name": "DescribeCacheParameters",
"description": "Grants permission to retrieve the detailed parameter list for a particular cache parameter group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecachesecuritygroups": {
"name": "DescribeCacheSecurityGroups",
"description": "Grants permission to list cache security group descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "securitygroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describecachesubnetgroups": {
"name": "DescribeCacheSubnetGroups",
"description": "Grants permission to list cache subnet group descriptions",
"accessLevel": "List",
"resourceTypes": [
{
"name": "subnetgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeenginedefaultparameters": {
"name": "DescribeEngineDefaultParameters",
"description": "Grants permission to retrieve the default engine and system parameter information for the specified cache engine",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeevents": {
"name": "DescribeEvents",
"description": "Grants permission to list events related to clusters, cache security groups, and cache parameter groups",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeglobalreplicationgroups": {
"name": "DescribeGlobalReplicationGroups",
"description": "Grants permission to list information about global replication groups",
"accessLevel": "List",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describereplicationgroups": {
"name": "DescribeReplicationGroups",
"description": "Grants permission to list information about provisioned replication groups",
"accessLevel": "List",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describereservedcachenodes": {
"name": "DescribeReservedCacheNodes",
"description": "Grants permission to list information about purchased reserved cache nodes",
"accessLevel": "List",
"resourceTypes": [
{
"name": "reserved-instance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describereservedcachenodesofferings": {
"name": "DescribeReservedCacheNodesOfferings",
"description": "Grants permission to list available reserved cache node offerings",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeserverlesscachesnapshots": {
"name": "DescribeServerlessCacheSnapshots",
"description": "Grants permission to list information about serverless cache snapshots",
"accessLevel": "List",
"resourceTypes": [
{
"name": "serverlesscachesnapshot",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
{
"name": "serverlesscache",
"required": false,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeserverlesscaches": {
"name": "DescribeServerlessCaches",
"description": "Grants permission to list serverless caches",
"accessLevel": "List",
"resourceTypes": [
{
"name": "serverlesscache",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeserviceupdates": {
"name": "DescribeServiceUpdates",
"description": "Grants permission to list details of the service updates",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describesnapshots": {
"name": "DescribeSnapshots",
"description": "Grants permission to list information about cluster or replication group snapshots",
"accessLevel": "List",
"resourceTypes": [
{
"name": "snapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeupdateactions": {
"name": "DescribeUpdateActions",
"description": "Grants permission to list details of the update actions for a set of clusters or replication groups",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeusergroups": {
"name": "DescribeUserGroups",
"description": "Grants permission to list information about Redis user groups",
"accessLevel": "List",
"resourceTypes": [
{
"name": "usergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"describeusers": {
"name": "DescribeUsers",
"description": "Grants permission to list information about Redis users",
"accessLevel": "List",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"disassociateglobalreplicationgroup": {
"name": "DisassociateGlobalReplicationGroup",
"description": "Grants permission to remove a secondary replication group from the global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"exportserverlesscachesnapshot": {
"name": "ExportServerlessCacheSnapshot",
"description": "Grants permission to export a copy of a serverless cache at a specific moment in time to s3 bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscachesnapshot",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"s3:DeleteObject",
"s3:ListAllMyBuckets",
"s3:PutObject"
]
},
"failoverglobalreplicationgroup": {
"name": "FailoverGlobalReplicationGroup",
"description": "Grants permission to failover the primary region to a selected secondary region of a global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"increasenodegroupsinglobalreplicationgroup": {
"name": "IncreaseNodeGroupsInGlobalReplicationGroup",
"description": "Grants permission to increase the number of node groups in a global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticache:NumNodeGroups"
],
"dependentActions": []
},
"increasereplicacount": {
"name": "IncreaseReplicaCount",
"description": "Grants permission to increase the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:ReplicasPerNodeGroup"
],
"dependentActions": []
},
"interruptclusterazpower": {
"name": "InterruptClusterAzPower",
"isPermissionOnly": true,
"description": "Grants permission to test an AZ power interruption for an ElastiCache resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listallowednodetypemodifications": {
"name": "ListAllowedNodeTypeModifications",
"description": "Grants permission to list available node type that can be used to scale a particular Redis cluster or replication group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list tags for an ElastiCache resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parametergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "reserved-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscache",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscachesnapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subnetgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "user",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"modifycachecluster": {
"name": "ModifyCacheCluster",
"description": "Grants permission to modify settings for a cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [
"elasticache:CacheNodeType",
"elasticache:EngineVersion",
"elasticache:MultiAZEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
{
"name": "parametergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"modifycacheparametergroup": {
"name": "ModifyCacheParameterGroup",
"description": "Grants permission to modify parameters of a cache parameter group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "parametergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:CacheParameterGroupName"
],
"dependentActions": []
},
"modifycachesubnetgroup": {
"name": "ModifyCacheSubnetGroup",
"description": "Grants permission to modify an existing cache subnet group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "subnetgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"modifyglobalreplicationgroup": {
"name": "ModifyGlobalReplicationGroup",
"description": "Grants permission to modify settings for a global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticache:CacheNodeType",
"elasticache:EngineVersion",
"elasticache:AutomaticFailoverEnabled"
],
"dependentActions": []
},
"modifyreplicationgroup": {
"name": "ModifyReplicationGroup",
"description": "Grants permission to modify the settings for a replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [
"elasticache:CacheNodeType",
"elasticache:EngineVersion",
"elasticache:AutomaticFailoverEnabled",
"elasticache:MultiAZEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:SnapshotRetentionLimit",
"elasticache:CacheParameterGroupName",
"elasticache:TransitEncryptionEnabled",
"elasticache:ClusterModeEnabled"
],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
},
{
"name": "parametergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"modifyreplicationgroupshardconfiguration": {
"name": "ModifyReplicationGroupShardConfiguration",
"description": "Grants permission to add shards, remove shards, or rebalance the keyspaces among existing shards of a replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "replicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:NumNodeGroups"
],
"dependentActions": []
},
"modifyserverlesscache": {
"name": "ModifyServerlessCache",
"description": "Grants permission to modify parameters for a serverless cache",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "serverlesscache",
"required": true,
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:EngineVersion",
"elasticache:SnapshotRetentionLimit",
"elasticache:MinimumDataStorage",
"elasticache:MaximumDataStorage",
"elasticache:DataStorageUnit",
"elasticache:MinimumECPUPerSecond",
"elasticache:MaximumECPUPerSecond"
],
"dependentActions": [
"ec2:DescribeSecurityGroups",
"ec2:DescribeTags"
]
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"modifyuser": {
"name": "ModifyUser",
"description": "Grants permission to change Redis user password(s) and/or access string",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticache:UserAuthenticationMode"
],
"dependentActions": []
},
"modifyusergroup": {
"name": "ModifyUserGroup",
"description": "Grants permission to change list of users that belong to the user group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "user",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"purchasereservedcachenodesoffering": {
"name": "PurchaseReservedCacheNodesOffering",
"description": "Grants permission to purchase a reserved cache node offering",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "reserved-instance",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticache:AddTagsToResource"
]
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"rebalanceslotsinglobalreplicationgroup": {
"name": "RebalanceSlotsInGlobalReplicationGroup",
"description": "Grants permission to perform a key space rebalance operation to redistribute slots and ensure uniform key distribution across existing shards in a global replication group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "globalreplicationgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"rebootcachecluster": {
"name": "RebootCacheCluster",
"description": "Grants permission to reboot some, or all, of the cache nodes within a provisioned cache cluster or replication group (cluster mode disabled)",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"removetagsfromresource": {
"name": "RemoveTagsFromResource",
"description": "Grants permission to remove tags from a ElastiCache resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "parametergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "replicationgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "reserved-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "securitygroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscache",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "serverlesscachesnapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "snapshot",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "subnetgroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "user",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "usergroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"resetcacheparametergroup": {
"name": "ResetCacheParameterGroup",
"description": "Grants permission to modify parameters of a cache parameter group back to their default values",
"accessLevel": "Write",
"resourceTypes"