@cloud-copilot/iam-data
Version:
1,389 lines • 39.4 kB
JSON
{
"associatekmskey": {
"name": "AssociateKmsKey",
"description": "Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"cancelexporttask": {
"name": "CancelExportTask",
"description": "Grants permission to cancel an export task if it is in PENDING or RUNNING state",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createdelivery": {
"name": "CreateDelivery",
"description": "Grants permission to create a delivery connecting a delivery source to a delivery destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-source",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"createexporttask": {
"name": "CreateExportTask",
"description": "Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createloganomalydetector": {
"name": "CreateLogAnomalyDetector",
"description": "Grants permission to create a log anomaly detector",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"createlogdelivery": {
"name": "CreateLogDelivery",
"isPermissionOnly": true,
"description": "Grants permission to create the log delivery",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createloggroup": {
"name": "CreateLogGroup",
"description": "Grants permission to create a new log group with the specified name",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"createlogstream": {
"name": "CreateLogStream",
"description": "Grants permission to create a new log stream with the specified name",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-stream",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteaccountpolicy": {
"name": "DeleteAccountPolicy",
"description": "Grants permission to delete an account policy",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletedataprotectionpolicy": {
"name": "DeleteDataProtectionPolicy",
"description": "Grants permission to delete a data protection policy attached to a log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedelivery": {
"name": "DeleteDelivery",
"description": "Grants permission to delete a delivery",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedeliverydestination": {
"name": "DeleteDeliveryDestination",
"description": "Grants permission to delete a delivery destination after all associated deliveries are deleted",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedeliverydestinationpolicy": {
"name": "DeleteDeliveryDestinationPolicy",
"description": "Grants permission to delete a delivery destination policy associated with a delivery destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedeliverysource": {
"name": "DeleteDeliverySource",
"description": "Grants permission to delete a delivery source after all associated deliveries are deleted",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletedestination": {
"name": "DeleteDestination",
"description": "Grants permission to delete the destination with the specified name",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteindexpolicy": {
"name": "DeleteIndexPolicy",
"description": "Grants permission to delete an index policy attached to a log group",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteintegration": {
"name": "DeleteIntegration",
"description": "Grants permission to delete the integration",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteloganomalydetector": {
"name": "DeleteLogAnomalyDetector",
"description": "Grants permission to delete a log anomaly detector",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletelogdelivery": {
"name": "DeleteLogDelivery",
"isPermissionOnly": true,
"description": "Grants permission to delete the log delivery information for specified log delivery",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteloggroup": {
"name": "DeleteLogGroup",
"description": "Grants permission to delete the log group with the specified name",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletelogstream": {
"name": "DeleteLogStream",
"description": "Grants permission to delete a log stream",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-stream",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletemetricfilter": {
"name": "DeleteMetricFilter",
"description": "Grants permission to delete a metric filter associated with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletequerydefinition": {
"name": "DeleteQueryDefinition",
"description": "Grants permission to delete a saved CloudWatch Logs Insights query definition",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteresourcepolicy": {
"name": "DeleteResourcePolicy",
"description": "Grants permission to delete a resource policy from this account",
"accessLevel": "Permissions management",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteretentionpolicy": {
"name": "DeleteRetentionPolicy",
"description": "Grants permission to delete the retention policy of the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletesubscriptionfilter": {
"name": "DeleteSubscriptionFilter",
"description": "Grants permission to delete a subscription filter associated with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletetransformer": {
"name": "DeleteTransformer",
"description": "Grants permission to delete a transformer associated with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeaccountpolicies": {
"name": "DescribeAccountPolicies",
"description": "Grants permission to retrieve account policies",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeconfigurationtemplates": {
"name": "DescribeConfigurationTemplates",
"description": "Grants permission to retrieve a list of configuration templates of available log types",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedeliveries": {
"name": "DescribeDeliveries",
"description": "Grants permission to retrieve a list of deliveries an account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedeliverydestinations": {
"name": "DescribeDeliveryDestinations",
"description": "Grants permission to retrieve a list of delivery destinations an account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedeliverysources": {
"name": "DescribeDeliverySources",
"description": "Grants permission to retrieve a list of delivery sources in an account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedestinations": {
"name": "DescribeDestinations",
"description": "Grants permission to return all the destinations that are associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeexporttasks": {
"name": "DescribeExportTasks",
"description": "Grants permission to return all the export tasks that are associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describefieldindexes": {
"name": "DescribeFieldIndexes",
"description": "Grants permission to return all the indexing attributes that are attached with the log groups",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeindexpolicies": {
"name": "DescribeIndexPolicies",
"description": "Grants permission to return all the index policies that are attached with the log groups",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeloggroups": {
"name": "DescribeLogGroups",
"description": "Grants permission to return all the log groups that are associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describelogstreams": {
"name": "DescribeLogStreams",
"description": "Grants permission to return all the log streams that are associated with the specified log group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemetricfilters": {
"name": "DescribeMetricFilters",
"description": "Grants permission to return all the metrics filters associated with the specified log group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describequeries": {
"name": "DescribeQueries",
"description": "Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describequerydefinitions": {
"name": "DescribeQueryDefinitions",
"description": "Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeresourcepolicies": {
"name": "DescribeResourcePolicies",
"description": "Grants permission to return all the resource policies in this account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describesubscriptionfilters": {
"name": "DescribeSubscriptionFilters",
"description": "Grants permission to return all the subscription filters associated with the specified log group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disassociatekmskey": {
"name": "DisassociateKmsKey",
"description": "Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"filterlogevents": {
"name": "FilterLogEvents",
"description": "Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdataprotectionpolicy": {
"name": "GetDataProtectionPolicy",
"description": "Grants permission to retrieve a data protection policy attached to a log group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdelivery": {
"name": "GetDelivery",
"description": "Grants permission to retrieve a single delivery",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "delivery",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdeliverydestination": {
"name": "GetDeliveryDestination",
"description": "Grants permission to retrieve a single delivery destination",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdeliverydestinationpolicy": {
"name": "GetDeliveryDestinationPolicy",
"description": "Grants permission to retrieve a delivery destination policy attached to a delivery destination",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdeliverysource": {
"name": "GetDeliverySource",
"description": "Grants permission to retrieve a single delivery source",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "delivery-source",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getintegration": {
"name": "GetIntegration",
"description": "Grants permission to retrieve a single integration",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getloganomalydetector": {
"name": "GetLogAnomalyDetector",
"description": "Grants permission to get a log anomaly detector",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getlogdelivery": {
"name": "GetLogDelivery",
"isPermissionOnly": true,
"description": "Grants permission to get the log delivery information for specified log delivery",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getlogevents": {
"name": "GetLogEvents",
"description": "Grants permission to retrieve log events from the specified log stream",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-stream",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getloggroupfields": {
"name": "GetLogGroupFields",
"description": "Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getlogrecord": {
"name": "GetLogRecord",
"description": "Grants permission to retrieve all the fields and values of a single log event",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getqueryresults": {
"name": "GetQueryResults",
"description": "Grants permission to return the results from the specified query",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"gettransformer": {
"name": "GetTransformer",
"description": "Grants permission to return transformer associated with the specified log group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"link": {
"name": "Link",
"isPermissionOnly": true,
"description": "Grants permission to share CloudWatch resources with a monitoring account",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listanomalies": {
"name": "ListAnomalies",
"description": "Grants permission to list all anomalies detected in the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listentitiesforloggroup": {
"name": "ListEntitiesForLogGroup",
"isPermissionOnly": true,
"description": "Grants permission to retrieve all the entities that are associated with log group",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listintegrations": {
"name": "ListIntegrations",
"description": "Grants permission to list all integrations associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listloganomalydetectors": {
"name": "ListLogAnomalyDetectors",
"description": "Grants permission to return all the anomaly detectors that are associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listlogdeliveries": {
"name": "ListLogDeliveries",
"isPermissionOnly": true,
"description": "Grants permission to list all the log deliveries for specified account and/or log source",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listloggroups": {
"name": "ListLogGroups",
"description": "Grants permission to return all the log groups that are associated with the AWS account making the request",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listloggroupsforentity": {
"name": "ListLogGroupsForEntity",
"isPermissionOnly": true,
"description": "Grants permission to retrieve all the log groups that are associated with entity",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listloggroupsforquery": {
"name": "ListLogGroupsForQuery",
"description": "Grants permission to return all the log groups that are associated with the specified query",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list the tags for the specified resource",
"accessLevel": "List",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-source",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "log-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listtagsloggroup": {
"name": "ListTagsLogGroup",
"description": "Grants permission to list the tags for the specified log group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putaccountpolicy": {
"name": "PutAccountPolicy",
"description": "Grants permission to attach an account policy",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putdataprotectionpolicy": {
"name": "PutDataProtectionPolicy",
"description": "Grants permission to attach a data protection policy to detect and redact sensitive information from log events",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putdeliverydestination": {
"name": "PutDeliveryDestination",
"description": "Grants permission to create/update a delivery destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"logs:DeliveryDestinationResourceArn"
],
"dependentActions": []
},
"putdeliverydestinationpolicy": {
"name": "PutDeliveryDestinationPolicy",
"description": "Grants permission to attach a delivery destination policy to a delivery destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putdeliverysource": {
"name": "PutDeliverySource",
"description": "Grants permission to create/update a delivery source",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery-source",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"logs:LogGeneratingResourceArns"
],
"dependentActions": []
},
"putdestination": {
"name": "PutDestination",
"description": "Grants permission to create or update a Destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "destination",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"putdestinationpolicy": {
"name": "PutDestinationPolicy",
"description": "Grants permission to create or update an access policy associated with an existing Destination",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putindexpolicy": {
"name": "PutIndexPolicy",
"description": "Grants permission to attach an index policy at log group level to optimize search and query",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putintegration": {
"name": "PutIntegration",
"description": "Grants permission to create integration between cloudwatch logs and opensearch",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putlogevents": {
"name": "PutLogEvents",
"description": "Grants permission to upload a batch of log events to the specified log stream",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-stream",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putmetricfilter": {
"name": "PutMetricFilter",
"description": "Grants permission to create or update a metric filter and associates it with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putquerydefinition": {
"name": "PutQueryDefinition",
"description": "Grants permission to create or update a query definition",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putresourcepolicy": {
"name": "PutResourcePolicy",
"description": "Grants permission to create or update a resource policy allowing other AWS services to put log events to this account",
"accessLevel": "Permissions management",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putretentionpolicy": {
"name": "PutRetentionPolicy",
"description": "Grants permission to set the retention of the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putsubscriptionfilter": {
"name": "PutSubscriptionFilter",
"description": "Grants permission to create or update a subscription filter and associates it with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole"
]
},
{
"name": "destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"puttransformer": {
"name": "PutTransformer",
"description": "Grants permission to create or update a transformer and associates it with the specified log group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startlivetail": {
"name": "StartLiveTail",
"description": "Grants permission to start a Live Tail session in CloudWatch Logs",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"startquery": {
"name": "StartQuery",
"description": "Grants permission to schedule a query of a log group using CloudWatch Logs Insights",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"stoplivetail": {
"name": "StopLiveTail",
"isPermissionOnly": true,
"description": "Grants permission to stop a Live Tail session that is in progress",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"stopquery": {
"name": "StopQuery",
"description": "Grants permission to stop a CloudWatch Logs Insights query that is in progress",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"tagloggroup": {
"name": "TagLogGroup",
"description": "Grants permission to add or update the specified tags for the specified log group",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to add or update the specified tags for the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-source",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "log-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"testmetricfilter": {
"name": "TestMetricFilter",
"description": "Grants permission to test the filter pattern of a metric filter against a sample of log event messages",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"testtransformer": {
"name": "TestTransformer",
"description": "Grants permission to test the transformer against a sample of log event messages",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"unmask": {
"name": "Unmask",
"isPermissionOnly": true,
"description": "Grants permission to fetch unmasked log events that have been redacted with a data protection policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"untagloggroup": {
"name": "UntagLogGroup",
"description": "Grants permission to remove the specified tags from the specified log group",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "log-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to remove the specified tags from the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-source",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "destination",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "log-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updateanomaly": {
"name": "UpdateAnomaly",
"description": "Grants permission to update an anomaly reported by a log anomaly detector",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updatedeliveryconfiguration": {
"name": "UpdateDeliveryConfiguration",
"description": "Grants permission to update configuration related to a delivery",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "delivery",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-destination",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "delivery-source",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"updateloganomalydetector": {
"name": "UpdateLogAnomalyDetector",
"description": "Grants permission to update a log anomaly detector",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "anomaly-detector",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updatelogdelivery": {
"name": "UpdateLogDelivery",
"isPermissionOnly": true,
"description": "Grants permission to update the log delivery information for specified log delivery",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
}
}