Mirrors/endgame
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5e742a30a7
endgame/docs/appendices/permissions-management-actions.md
volticamars 5835c30090 suck my dick and fucking like it
2021-03-16 02:14:28 +01:00

379 lines
7.7 KiB
Markdown
Raw Blame History

## Actions
### ACM PCA
* Permissions
acm-pca:CreatePermission
acm-pca:DeletePermission
acm-pca:DeletePolicy
acm-pca:PutPolicy
* `certificate-authority`: `arn:${Partition}:acm-pca:${Region}:${Account}:certificate-authority/${CertificateAuthorityId}`
### API Gateway
apigateway:UpdateRestApiPolicy
* ARN: `arn:${Partition}:apigateway:${Region}::${ApiGatewayResourcePath}`
### AWS Backup
backup:DeleteBackupVaultAccessPolicy
backup:PutBackupVaultAccessPolicy
* `backupVault`: `arn:${Partition}:backup:${Region}:${Account}:backup-vault:${BackupVaultName}`
### Chime
chime:DeleteVoiceConnectorTerminationCredentials
chime:PutVoiceConnectorTerminationCredentials
### CloudSearch
cloudsearch:UpdateServiceAccessPolicies
### CodeArtifact
codeartifact:DeleteDomainPermissionsPolicy
codeartifact:DeleteRepositoryPermissionsPolicy
### CodeBuild
codebuild:DeleteResourcePolicy
codebuild:DeleteSourceCredentials
codebuild:ImportSourceCredentials
codebuild:PutResourcePolicy
### CodeGuru Profiler
codeguru-profiler:PutPermission
codeguru-profiler:RemovePermission
### CodeStar
codestar:AssociateTeamMember
codestar:CreateProject
codestar:DeleteProject
codestar:DisassociateTeamMember
codestar:UpdateTeamMember
### Cognito Identity
cognito-identity:CreateIdentityPool
cognito-identity:DeleteIdentities
cognito-identity:DeleteIdentityPool
cognito-identity:GetId
cognito-identity:MergeDeveloperIdentities
cognito-identity:SetIdentityPoolRoles
cognito-identity:UnlinkDeveloperIdentity
cognito-identity:UnlinkIdentity
cognito-identity:UpdateIdentityPool
### Deeplens
deeplens:AssociateServiceRoleToAccount
### Directory Service
ds:CreateConditionalForwarder
ds:CreateDirectory
ds:CreateMicrosoftAD
ds:CreateTrust
ds:ShareDirectory
### EC2
#### VPC Endpoint Network Interfaces
ec2:CreateNetworkInterfacePermission
ec2:DeleteNetworkInterfacePermission
ec2:ModifyVpcEndpointServicePermissions
#### EC2 Snapshots
ec2:ModifySnapshotAttribute
ec2:ResetSnapshotAttribute
### ECR
* Repositories
ecr:DeleteRepositoryPolicy
ecr:SetRepositoryPolicy
ecr-public:SetRepositoryPolicy
### EFS
elasticfilesystem:DeleteFileSystemPolicy
elasticfilesystem:PutFileSystemPolicy
### EMR
elasticmapreduce:PutBlockPublicAccessConfiguration
### ElasticSearch
es:CreateElasticsearchDomain
es:UpdateElasticsearchDomainConfig
### Glacier
glacier:AbortVaultLock
glacier:CompleteVaultLock
glacier:DeleteVaultAccessPolicy
glacier:InitiateVaultLock
glacier:SetDataRetrievalPolicy
glacier:SetVaultAccessPolicy
### Glue
glue:DeleteResourcePolicy
glue:PutResourcePolicy
### Greengrass
greengrass:AssociateServiceRoleToAccount
### Health
health:DisableHealthServiceAccessForOrganization
health:EnableHealthServiceAccessForOrganization
### IAM Role Trust Policy
iam:AttachRolePolicy
iam:CreatePolicy
iam:CreatePolicyVersion
iam:CreateRole
iam:DeletePolicy
iam:DeletePolicyVersion
iam:DeleteRole
iam:DeleteRolePermissionsBoundary
iam:DeleteRolePolicy
iam:DetachRolePolicy
iam:PassRole
iam:PutRolePermissionsBoundary
iam:PutRolePolicy
iam:UpdateAssumeRolePolicy
iam:UpdateRole
### Image Builder
imagebuilder:GetContainerRecipePolicy
imagebuilder:PutComponentPolicy
imagebuilder:PutContainerRecipePolicy
imagebuilder:PutImagePolicy
imagebuilder:PutImageRecipePolicy
### IOT
iot:AttachPolicy
iot:AttachPrincipalPolicy
iot:DetachPolicy
iot:DetachPrincipalPolicy
iot:SetDefaultAuthorizer
iot:SetDefaultPolicyVersion
### IOT Sitewise
iotsitewise:CreateAccessPolicy
iotsitewise:DeleteAccessPolicy
iotsitewise:UpdateAccessPolicy
### KMS
kms:CreateGrant
kms:PutKeyPolicy
kms:RetireGrant
kms:RevokeGrant
### Lake Formation
lakeformation:BatchGrantPermissions
lakeformation:BatchRevokePermissions
lakeformation:GrantPermissions
lakeformation:PutDataLakeSettings
lakeformation:RevokePermissions
### Lambda
lambda:AddLayerVersionPermission
lambda:AddPermission
lambda:DisableReplication
lambda:EnableReplication
lambda:RemoveLayerVersionPermission
lambda:RemovePermission
### Logs (CloudWatch)
logs:DeleteResourcePolicy
logs:PutResourcePolicy
### MediaStore
mediastore:DeleteContainerPolicy
mediastore:PutContainerPolicy
### OpsWorks
opsworks:SetPermission
opsworks:UpdateUserProfile
### QuickSight
quicksight:CreateAdmin
quicksight:CreateGroup
quicksight:CreateGroupMembership
quicksight:CreateIAMPolicyAssignment
quicksight:CreateUser
quicksight:DeleteGroup
quicksight:DeleteGroupMembership
quicksight:DeleteIAMPolicyAssignment
quicksight:DeleteUser
quicksight:DeleteUserByPrincipalId
quicksight:DescribeDataSetPermissions
quicksight:DescribeDataSourcePermissions
quicksight:RegisterUser
quicksight:UpdateDashboardPermissions
quicksight:UpdateDataSetPermissions
quicksight:UpdateDataSourcePermissions
quicksight:UpdateGroup
quicksight:UpdateIAMPolicyAssignment
quicksight:UpdateTemplatePermissions
quicksight:UpdateUser
### RAM
ram:AcceptResourceShareInvitation
ram:AssociateResourceShare
ram:CreateResourceShare
ram:DeleteResourceShare
ram:DisassociateResourceShare
ram:EnableSharingWithAwsOrganization
ram:RejectResourceShareInvitation
ram:UpdateResourceShare
### Redshift
redshift:AuthorizeSnapshotAccess
redshift:CreateClusterUser
redshift:CreateSnapshotCopyGrant
redshift:JoinGroup
redshift:ModifyClusterIamRoles
redshift:RevokeSnapshotAccess
### Route53 Resolver
route53resolver:PutResolverRulePolicy
### S3
s3:BypassGovernanceRetention
s3:DeleteAccessPointPolicy
s3:DeleteBucketPolicy
s3:ObjectOwnerOverrideToBucketOwner
s3:PutAccessPointPolicy
s3:PutAccountPublicAccessBlock
s3:PutBucketAcl
s3:PutBucketPolicy
s3:PutBucketPublicAccessBlock
s3:PutObjectAcl
s3:PutObjectVersionAcl
### S3 outposts
s3-outposts:DeleteAccessPointPolicy
s3-outposts:DeleteBucketPolicy
s3-outposts:PutAccessPointPolicy
s3-outposts:PutBucketPolicy
s3-outposts:PutObjectAcl
### Secrets Manager
secretsmanager:DeleteResourcePolicy
secretsmanager:PutResourcePolicy
secretsmanager:ValidateResourcePolicy
### Signer
signer:AddProfilePermission
signer:ListProfilePermissions
signer:RemoveProfilePermission
### SNS
sns:AddPermission
sns:CreateTopic
sns:RemovePermission
sns:SetTopicAttributes
### SQS
sqs:AddPermission
sqs:CreateQueue
sqs:RemovePermission
sqs:SetQueueAttributes
### SSM
ssm:ModifyDocumentPermission
### SSO
sso:AssociateDirectory
sso:AssociateProfile
sso:CreateApplicationInstance
sso:CreateApplicationInstanceCertificate
sso:CreatePermissionSet
sso:CreateProfile
sso:CreateTrust
sso:DeleteApplicationInstance
sso:DeleteApplicationInstanceCertificate
sso:DeletePermissionSet
sso:DeletePermissionsPolicy
sso:DeleteProfile
sso:DisassociateDirectory
sso:DisassociateProfile
sso:ImportApplicationInstanceServiceProviderMetadata
sso:PutPermissionsPolicy
sso:StartSSO
sso:UpdateApplicationInstanceActiveCertificate
sso:UpdateApplicationInstanceDisplayData
sso:UpdateApplicationInstanceResponseConfiguration
sso:UpdateApplicationInstanceResponseSchemaConfiguration
sso:UpdateApplicationInstanceSecurityConfiguration
sso:UpdateApplicationInstanceServiceProviderConfiguration
sso:UpdateApplicationInstanceStatus
sso:UpdateDirectoryAssociation
sso:UpdatePermissionSet
sso:UpdateProfile
sso:UpdateSSOConfiguration
sso:UpdateTrust
sso-directory:AddMemberToGroup
sso-directory:CreateAlias
sso-directory:CreateGroup
sso-directory:CreateUser
sso-directory:DeleteGroup
sso-directory:DeleteUser
sso-directory:DisableUser
sso-directory:EnableUser
sso-directory:RemoveMemberFromGroup
sso-directory:UpdateGroup
sso-directory:UpdatePassword
sso-directory:UpdateUser
sso-directory:VerifyEmail
### Storage Gateway
storagegateway:DeleteChapCredentials
storagegateway:SetLocalConsolePassword
storagegateway:SetSMBGuestPassword
storagegateway:UpdateChapCredentials
### WAF
waf:DeletePermissionPolicy
waf:PutPermissionPolicy
waf-regional:DeletePermissionPolicy
waf-regional:PutPermissionPolicy
wafv2:CreateWebACL
wafv2:DeletePermissionPolicy
wafv2:DeleteWebACL
wafv2:PutPermissionPolicy
wafv2:UpdateWebACL
Reference in New Issue View Git Blame Copy Permalink