Skip to content

Commit

Permalink
Update detected
Browse files Browse the repository at this point in the history
  • Loading branch information
MAMIP Bot committed Nov 22, 2024
1 parent 4fae3aa commit 59767f0
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 19 deletions.
15 changes: 13 additions & 2 deletions policies/AmazonConnectServiceLinkedRolePolicy
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"PolicyVersion": {
"CreateDate": "2024-11-14T18:06:40Z",
"VersionId": "v20",
"CreateDate": "2024-11-21T23:06:06Z",
"VersionId": "v21",
"Document": {
"Version": "2012-10-17",
"Statement": [
Expand Down Expand Up @@ -357,6 +357,17 @@
}
},
"Sid": "AllowSocialMessagingOperations"
},
{
"Action": "mobiletargeting:SendMessages",
"Resource": "arn:aws:mobiletargeting:*:*:apps/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
},
"Sid": "AllowMobileTargetingOperationsForConnect"
}
]
},
Expand Down
12 changes: 7 additions & 5 deletions policies/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"PolicyVersion": {
"CreateDate": "2024-05-08T02:03:49Z",
"VersionId": "v4",
"CreateDate": "2024-11-21T23:06:06Z",
"VersionId": "v5",
"Document": {
"Version": "2012-10-17",
"Statement": [
Expand Down Expand Up @@ -45,18 +45,20 @@
],
"Resource": [
"arn:aws:sagemaker:*:*:app/*",
"arn:aws:sagemaker:*:*:space/*"
"arn:aws:sagemaker:*:*:space/*",
"arn:aws:sagemaker:*:*:user-profile/*"
],
"Effect": "Allow",
"Condition": {
"StringEquals": {
"sagemaker:TaggingAction": [
"CreateApp",
"CreateSpace"
"CreateSpace",
"CreateUserProfile"
]
}
},
"Sid": "AllowAddTagsForAppAndSpace"
"Sid": "AllowAddTagsForDomainResources"
},
{
"Action": [
Expand Down
27 changes: 24 additions & 3 deletions policies/CloudWatchSyntheticsFullAccess
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"PolicyVersion": {
"CreateDate": "2024-10-11T17:07:13Z",
"VersionId": "v10",
"CreateDate": "2024-11-21T22:21:05Z",
"VersionId": "v11",
"Document": {
"Version": "2012-10-17",
"Statement": [
Expand Down Expand Up @@ -109,6 +109,25 @@
],
"Effect": "Allow"
},
{
"Action": [
"logs:GetLogRecord",
"logs:DescribeLogStreams",
"logs:StartQuery",
"logs:GetLogEvents",
"logs:FilterLogEvents",
"logs:GetLogGroupFields"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/lambda/cwsyn-*"
],
"Effect": "Allow",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Action": [
"lambda:CreateFunction",
Expand All @@ -117,6 +136,7 @@
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:GetFunctionConfiguration",
"lambda:GetFunction",
"lambda:DeleteFunction",
"lambda:ListTags",
"lambda:TagResource",
Expand All @@ -136,7 +156,8 @@
"Resource": [
"arn:aws:lambda:*:*:layer:cwsyn-*",
"arn:aws:lambda:*:*:layer:Synthetics:*",
"arn:aws:lambda:*:*:layer:Synthetics_Selenium:*"
"arn:aws:lambda:*:*:layer:Synthetics_Selenium:*",
"arn:aws:lambda:*:*:layer:AWS-CW-Synthetics*:*"
],
"Effect": "Allow"
},
Expand Down
51 changes: 42 additions & 9 deletions policies/SageMakerStudioProjectProvisioningRolePolicy
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"PolicyVersion": {
"CreateDate": "2024-11-20T21:58:39Z",
"VersionId": "v1",
"CreateDate": "2024-11-21T22:36:06Z",
"VersionId": "v2",
"Document": {
"Version": "2012-10-17",
"Statement": [
Expand Down Expand Up @@ -212,7 +212,8 @@
"arn:aws:iam::*:role/AmazonBedrockExecution*",
"arn:aws:iam::*:role/BedrockStudio*",
"arn:aws:iam::*:role/AmazonBedrockConsumptionRole*",
"arn:aws:iam::*:role/AmazonBedrockEvaluation*"
"arn:aws:iam::*:role/AmazonBedrockEvaluation*",
"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole"
],
"Effect": "Allow",
"Condition": {
Expand Down Expand Up @@ -256,7 +257,8 @@
"arn:aws:iam::*:role/AmazonBedrockExecution*",
"arn:aws:iam::*:role/BedrockStudio*",
"arn:aws:iam::*:role/AmazonBedrockConsumptionRole*",
"arn:aws:iam::*:role/AmazonBedrockEvaluation*"
"arn:aws:iam::*:role/AmazonBedrockEvaluation*",
"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole"
],
"Effect": "Allow",
"Condition": {
Expand All @@ -279,7 +281,9 @@
"DomainBucketName",
"KmsKeyId",
"LogGroupName",
"RoleName"
"RoleName",
"vpcArn",
"CreatedForUseWithSageMakerStudio"
]
}
},
Expand Down Expand Up @@ -406,7 +410,11 @@
"iam:ListPolicyVersions",
"iam:DeletePolicyVersion"
],
"Resource": "arn:aws:iam::*:policy/datazone*",
"Resource": [
"arn:aws:iam::*:policy/datazone*",
"arn:aws:iam::*:policy/connector*",
"arn:aws:iam::*:policy/SageMakerStudioQueryExecutionRolePolicy"
],
"Effect": "Allow",
"Condition": {
"StringEquals": {
Expand Down Expand Up @@ -453,7 +461,8 @@
{
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::*:role/datazone_usr_role_*"
"arn:aws:iam::*:role/datazone_usr_role_*",
"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole"
],
"Effect": "Allow",
"Condition": {
Expand Down Expand Up @@ -1070,7 +1079,8 @@
"redshift-serverless:CreateNamespace",
"redshift-serverless:CreateWorkgroup",
"redshift-serverless:DeleteNamespace",
"redshift-serverless:DeleteWorkgroup"
"redshift-serverless:DeleteWorkgroup",
"redshift-serverless:ListTagsForResource"
],
"Resource": [
"arn:aws:redshift-serverless:*:*:namespace/*",
Expand Down Expand Up @@ -1431,7 +1441,8 @@
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:UpdateSecret"
"secretsmanager:UpdateSecret",
"secretsmanager:DescribeSecret"
],
"Resource": "*",
"Effect": "Allow",
Expand Down Expand Up @@ -1713,6 +1724,9 @@
],
"Effect": "Allow",
"Condition": {
"Null": {
"aws:ResourceTag/AmazonDataZoneProject": "false"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
Expand All @@ -1724,6 +1738,9 @@
"Resource": "arn:aws:sagemaker:*:*:space/*",
"Effect": "Allow",
"Condition": {
"Null": {
"aws:ResourceTag/AmazonDataZoneProject": "false"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
Expand All @@ -1735,6 +1752,9 @@
"Resource": "arn:aws:sagemaker:*:*:user-profile/*",
"Effect": "Allow",
"Condition": {
"Null": {
"aws:ResourceTag/AmazonDataZoneProject": "false"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
Expand Down Expand Up @@ -2226,6 +2246,19 @@
}
},
"Sid": "AirflowKmsDescribeKey"
},
{
"Action": [
"iam:GetRole"
],
"Resource": "arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
},
"Sid": "GetRolePermissionsForSageMakerStudioQueryExecutionRole"
}
]
},
Expand Down

0 comments on commit 59767f0

Please sign in to comment.