AWS Network Manager (networkmanager)

2021-12-04

33 new actions, 3 new resources, 3 new conditions | 4 updated actions

Additions

    Actions
  • AcceptAttachment
    • Description:  Grants permission to accept creation of an attachment between a source and destination in a core network
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes
  • AssociateConnectPeer
    • Description:  Grants permission to associate a Connect Peer
    • Access:  Write
    • Resources: 

      Name: device

      Required: Yes

      Name: global-network

      Required: Yes
  • CreateConnectAttachment
    • Description:  Grants permission to create a Connect attachment
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes

      Name: core-network

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateConnectPeer
    • Description:  Grants permission to create a Connect Peer connection
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateCoreNetwork
    • Description:  Grants permission to create a new core network
    • Access:  Write
    • Resources: 

      Name: global-network

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateSiteToSiteVpnAttachment
    • Description:  Grants permission to create a site-to-site VPN attachment
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      networkmanager:vpnConnectionArn
  • CreateVpcAttachment
    • Description:  Grants permission to create a VPC attachment
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      networkmanager:vpcArn

      networkmanager:subnetArns
  • DeleteAttachment
    • Description:  Grants permission to delete an attachment
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes
  • DeleteConnectPeer
    • Description:  Grants permission to delete a Connect Peer
    • Access:  Write
    • Resources: 

      Name: connect-peer

      Required: Yes
  • DeleteCoreNetwork
    • Description:  Grants permission to delete a core network
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • DeleteCoreNetworkPolicyVersion
    • Description:  Grants permission to delete the core network policy version
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • DeleteResourcePolicy
    • Description:  Grants permission to delete a resource
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • DisassociateConnectPeer
    • Description:  Grants permission to disassociate a Connect Peer
    • Access:  Write
    • Resources: 

      Name: global-network

      Required: Yes
  • ExecuteCoreNetworkChangeSet
    • Description:  Grants permission to apply changes to the core network
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • GetConnectAttachment
    • Description:  Grants permission to retrieve a Connect attachment
    • Access:  Read
    • Resources: 

      Name: attachment

      Required: Yes
  • GetConnectPeer
    • Description:  Grants permission to retrieve a Connect Peer
    • Access:  Read
    • Resources: 

      Name: connect-peer

      Required: Yes
  • GetConnectPeerAssociations
    • Description:  Grants permission to describe Connect Peer associations
    • Access:  Read
    • Resources: 

      Name: global-network

      Required: Yes
  • GetCoreNetwork
    • Description:  Grants permission to retrieve a core network
    • Access:  Read
    • Resources: 

      Name: core-network

      Required: Yes
  • GetCoreNetworkChangeSet
    • Description:  Grants permission to retrieve a list of core network change sets
    • Access:  Read
    • Resources: 

      Name: core-network

      Required: Yes
  • GetCoreNetworkPolicy
    • Description:  Grants permission to retrieve core network policy
    • Access:  Read
    • Resources: 

      Name: core-network

      Required: Yes
  • GetResourcePolicy
    • Description:  Grants permission to retrieve a resource policy
    • Access:  Read
    • Resources: 

      Name: core-network

      Required: Yes
  • GetSiteToSiteVpnAttachment
    • Description:  Grants permission to retrieve a site-to-site VPN attachment
    • Access:  Read
    • Resources: 

      Name: attachment

      Required: Yes
  • GetVpcAttachment
    • Description:  Grants permission to retrieve a VPC attachment
    • Access:  Read
    • Resources: 

      Name: attachment

      Required: Yes
  • ListAttachments
    • Description:  Grants permission to describe attachments
    • Access:  Read
    • Resources: 

      Name: attachment

      Required: Yes
  • ListConnectPeers
    • Description:  Grants permission to describe Connect Peers
    • Access:  Read
    • Resources: 

      Name: connect-peer

      Required: Yes
  • ListCoreNetworkPolicyVersions
    • Description:  Grants permission to list core network policy versions
    • Access:  List
    • Resources: 

      Name: core-network

      Required: Yes
  • ListCoreNetworks
    • Description:  Grants permission to list core networks
    • Access:  Read
  • PutCoreNetworkPolicy
    • Description:  Grants permission to create a core network policy
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • PutResourcePolicy
    • Description:  Grants permission to create or update a resource policy
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • RejectAttachment
    • Description:  Grants permission to reject attachment request
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes
  • RestoreCoreNetworkPolicyVersion
    • Description:  Grants permission to restore the core network policy to a previous version
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • UpdateCoreNetwork
    • Description:  Grants permission to update a core network
    • Access:  Write
    • Resources: 

      Name: core-network

      Required: Yes
  • UpdateVpcAttachment
    • Description:  Grants permission to update a VPC attachment
    • Access:  Write
    • Resources: 

      Name: attachment

      Required: Yes
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      networkmanager:subnetArns
    Resources
  • core-network
    • Arn:  arn:${Partition}:networkmanager::${Account}:core-network/${ResourceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • attachment
    • Arn:  arn:${Partition}:networkmanager::${Account}:attachment/${ResourceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • connect-peer
    • Arn:  arn:${Partition}:networkmanager::${Account}:connect-peer/${ResourceId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • networkmanager:subnetArns
    • Description:  Filters access by which VPC subnets can be added or removed from a VPC attachment
    • Type:  ArrayOfString
  • networkmanager:vpcArn
    • Description:  Filters access by which VPC can be used to a create/update attachment
    • Type:  String
  • networkmanager:vpnConnectionArn
    • Description:  Filters access by which Site-to-Site VPN can be used to a create/update attachment
    • Type:  String

Updates