Change log of AWS IAM permissions

2022-06-01

14 new actions, 2 new resources, 3 new conditions

Additions

Actions

CancelJobRun
- Description: Grants permission to cancel a job run
- Access: Write
- Resources:
  Name: jobRun
  
  Required: Yes
CreateApplication
- Description: Grants permission to create an Application
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteApplication
- Description: Grants permission to delete an application
- Access: Write
- Resources:
  Name: application
  
  Required: Yes
GetApplication
- Description: Grants permission to get application
- Access: Read
- Resources:
  Name: application
  
  Required: Yes
GetJobRun
- Description: Grants permission to get a job run
- Access: Read
- Resources:
  Name: jobRun
  
  Required: Yes
ListApplications
- Description: Grants permission to list applications
- Access: List
ListJobRuns
- Description: Grants permission to list job runs associated with an application
- Access: List
- Resources:
  Name: application
  
  Required: Yes
ListTagsForResource
- Description: Grants permission to list tags for the specified resource
- Access: Read
- Resources:
  Name: application
  
  Required: No
  
  Name: jobRun
  
  Required: No
StartApplication
- Description: Grants permission to Start an application
- Access: Write
- Resources:
  Name: application
  
  Required: Yes
StartJobRun
- Description: Grants permission to start a job run
- Access: Write
- Resources:
  Name: application
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  iam:PassRole
StopApplication
- Description: Grants permission to Stop an application
- Access: Write
- Resources:
  Name: application
  
  Required: Yes
TagResource
- Description: Grants permission to tag the specified resource
- Access: Tagging
- Resources:
  Name: application
  
  Required: No
  
  Name: jobRun
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to untag the specified resource
- Access: Tagging
- Resources:
  Name: application
  
  Required: No
  
  Name: jobRun
  
  Required: No
- Conditions:
  aws:TagKeys
UpdateApplication
- Description: Grants permission to Update an application
- Access: Write
- Resources:
  Name: application
  
  Required: Yes

Resources

application
- Arn: arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}
- Conditions:
  aws:ResourceTag/${TagKey}
jobRun
- Arn: arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}/jobruns/${JobRunId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the presence of tag key-value pairs in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by tag key-value pairs attached to the resource
- Type: String
aws:TagKeys
- Description: Filters access by the presence of tag keys in the request
- Type: ArrayOfString

Amazon EMR Serverless (emr-serverless)

Additions