Change log of AWS IAM permissions

2023-01-14

34 new actions, 4 new resources

Additions

Actions

BatchGetSchema
- Description: Grants permission to view details for schemas
- Access: Read
- Resources:
  Name: Collaboration
  
  Required: Yes
  
  Name: ConfiguredTableAssociation
  
  Required: Yes
- Dependents:
  cleanrooms:GetSchema
CreateCollaboration
- Description: Grants permission to create a new collaboration, a shared data collaboration environment
- Access: Write
CreateConfiguredTable
- Description: Grants permission to create a new configured table
- Access: Write
- Dependents:
  glue:BatchGetPartition
  
  glue:GetDatabase
  
  glue:GetDatabases
  
  glue:GetPartition
  
  glue:GetPartitions
  
  glue:GetSchemaVersion
  
  glue:GetTable
  
  glue:GetTables
CreateConfiguredTableAnalysisRule
- Description: Grants permission to create a analysis rule for a configured table
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
CreateConfiguredTableAssociation
- Description: Grants permission to link a configured table with a collaboration by creating a new association
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
  
  Name: Membership
  
  Required: Yes
- Dependents:
  iam:PassRole
CreateMembership
- Description: Grants permission to join collaborations by creating a membership
- Access: Write
- Resources:
  Name: Collaboration
  
  Required: Yes
- Dependents:
  logs:CreateLogDelivery
  
  logs:CreateLogGroup
  
  logs:DeleteLogDelivery
  
  logs:DescribeLogGroups
  
  logs:DescribeResourcePolicies
  
  logs:GetLogDelivery
  
  logs:ListLogDeliveries
  
  logs:PutResourcePolicy
  
  logs:UpdateLogDelivery
DeleteCollaboration
- Description: Grants permission to delete an existing collaboration
- Access: Write
- Resources:
  Name: Collaboration
  
  Required: Yes
DeleteConfiguredTable
- Description: Grants permission to delete a configured table
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
DeleteConfiguredTableAnalysisRule
- Description: Grants permission to delete an existing analysis rule
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
DeleteConfiguredTableAssociation
- Description: Grants permission to remove a configured table association from a collaboration
- Access: Write
- Resources:
  Name: ConfiguredTableAssociation
  
  Required: Yes
DeleteMember
- Description: Grants permission to delete members from a collaboration
- Access: Write
- Resources:
  Name: Collaboration
  
  Required: Yes
DeleteMembership
- Description: Grants permission to leave collaborations by deleting a membership
- Access: Write
- Resources:
  Name: Membership
  
  Required: Yes
GetCollaboration
- Description: Grants permission to view details for a collaboration
- Access: Read
- Resources:
  Name: Collaboration
  
  Required: Yes
GetConfiguredTable
- Description: Grants permission to view details for a configured table
- Access: Read
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
GetConfiguredTableAnalysisRule
- Description: Grants permission to view analysis rules for a configured table
- Access: Read
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
GetConfiguredTableAssociation
- Description: Grants permission to view details for a configured table association
- Access: Read
- Resources:
  Name: ConfiguredTableAssociation
  
  Required: Yes
GetMembership
- Description: Grants permission to view details about a membership
- Access: Read
- Resources:
  Name: Membership
  
  Required: Yes
GetProtectedQuery
- Description: Grants permission to view a protected query
- Access: Read
- Resources:
  Name: Membership
  
  Required: Yes
GetSchema
- Description: Grants permission to view details for a schema
- Access: Read
- Resources:
  Name: Collaboration
  
  Required: Yes
  
  Name: ConfiguredTableAssociation
  
  Required: Yes
GetSchemaAnalysisRule
- Description: Grants permission to view analysis rules associated with a schema
- Access: Read
- Resources:
  Name: Collaboration
  
  Required: Yes
ListCollaborations
- Description: Grants permission to list available collaborations
- Access: List
ListConfiguredTableAssociations
- Description: Grants permission to list available configured table associations for a membership
- Access: List
- Resources:
  Name: Membership
  
  Required: Yes
ListConfiguredTables
- Description: Grants permission to list available configured tables
- Access: List
ListMembers
- Description: Grants permission to list the members of a collaboration
- Access: List
- Resources:
  Name: Collaboration
  
  Required: Yes
ListMemberships
- Description: Grants permission to list available memberships
- Access: List
ListProtectedQueries
- Description: Grants permission to list protected queries
- Access: List
- Resources:
  Name: Membership
  
  Required: Yes
ListSchemas
- Description: Grants permission to view available schemas for a collaboration
- Access: List
- Resources:
  Name: Collaboration
  
  Required: Yes
StartProtectedQuery
- Description: Grants permission to start protected queries
- Access: Write
- Resources:
  Name: Membership
  
  Required: Yes
- Dependents:
  cleanrooms:GetSchema
  
  s3:GetBucketLocation
  
  s3:ListBucket
  
  s3:PutObject
UpdateCollaboration
- Description: Grants permission to update details of the collaboration
- Access: Write
- Resources:
  Name: Collaboration
  
  Required: Yes
UpdateConfiguredTable
- Description: Grants permission to update an existing configured table
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
UpdateConfiguredTableAnalysisRule
- Description: Grants permission to update analysis rules for a configured table
- Access: Write
- Resources:
  Name: ConfiguredTable
  
  Required: Yes
UpdateConfiguredTableAssociation
- Description: Grants permission to update a configured table association
- Access: Write
- Resources:
  Name: ConfiguredTableAssociation
  
  Required: Yes
- Dependents:
  iam:PassRole
UpdateMembership
- Description: Grants permission to update details of a membership
- Access: Write
- Resources:
  Name: Membership
  
  Required: Yes
- Dependents:
  logs:CreateLogDelivery
  
  logs:CreateLogGroup
  
  logs:DeleteLogDelivery
  
  logs:DescribeLogGroups
  
  logs:DescribeResourcePolicies
  
  logs:GetLogDelivery
  
  logs:ListLogDeliveries
  
  logs:PutResourcePolicy
  
  logs:UpdateLogDelivery
UpdateProtectedQuery
- Description: Grants permission to update protected queries
- Access: Write
- Resources:
  Name: Membership
  
  Required: Yes

Resources

Collaboration
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:collaboration/${CollaborationId}
ConfiguredTable
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:configuredtable/${ConfiguredTableId}
ConfiguredTableAssociation
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredtableassociation/${ConfiguredTableAssociationId}
Membership
- Arn: arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}

AWS Clean Rooms (cleanrooms)

Additions