Change log of AWS IAM permissions

2023-02-23

32 new actions, 5 new resources, 3 new conditions

Additions

Actions

CancelSolNetworkOperation
- Description: Grants permission to cancel a network operation
- Access: Write
- Resources:
  Name: network-operation
  
  Required: Yes
CreateSolFunctionPackage
- Description: Grants permission to create a function package
- Access: Write
- Resources:
  Name: function-package
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateSolNetworkInstance
- Description: Grants permission to create a network instance
- Access: Write
- Resources:
  Name: network-instance
  
  Required: Yes
  
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateSolNetworkPackage
- Description: Grants permission to create a network package
- Access: Write
- Resources:
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
DeleteSolFunctionPackage
- Description: Grants permission to delete a function package
- Access: Write
- Resources:
  Name: function-package
  
  Required: Yes
DeleteSolNetworkInstance
- Description: Grants permission to delete a network instance
- Access: Write
- Resources:
  Name: network-instance
  
  Required: Yes
DeleteSolNetworkPackage
- Description: Grants permission to delete a network package
- Access: Write
- Resources:
  Name: network-package
  
  Required: Yes
GetSolFunctionInstance
- Description: Grants permission to get a function instance
- Access: Read
- Resources:
  Name: function-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolFunctionPackage
- Description: Grants permission to get a function package
- Access: Read
- Resources:
  Name: function-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolFunctionPackageContent
- Description: Grants permission to get a function package contents
- Access: Read
- Resources:
  Name: function-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolFunctionPackageDescriptor
- Description: Grants permission to get a function package descriptor
- Access: Read
- Resources:
  Name: function-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolNetworkInstance
- Description: Grants permission to get a network instance
- Access: Read
- Resources:
  Name: network-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolNetworkOperation
- Description: Grants permission to get a network operation
- Access: Read
- Resources:
  Name: network-operation
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolNetworkPackage
- Description: Grants permission to get a network package
- Access: Read
- Resources:
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolNetworkPackageContent
- Description: Grants permission to get a network package contents
- Access: Read
- Resources:
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSolNetworkPackageDescriptor
- Description: Grants permission to get a network package descriptor
- Access: Read
- Resources:
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
InstantiateSolNetworkInstance
- Description: Grants permission to instantiate a network instance
- Access: Write
- Resources:
  Name: network-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSolFunctionInstances
- Description: Grants permission to list function instances
- Access: List
- Resources:
  Name: function-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSolFunctionPackages
- Description: Grants permission to list function packages
- Access: List
- Resources:
  Name: function-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSolNetworkInstances
- Description: Grants permission to list network instances
- Access: List
- Resources:
  Name: network-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSolNetworkOperations
- Description: Grants permission to list network operations
- Access: List
- Resources:
  Name: network-operation
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSolNetworkPackages
- Description: Grants permission to list network packages
- Access: List
- Resources:
  Name: network-package
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
PutSolFunctionPackageContent
- Description: Grants permission to upload function package content
- Access: Write
- Resources:
  Name: function-package
  
  Required: Yes
PutSolNetworkPackageContent
- Description: Grants permission to upload network package content
- Access: Write
- Resources:
  Name: network-package
  
  Required: Yes
TagResource
- Description: Grants permission to add tags to the specified resource
- Access: Tagging
- Resources:
  Name: function-instance
  
  Required: No
  
  Name: function-package
  
  Required: No
  
  Name: network-instance
  
  Required: No
  
  Name: network-operation
  
  Required: No
  
  Name: network-package
  
  Required: No
- Conditions:
  aws:TagKeys
  
  aws:RequestTag/${TagKey}
TerminateSolNetworkInstance
- Description: Grants permission to terminate a network instance
- Access: Write
- Resources:
  Name: network-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UntagResource
- Description: Grants permission to remove tags from the specified resource
- Access: Tagging
- Resources:
  Name: function-instance
  
  Required: No
  
  Name: function-package
  
  Required: No
  
  Name: network-instance
  
  Required: No
  
  Name: network-operation
  
  Required: No
  
  Name: network-package
  
  Required: No
- Conditions:
  aws:TagKeys
UpdateSolFunctionPackage
- Description: Grants permission to update a function package
- Access: Write
- Resources:
  Name: function-package
  
  Required: Yes
UpdateSolNetworkInstance
- Description: Grants permission to update a network instance
- Access: Write
- Resources:
  Name: function-instance
  
  Required: Yes
  
  Name: network-instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateSolNetworkPackage
- Description: Grants permission to update a network package
- Access: Write
- Resources:
  Name: network-package
  
  Required: Yes
ValidateSolFunctionPackageContent
- Description: Grants permission to validate function package content
- Access: Write
- Resources:
  Name: function-package
  
  Required: Yes
ValidateSolNetworkPackageContent
- Description: Grants permission to validate network package content
- Access: Write
- Resources:
  Name: network-package
  
  Required: Yes

Resources

function-package
- Arn: arn:${Partition}:tnb:${Region}:${Account}:function-package/${FunctionPackageId}
- Conditions:
  aws:ResourceTag/${TagKey}
network-package
- Arn: arn:${Partition}:tnb:${Region}:${Account}:network-package/${NetworkPackageId}
- Conditions:
  aws:ResourceTag/${TagKey}
network-instance
- Arn: arn:${Partition}:tnb:${Region}:${Account}:network-instance/${NetworkInstanceId}
- Conditions:
  aws:ResourceTag/${TagKey}
function-instance
- Arn: arn:${Partition}:tnb:${Region}:${Account}:function-instance/${FunctionInstanceId}
- Conditions:
  aws:ResourceTag/${TagKey}
network-operation
- Arn: arn:${Partition}:tnb:${Region}:${Account}:network-operation/${NetworkOperationId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by checking the presence of tag key-value pairs in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by checking tag key-value pairs attached to the resource
- Type: String
aws:TagKeys
- Description: Filters access by presence of tag keys in the request
- Type: ArrayOfString

AWS Telco Network Builder (tnb)

Additions