Change log of AWS IAM permissions

2023-06-15

13 new actions, 1 new resource | 3 updated actions

Additions

Actions

AssociateProfiles
- Description: Grants permission to associate a profile to the specified workload
- Access: Write
- Resources:
  Name: workload
  
  Required: Yes
CreateProfile
- Description: Grants permission to create a new profile
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateProfileShare
- Description: Grants permission to an owner of a profile to share with other AWS accounts and IAM Users
- Access: Write
- Resources:
  Name: profile
  
  Required: Yes
DeleteProfile
- Description: Grants permission to delete a profile
- Access: Write
- Resources:
  Name: profile
  
  Required: Yes
DeleteProfileShare
- Description: Grants permission to delete an existing profile share
- Access: Write
- Resources:
  Name: profile
  
  Required: Yes
DisassociateProfiles
- Description: Grants permission to disassociate a profile from the specified workload
- Access: Write
- Resources:
  Name: workload
  
  Required: Yes
GetProfile
- Description: Grants permission to retrieve the specified profile
- Access: Read
- Resources:
  Name: profile
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetProfileTemplate
- Description: Grants permission to retrieve the specified profile template
- Access: Read
ListProfileNotifications
- Description: Grants permission to list profile notifications related to specified resource
- Access: List
ListProfileShares
- Description: Grants permission to list all shares created for a profile
- Access: List
- Resources:
  Name: profile
  
  Required: Yes
ListProfiles
- Description: Grants permission to list the profiles available to this account
- Access: List
UpdateProfile
- Description: Grants permission to update properties of the specified profile
- Access: Write
- Resources:
  Name: profile
  
  Required: Yes
UpgradeProfileVersion
- Description: Grants permission to upgrade the specified workload to use the latest version of the associated profile
- Access: Write
- Resources:
  Name: profile
  
  Required: Yes
  
  Name: workload
  
  Required: Yes

Resources

profile
- Arn: arn:${Partition}:wellarchitected:${Region}:${Account}:profile/${ResourceId}
- Conditions:
  aws:ResourceTag/${TagKey}

Updates

Actions

ListTagsForResource
- ＋ profile
TagResource
- ＋ profile
UntagResource
- ＋ profile

AWS Well-Architected Tool (wellarchitected)

Additions

Updates