Change log of AWS IAM permissions

2025-12-23

22 new actions, 3 new resources

Additions

Actions

AttachRuleGroupsToProxyConfiguration
- Description: Grants permission to attach proxy rule groups to a proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
  
  Name: ProxyRuleGroup
  
  Required: Yes
CreateProxy
- Description: Grants permission to create an AWS Network Firewall proxy
- Access: Write
- Resources:
  Name: Proxy
  
  Required: Yes
  
  Name: ProxyConfiguration
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  ec2:AttachApplianceToNatGateway
CreateProxyConfiguration
- Description: Grants permission to create an AWS Network Firewall proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
  
  Name: ProxyRuleGroup
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateProxyRuleGroup
- Description: Grants permission to create an AWS Network Firewall proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateProxyRules
- Description: Grants permission to add proxy rules to a proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
DeleteProxy
- Description: Grants permission to delete a proxy
- Access: Write
- Resources:
  Name: Proxy
  
  Required: Yes
- Dependents:
  ec2:DetachApplianceFromNatGateway
DeleteProxyConfiguration
- Description: Grants permission to delete a proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
DeleteProxyRuleGroup
- Description: Grants permission to delete a proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
DeleteProxyRules
- Description: Grants permission to remove proxy rules from a proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
DescribeProxy
- Description: Grants permission to retrieve the data objects that define a proxy
- Access: Read
- Resources:
  Name: Proxy
  
  Required: Yes
DescribeProxyConfiguration
- Description: Grants permission to retrieve the data objects that define a proxy configuration
- Access: Read
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
DescribeProxyRule
- Description: Grants permission to retrieve the data objects that define a proxy rule
- Access: Read
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
DescribeProxyRuleGroup
- Description: Grants permission to retrieve the data objects that define a proxy rule group
- Access: Read
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
DetachRuleGroupsFromProxyConfiguration
- Description: Grants permission to detach proxy rule groups from a proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
  
  Name: ProxyRuleGroup
  
  Required: Yes
ListProxies
- Description: Grants permission to retrieve the metadata for proxies
- Access: List
- Resources:
  Name: Proxy
  
  Required: Yes
ListProxyConfigurations
- Description: Grants permission to retrieve the metadata for proxy configurations
- Access: List
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
ListProxyRuleGroups
- Description: Grants permission to retrieve the metadata for proxy rule groups
- Access: List
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
UpdateProxy
- Description: Grants permission to modify a proxy
- Access: Write
- Resources:
  Name: Proxy
  
  Required: Yes
UpdateProxyConfiguration
- Description: Grants permission to modify a proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
UpdateProxyRule
- Description: Grants permission to update an existing proxy rule on a proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes
UpdateProxyRuleGroupPriorities
- Description: Grants permission to modify rule group priorities on a proxy configuration
- Access: Write
- Resources:
  Name: ProxyConfiguration
  
  Required: Yes
UpdateProxyRulePriorities
- Description: Grants permission to update proxy rule priorities within a proxy rule group
- Access: Write
- Resources:
  Name: ProxyRuleGroup
  
  Required: Yes

Resources

ProxyRuleGroup
- Arn: arn:${Partition}:network-firewall:${Region}:${Account}:proxy-rule-group/${Name}
- Conditions:
  aws:ResourceTag/${TagKey}
ProxyConfiguration
- Arn: arn:${Partition}:network-firewall:${Region}:${Account}:proxy-configuration/${Name}
- Conditions:
  aws:ResourceTag/${TagKey}
Proxy
- Arn: arn:${Partition}:network-firewall:${Region}:${Account}:proxy/${Name}
- Conditions:
  aws:ResourceTag/${TagKey}

AWS Network Firewall (network-firewall)

Additions