Merge pull request #712 from udondan/update-aws-managed-policies

udondan · May 20, 2024 · 324b743 · 324b743
2 parents 571c0c6 + db64035
commit 324b743
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 2 deletions.
diff --git a/docs/source/_static/managed-policies/AWSApplicationMigrationFullAccess.json b/docs/source/_static/managed-policies/AWSApplicationMigrationFullAccess.json
@@ -2,13 +2,15 @@
   "Version": "2012-10-17",
   "Statement": [
     {
+      "Sid": "VisualEditor0",
       "Effect": "Allow",
       "Action": [
         "mgn:*"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor1",
       "Effect": "Allow",
       "Action": [
         "kms:ListAliases",
@@ -17,6 +19,7 @@
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor2",
       "Effect": "Allow",
       "Action": [
         "ec2:DescribeKeyPairs",
@@ -43,21 +46,25 @@
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor3",
       "Effect": "Allow",
       "Action": "license-manager:ListLicenseConfigurations",
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor4",
       "Effect": "Allow",
       "Action": "elasticloadbalancing:DescribeLoadBalancers",
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor5",
       "Effect": "Allow",
       "Action": "iam:ListInstanceProfiles",
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor6",
       "Effect": "Allow",
       "Action": "iam:PassRole",
       "Resource": [
@@ -74,13 +81,15 @@
       }
     },
     {
+      "Sid": "VisualEditor7",
       "Effect": "Allow",
       "Action": [
         "drs:DescribeSourceServers"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor8",
       "Effect": "Allow",
       "Action": [
         "ssm:SendCommand"
@@ -98,13 +107,15 @@
       }
     },
     {
+      "Sid": "VisualEditor9",
       "Effect": "Allow",
       "Action": [
         "ssm:ListCommandInvocations"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor10",
       "Effect": "Allow",
       "Action": [
         "ssm:DescribeInstanceInformation",
@@ -118,6 +129,7 @@
       }
     },
     {
+      "Sid": "VisualEditor11",
       "Effect": "Allow",
       "Action": [
         "ssm:DescribeDocument",
@@ -134,6 +146,7 @@
       }
     },
     {
+      "Sid": "VisualEditor12",
       "Effect": "Allow",
       "Action": [
         "drs:DisconnectSourceServer"
@@ -149,6 +162,7 @@
       }
     },
     {
+      "Sid": "VisualEditor13",
       "Effect": "Allow",
       "Action": [
         "ssm:GetParameter",
@@ -157,20 +171,23 @@
       "Resource": "arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*"
     },
     {
+      "Sid": "VisualEditor14",
       "Effect": "Allow",
       "Action": [
         "servicequotas:GetServiceQuota"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "VisualEditor15",
       "Effect": "Allow",
       "Action": [
         "ssm:GetAutomationExecution"
       ],
       "Resource": "arn:aws:ssm:*:*:automation-execution/*"
     },
     {
+      "Sid": "VisualEditor16",
       "Effect": "Allow",
       "Action": [
         "ssm:GetDocument"
@@ -181,6 +198,7 @@
       ]
     },
     {
+      "Sid": "VisualEditor17",
       "Effect": "Allow",
       "Action": [
         "ssm:GetParameters"
@@ -193,6 +211,7 @@
       }
     },
     {
+      "Sid": "VisualEditor18",
       "Effect": "Allow",
       "Action": [
         "ssm:StartAutomationExecution"
@@ -205,6 +224,7 @@
       }
     },
     {
+      "Sid": "VisualEditor19",
       "Effect": "Allow",
       "Action": "ssm:ListCommands",
       "Resource": "*",
@@ -213,6 +233,21 @@
           "aws:CalledVia": "ssm.amazonaws.com"
         }
       }
+    },
+    {
+      "Sid": "VisualEditor20",
+      "Effect": "Allow",
+      "Action": [
+        "ssm:DescribeParameters"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "ForAnyValue:StringEquals": {
+          "aws:CalledVia": [
+            "mgn.amazonaws.com"
+          ]
+        }
+      }
     }
   ]
 }
diff --git a/docs/source/_static/managed-policies/AWSElasticDisasterRecoveryConsoleFullAccess_v2.json b/docs/source/_static/managed-policies/AWSElasticDisasterRecoveryConsoleFullAccess_v2.json
@@ -420,7 +420,8 @@
       "Sid": "ConsoleFullAccess30",
       "Effect": "Allow",
       "Action": [
-        "ssm:DescribeInstanceInformation"
+        "ssm:DescribeInstanceInformation",
+        "ssm:DescribeParameters"
       ],
       "Resource": [
         "*"

diff --git a/docs/source/_static/managed-policies/AWSElasticDisasterRecoveryLaunchActionsPolicy.json b/docs/source/_static/managed-policies/AWSElasticDisasterRecoveryLaunchActionsPolicy.json
@@ -5,7 +5,8 @@
       "Sid": "LaunchActionsPolicy1",
       "Effect": "Allow",
       "Action": [
-        "ssm:DescribeInstanceInformation"
+        "ssm:DescribeInstanceInformation",
+        "ssm:DescribeParameters"
       ],
       "Resource": [
         "*"