Merge pull request #716 from udondan/update-aws-managed-policies

udondan · May 22, 2024 · a7bb82e · a7bb82e
2 parents 6893bcf + 17a7c90
commit a7bb82e
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 2 deletions.
diff --git a/docs/source/_static/managed-policies/AWSBillingReadOnlyAccess.json b/docs/source/_static/managed-policies/AWSBillingReadOnlyAccess.json
@@ -26,6 +26,9 @@
         "ce:ListCostCategoryDefinitions",
         "ce:ListTagsForResource",
         "ce:ListCostAllocationTags",
+        "ce:ListCostAllocationTagBackfillHistory",
+        "ce:GetTags",
+        "ce:GetDimensionValues",
         "consolidatedbilling:ListLinkedAccounts",
         "consolidatedbilling:GetAccountBillingRole",
         "cur:GetClassicReport",

diff --git a/docs/source/_static/managed-policies/AWSDataExchangeSubscriberFullAccess.json b/docs/source/_static/managed-policies/AWSDataExchangeSubscriberFullAccess.json
@@ -2,6 +2,7 @@
   "Version": "2012-10-17",
   "Statement": [
     {
+      "Sid": "DataExchangeReadOnlyActions",
       "Effect": "Allow",
       "Action": [
         "dataexchange:Get*",
@@ -10,6 +11,7 @@
       "Resource": "*"
     },
     {
+      "Sid": "DataExchangeExportActions",
       "Effect": "Allow",
       "Action": [
         "dataexchange:CreateJob",
@@ -28,6 +30,7 @@
       }
     },
     {
+      "Sid": "DataExchangeEventActionActions",
       "Effect": "Allow",
       "Action": [
         "dataexchange:CreateEventAction",
@@ -38,6 +41,7 @@
       "Resource": "*"
     },
     {
+      "Sid": "S3GetActionConditionalResourceAndADX",
       "Effect": "Allow",
       "Action": "s3:GetObject",
       "Resource": "arn:aws:s3:::*aws-data-exchange*",
@@ -50,6 +54,7 @@
       }
     },
     {
+      "Sid": "S3ReadActions",
       "Effect": "Allow",
       "Action": [
         "s3:GetBucketLocation",
@@ -59,18 +64,21 @@
       "Resource": "*"
     },
     {
+      "Sid": "AWSMarketplaceSubscriberActions",
       "Effect": "Allow",
       "Action": [
         "aws-marketplace:Subscribe",
         "aws-marketplace:Unsubscribe",
         "aws-marketplace:ViewSubscriptions",
         "aws-marketplace:GetAgreementRequest",
         "aws-marketplace:ListAgreementRequests",
-        "aws-marketplace:CancelAgreementRequest"
+        "aws-marketplace:CancelAgreementRequest",
+        "aws-marketplace:ListPrivateListings"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "KMSActions",
       "Effect": "Allow",
       "Action": [
         "kms:DescribeKey",

diff --git a/docs/source/_static/managed-policies/AmazonSESServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonSESServiceRolePolicy.json
@@ -0,0 +1,20 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AllowPutMetricDataToSESCloudWatchNamespaces",
+      "Effect": "Allow",
+      "Action": "cloudwatch:PutMetricData",
+      "Resource": "*",
+      "Condition": {
+        "StringLike": {
+          "cloudwatch:namespace": [
+            "AWS/SES",
+            "AWS/SES/MailManager",
+            "AWS/SES/Addons"
+          ]
+        }
+      }
+    }
+  ]
+}
diff --git a/docs/source/_static/managed-policies/Billing.json b/docs/source/_static/managed-policies/Billing.json
@@ -50,6 +50,10 @@
         "ce:UpdateReport",
         "ce:UpdateCostCategoryDefinition",
         "ce:UntagResource",
+        "ce:StartCostAllocationTagBackfill",
+        "ce:ListCostAllocationTagBackfillHistory",
+        "ce:GetTags",
+        "ce:GetDimensionValues",
         "consolidatedbilling:GetAccountBillingRole",
         "consolidatedbilling:ListLinkedAccounts",
         "cur:DeleteReportDefinition",

diff --git a/docs/source/_static/managed-policies/index.json b/docs/source/_static/managed-policies/index.json
diff --git a/lib/generated/aws-managed-policies/cdk-iam-floyd.ts b/lib/generated/aws-managed-policies/cdk-iam-floyd.ts
@@ -1999,6 +1999,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSESReadOnlyAccess);
     }
 
+    /** Allows SES to publish Amazon CloudWatch basic monitoring metrics on behalf of your SES resources */
+    public AmazonSESServiceRolePolicy(): aws_iam.IManagedPolicy {
+        return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSESServiceRolePolicy);
+    }
+
     /** Provides full access to Amazon SNS via the AWS Management Console. */
     public AmazonSNSFullAccess(): aws_iam.IManagedPolicy {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSNSFullAccess);

diff --git a/lib/generated/aws-managed-policies/iam-floyd.ts b/lib/generated/aws-managed-policies/iam-floyd.ts
@@ -796,6 +796,8 @@ export class AwsManagedPolicy {
     public static AmazonSESFullAccess = 'AmazonSESFullAccess';
     /** Provides read only access to Amazon SES via the AWS Management Console. */
     public static AmazonSESReadOnlyAccess = 'AmazonSESReadOnlyAccess';
+    /** Allows SES to publish Amazon CloudWatch basic monitoring metrics on behalf of your SES resources */
+    public static AmazonSESServiceRolePolicy = 'aws-service-role/AmazonSESServiceRolePolicy';
     /** Provides full access to Amazon SNS via the AWS Management Console. */
     public static AmazonSNSFullAccess = 'AmazonSNSFullAccess';
     /** Provides read only access to Amazon SNS via the AWS Management Console. */