{ "associateeiptovlan": { "name": "AssociateEipToVlan", "description": "Grants permission to associate an Elastic IP address (EIP) with a public VLAN in an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "ec2:AssociateAddress", "ec2:DescribeAddresses" ] }, "createentitlement": { "name": "CreateEntitlement", "description": "Grants permission to create an entitlement in an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createenvironment": { "name": "CreateEnvironment", "description": "Grants permission to create an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [ "ec2:CreateNetworkInterface", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DeleteSubnet", "ec2:DeleteVolume", "ec2:DescribeAddresses", "ec2:DescribeDhcpOptions", "ec2:DescribeHosts", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRouteServerEndpoints", "ec2:DescribeRouteServerPeers", "ec2:DescribeRouteServers", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface", "ec2:DetachVolume", "ec2:GetAllowedImagesSettings", "ec2:GetRouteServerAssociations", "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RunInstances", "ec2:TerminateInstances", "iam:CreateServiceLinkedRole", "kms:DescribeKey", "kms:ListAliases", "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetRandomPassword", "secretsmanager:GetSecretValue", "secretsmanager:TagResource", "secretsmanager:UpdateSecret", "servicequotas:GetServiceQuota", "servicequotas:ListServiceQuotas", "support:DescribeServices", "support:DescribeSupportLevel" ] }, "createenvironmentconnector": { "name": "CreateEnvironmentConnector", "description": "Grants permission to create a connector in an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createenvironmenthost": { "name": "CreateEnvironmentHost", "description": "Grants permission to add host to an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "ec2:CreateNetworkInterface", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DescribeDhcpOptions", "ec2:DescribeHosts", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RunInstances", "evs:CreateEnvironmentHost", "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetRandomPassword", "secretsmanager:GetSecretValue", "secretsmanager:TagResource", "secretsmanager:UpdateSecret", "servicequotas:GetServiceQuota", "servicequotas:ListServiceQuotas" ] }, "deleteentitlement": { "name": "DeleteEntitlement", "description": "Grants permission to delete an entitlement from an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteenvironment": { "name": "DeleteEnvironment", "description": "Grants permission to delete an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "ec2:DeleteNetworkInterface", "ec2:DeleteSubnet", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "ec2:TerminateInstances", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue" ] }, "deleteenvironmentconnector": { "name": "DeleteEnvironmentConnector", "description": "Grants permission to delete a connector from an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteenvironmenthost": { "name": "DeleteEnvironmentHost", "description": "Grants permission to delete a host from an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "ec2:DeleteNetworkInterface", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "ec2:TerminateInstances", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue" ] }, "disassociateeipfromvlan": { "name": "DisassociateEipFromVlan", "description": "Grants permission to disassociate an Elastic IP address (EIP) from a public VLAN in an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "ec2:DisassociateAddress" ] }, "getdepoturl": { "name": "GetDepotUrl", "description": "Grants permission to get an Amazon EVS environment depot url", "accessLevel": "Read", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getenvironment": { "name": "GetEnvironment", "description": "Grants permission to get an Amazon EVS environment", "accessLevel": "Read", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getversions": { "name": "GetVersions", "description": "Grants permission to get versions provided for launch by Amazon EVS", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listenvironmentconnectors": { "name": "ListEnvironmentConnectors", "description": "Grants permission to retrieve a list of connectors associated with an Amazon EVS environment", "accessLevel": "List", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listenvironmenthosts": { "name": "ListEnvironmentHosts", "description": "Grants permission to retrieve a list of hosts associated with an Amazon EVS environment", "accessLevel": "List", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listenvironmentvlans": { "name": "ListEnvironmentVlans", "description": "Grants permission to retrieve a list of Amazon EVS environment VLANs", "accessLevel": "List", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listenvironments": { "name": "ListEnvironments", "description": "Grants permission to retrieve a list of Amazon EVS environments in an account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to list the tags on a specified resource ARN", "accessLevel": "Read", "resourceTypes": [ { "name": "environment", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listvmentitlements": { "name": "ListVmEntitlements", "description": "Grants permission to retrieve a list of entitlements associated with an Amazon EVS environment", "accessLevel": "List", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to tag a specified resource ARN", "accessLevel": "Tagging", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to remove tags from a specified resource ARN", "accessLevel": "Tagging", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "updateenvironmentconnector": { "name": "UpdateEnvironmentConnector", "description": "Grants permission to update a connector in an Amazon EVS environment", "accessLevel": "Write", "resourceTypes": [ { "name": "environment", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] } }