{ "acceptinvitation": { "name": "AcceptInvitation", "description": "Grants permission to accept an invitation to become a member of a behavior graph", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "batchgetgraphmemberdatasources": { "name": "BatchGetGraphMemberDatasources", "description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "batchgetmembershipdatasources": { "name": "BatchGetMembershipDatasources", "description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "creategraph": { "name": "CreateGraph", "description": "Grants permission to create a behavior graph and begin to aggregate security information", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:TagKeys", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependentActions": [ "detective:TagResource" ] }, "createmembers": { "name": "CreateMembers", "description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletegraph": { "name": "DeleteGraph", "description": "Grants permission to delete a behavior graph and stop aggregating security information", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletemembers": { "name": "DeleteMembers", "description": "Grants permission to remove member accounts from a behavior graph managed by this account", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeorganizationconfiguration": { "name": "DescribeOrganizationConfiguration", "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "organizations:DescribeOrganization" ] }, "disableorganizationadminaccount": { "name": "DisableOrganizationAdminAccount", "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [ "organizations:DescribeOrganization" ] }, "disassociatemembership": { "name": "DisassociateMembership", "description": "Grants permission to remove the association of this account with a behavior graph", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "enableorganizationadminaccount": { "name": "EnableOrganizationAdminAccount", "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [ "iam:CreateServiceLinkedRole", "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator" ] }, "getfreetrialeligibility": { "name": "GetFreeTrialEligibility", "isPermissionOnly": true, "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getgraphingeststate": { "name": "GetGraphIngestState", "isPermissionOnly": true, "description": "Grants permission to retrieve the data ingestion state of a behavior graph", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getinvestigation": { "name": "GetInvestigation", "description": "Grants permission to get an investigation's status and metadata", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getmembers": { "name": "GetMembers", "description": "Grants permission to retrieve details on specified members of a behavior graph", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getpricinginformation": { "name": "GetPricingInformation", "isPermissionOnly": true, "description": "Grants permission to retrieve information about Amazon Detective's pricing", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getusageinformation": { "name": "GetUsageInformation", "isPermissionOnly": true, "description": "Grants permission to list usage information of a behavior graph", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "invokeassistant": { "name": "InvokeAssistant", "isPermissionOnly": true, "description": "Grants permission to invoke Detective's Assistant", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listdatasourcepackages": { "name": "ListDatasourcePackages", "description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listgraphs": { "name": "ListGraphs", "description": "Grants permission to list behavior graphs managed by this account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listhighdegreeentities": { "name": "ListHighDegreeEntities", "isPermissionOnly": true, "description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listindicators": { "name": "ListIndicators", "description": "Grants permission to list the indicators of an investigation", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listinvestigations": { "name": "ListInvestigations", "description": "Grants permission to list the investigations of a behavior graph", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listinvitations": { "name": "ListInvitations", "description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listmembers": { "name": "ListMembers", "description": "Grants permission to retrieve details on all members of a behavior graph", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listorganizationadminaccount": { "name": "ListOrganizationAdminAccount", "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [ "organizations:DescribeOrganization" ] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to list the tag values that are assigned to a behavior graph", "accessLevel": "List", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "rejectinvitation": { "name": "RejectInvitation", "description": "Grants permission to reject an invitation to become a member of a behavior graph", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "searchgraph": { "name": "SearchGraph", "isPermissionOnly": true, "description": "Grants permission to search the data stored in a behavior graph", "accessLevel": "Read", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startinvestigation": { "name": "StartInvestigation", "description": "Grants permission to start investigations", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "startmonitoringmember": { "name": "StartMonitoringMember", "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to assign tag values to a behavior graph", "accessLevel": "Tagging", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to remove tag values from a behavior graph", "accessLevel": "Tagging", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "updatedatasourcepackages": { "name": "UpdateDatasourcePackages", "description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateinvestigationstate": { "name": "UpdateInvestigationState", "description": "Grants permission to update an investigation's state and metadata", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateorganizationconfiguration": { "name": "UpdateOrganizationConfiguration", "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", "accessLevel": "Write", "resourceTypes": [ { "name": "Graph", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "organizations:DescribeOrganization" ] } }