{ "applypendingmaintenanceaction": { "name": "ApplyPendingMaintenanceAction", "description": "Grants permission to apply pending maintenance actions on Amazon DocDB-Elastic cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "copyclustersnapshot": { "name": "CopyClusterSnapshot", "description": "Grants permission to copy a new Amazon DocDB-Elastic cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [ "docdb-elastic:CreateClusterSnapshot", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey" ] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "createcluster": { "name": "CreateCluster", "description": "Grants permission to create a new Amazon DocDB-Elastic cluster", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [ "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint", "iam:CreateServiceLinkedRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets" ] }, "createclustersnapshot": { "name": "CreateClusterSnapshot", "description": "Grants permission to create a new Amazon DocDB-Elastic cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint", "iam:CreateServiceLinkedRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets" ] }, { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "deletecluster": { "name": "DeleteCluster", "description": "Grants permission to delete a cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint" ] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "deleteclustersnapshot": { "name": "DeleteClusterSnapshot", "description": "Grants permission to delete a cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [ "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint" ] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "getcluster": { "name": "GetCluster", "description": "Grants permission to view details about a cluster", "accessLevel": "Read", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "getclustersnapshot": { "name": "GetClusterSnapshot", "description": "Grants permission to view details about a cluster snapshot", "accessLevel": "Read", "resourceTypes": [ { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "getpendingmaintenanceaction": { "name": "GetPendingMaintenanceAction", "description": "Grants permission to view details about pending maintenance actions on Amazon DocDB-Elastic cluster", "accessLevel": "Read", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "listclustersnapshots": { "name": "ListClusterSnapshots", "description": "Grants permission to list the cluster snapshots in your account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listclusters": { "name": "ListClusters", "description": "Grants permission to list the clusters in your account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listpendingmaintenanceactions": { "name": "ListPendingMaintenanceActions", "description": "Grants permission to list details about pending maintenance actions on any Amazon DocDB-Elastic cluster", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to lists tag for an DocumentDB Elastic resource", "accessLevel": "List", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "restoreclusterfromsnapshot": { "name": "RestoreClusterFromSnapshot", "description": "Grants permission to restore cluster from a Amazon DocDB-Elastic cluster snapshot", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "docdb-elastic:CreateCluster", "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint", "iam:CreateServiceLinkedRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets" ] }, { "name": "cluster-snapshot", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "startcluster": { "name": "StartCluster", "description": "Grants permission to start a stopped Amazon DocDB-Elastic cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "stopcluster": { "name": "StopCluster", "description": "Grants permission to stop an existing Amazon DocDB-Elastic cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to tag an DocumentDB Elastic resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to untag a DocumentDB Elastic resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "cluster", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "cluster-snapshot", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "updatecluster": { "name": "UpdateCluster", "description": "Grants permission to modify a cluster", "accessLevel": "Write", "resourceTypes": [ { "name": "cluster", "required": true, "conditionKeys": [], "dependentActions": [ "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyVpcEndpoint", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets" ] } ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" ], "dependentActions": [] } }