Change log of AWS IAM permissions

2026-05-29

48 new actions, 3 new resources

Additions

Actions

CreateAssertion
- Description: Grants permission to create an assertion for a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateInputSource
- Description: Grants permission to create an input source for a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreatePolicy
- Description: Grants permission to create a resilience policy that defines availability and disaster recovery requirements
- Access: Write
- Resources:
  Name: policy
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateReport
- Description: Grants permission to create a report for a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateService
- Description: Grants permission to create a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
  
  Name: policy
  
  Required: No
  
  Name: system
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  aws:ResourceTag/${TagKey}
CreateServiceFunction
- Description: Grants permission to create a service function
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateServiceFunctionResources
- Description: Grants permission to create service function resources
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
CreateSystem
- Description: Grants permission to create a system that represents a logical grouping of services
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateUserJourney
- Description: Grants permission to create a user journey within a system
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
  
  Name: policy
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteAssertion
- Description: Grants permission to delete an assertion
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteInputSource
- Description: Grants permission to delete an input source
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeletePolicy
- Description: Grants permission to delete a resilience policy
- Access: Write
- Resources:
  Name: policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteService
- Description: Grants permission to delete a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteServiceFunction
- Description: Grants permission to delete a service function
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteServiceFunctionResources
- Description: Grants permission to delete service function resources
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteSystem
- Description: Grants permission to delete a system
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
DeleteUserJourney
- Description: Grants permission to delete a user journey
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetFailureModeFinding
- Description: Grants permission to retrieve a failure mode finding
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetPolicy
- Description: Grants permission to retrieve a resilience policy
- Access: Read
- Resources:
  Name: policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetService
- Description: Grants permission to retrieve a service
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetSystem
- Description: Grants permission to retrieve a system
- Access: Read
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
GetUserJourney
- Description: Grants permission to retrieve a user journey
- Access: Read
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ImportApp
- Description: Grants permission to import a V1 app into the V2 resource model
- Access: Write
- Resources:
  Name: application
  
  Required: Yes
  
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
ImportPolicy
- Description: Grants permission to import a V1 policy into V2
- Access: Write
- Resources:
  Name: policy
  
  Required: Yes
  
  Name: resiliency-policy
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  aws:ResourceTag/${TagKey}
ListAssertions
- Description: Grants permission to list assertions for a service
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListDependencies
- Description: Grants permission to list dependencies discovered for services
- Access: Read
ListFailureModeAssessments
- Description: Grants permission to list failure mode assessments
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListFailureModeFindings
- Description: Grants permission to list failure mode findings
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListInputSources
- Description: Grants permission to list input sources for a service
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListPolicies
- Description: Grants permission to list resilience policies
- Access: Read
ListReports
- Description: Grants permission to list reports
- Access: Read
- Resources:
  Name: service
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
ListResources
- Description: Grants permission to list resources for a service
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListServiceEvents
- Description: Grants permission to list events for a service
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListServiceFunctions
- Description: Grants permission to list service functions
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListServiceTopologyEdges
- Description: Grants permission to list service topology edges
- Access: Read
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListServices
- Description: Grants permission to list services
- Access: Read
ListSystemEvents
- Description: Grants permission to list events for a system
- Access: Read
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
ListSystems
- Description: Grants permission to list systems
- Access: Read
ListUserJourneys
- Description: Grants permission to list user journeys for a system
- Access: Read
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
StartFailureModeAssessment
- Description: Grants permission to start a failure mode assessment
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateAssertion
- Description: Grants permission to update an assertion
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateDependency
- Description: Grants permission to update a dependency classification
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateFailureModeFinding
- Description: Grants permission to update a failure mode finding
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdatePolicy
- Description: Grants permission to update a resilience policy
- Access: Write
- Resources:
  Name: policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateService
- Description: Grants permission to update a service
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
  
  Name: policy
  
  Required: No
  
  Name: system
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateServiceFunction
- Description: Grants permission to update a service function
- Access: Write
- Resources:
  Name: service
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateSystem
- Description: Grants permission to update a system
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
UpdateUserJourney
- Description: Grants permission to update a user journey
- Access: Write
- Resources:
  Name: system
  
  Required: Yes
  
  Name: policy
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}

Resources

policy
- Arn: arn:${Partition}:resiliencehub:${Region}:${Account}:policy/${PolicyId}
- Conditions:
  aws:ResourceTag/${TagKey}
service
- Arn: arn:${Partition}:resiliencehub:${Region}:${Account}:service/${ServiceId}
- Conditions:
  aws:ResourceTag/${TagKey}
system
- Arn: arn:${Partition}:resiliencehub:${Region}:${Account}:system/${SystemId}
- Conditions:
  aws:ResourceTag/${TagKey}

AWS Resilience Hub (resiliencehub)

Additions