diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index ddbd02a88ab..94db8a76a27 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -64079,7 +64079,12 @@ }, { "name": "CloudWatchFullAccess", - "value": "arn:aws:iam::aws:policy/CloudWatchFullAccess" + "value": "arn:aws:iam::aws:policy/CloudWatchFullAccess", + "deprecationMessage": "This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead." + }, + { + "name": "CloudWatchFullAccessV2", + "value": "arn:aws:iam::aws:policy/CloudWatchFullAccessV2" }, { "name": "CloudWatchInternetMonitorServiceRolePolicy", diff --git a/provider/resources.go b/provider/resources.go index 9587742e106..5b754fc6590 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -5644,7 +5644,12 @@ $ pulumi import aws:networkfirewall/resourcePolicy:ResourcePolicy example arn:aw {Name: "CloudWatchEventsInvocationAccess", Value: "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess"}, {Name: "CloudWatchEventsReadOnlyAccess", Value: "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess"}, {Name: "CloudWatchEventsServiceRolePolicy", Value: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy"}, - {Name: "CloudWatchFullAccess", Value: "arn:aws:iam::aws:policy/CloudWatchFullAccess"}, + { + Name: "CloudWatchFullAccess", + Value: "arn:aws:iam::aws:policy/CloudWatchFullAccess", + DeprecationMessage: "This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead.", + }, + {Name: "CloudWatchFullAccessV2", Value: "arn:aws:iam::aws:policy/CloudWatchFullAccessV2"}, {Name: "CloudWatchInternetMonitorServiceRolePolicy", Value: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy"}, {Name: "CloudWatchLambdaInsightsExecutionRolePolicy", Value: "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"}, {Name: "CloudWatchLogsCrossAccountSharingConfiguration", Value: "arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration"}, diff --git a/sdk/dotnet/Iam/Enums.cs b/sdk/dotnet/Iam/Enums.cs index ded2f899deb..209946beb7e 100644 --- a/sdk/dotnet/Iam/Enums.cs +++ b/sdk/dotnet/Iam/Enums.cs @@ -999,7 +999,9 @@ private ManagedPolicy(string value) public static ManagedPolicy CloudWatchEventsInvocationAccess { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess"); public static ManagedPolicy CloudWatchEventsReadOnlyAccess { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess"); public static ManagedPolicy CloudWatchEventsServiceRolePolicy { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy"); + [Obsolete(@"This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead.")] public static ManagedPolicy CloudWatchFullAccess { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchFullAccess"); + public static ManagedPolicy CloudWatchFullAccessV2 { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchFullAccessV2"); public static ManagedPolicy CloudWatchInternetMonitorServiceRolePolicy { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy"); public static ManagedPolicy CloudWatchLambdaInsightsExecutionRolePolicy { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"); public static ManagedPolicy CloudWatchLogsCrossAccountSharingConfiguration { get; } = new ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration"); diff --git a/sdk/go/aws/iam/pulumiEnums.go b/sdk/go/aws/iam/pulumiEnums.go index fbf69fd826e..95e88878a75 100644 --- a/sdk/go/aws/iam/pulumiEnums.go +++ b/sdk/go/aws/iam/pulumiEnums.go @@ -996,99 +996,101 @@ const ( ManagedPolicyCloudWatchEventsInvocationAccess = ManagedPolicy("arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess") ManagedPolicyCloudWatchEventsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess") ManagedPolicyCloudWatchEventsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy") - ManagedPolicyCloudWatchFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchFullAccess") - ManagedPolicyCloudWatchInternetMonitorServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy") - ManagedPolicyCloudWatchLambdaInsightsExecutionRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy") - ManagedPolicyCloudWatchLogsCrossAccountSharingConfiguration = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration") - ManagedPolicyCloudWatchLogsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsFullAccess") - ManagedPolicyCloudWatchLogsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess") - ManagedPolicyCloudWatchReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess") - ManagedPolicyCloudWatchSyntheticsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess") - ManagedPolicyCloudWatchSyntheticsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess") - ManagedPolicyCloudwatchApplicationInsightsServiceLinkedRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy") - ManagedPolicyComprehendDataAccessRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy") - ManagedPolicyComprehendFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendFullAccess") - ManagedPolicyComprehendMedicalFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendMedicalFullAccess") - ManagedPolicyComprehendReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendReadOnly") - ManagedPolicyComputeOptimizerReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess") - ManagedPolicyComputeOptimizerServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy") - ManagedPolicyConfigConformsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy") - ManagedPolicyDAXServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy") - ManagedPolicyDataScientist = ManagedPolicy("arn:aws:iam::aws:policy/job-function/DataScientist") - ManagedPolicyDatabaseAdministrator = ManagedPolicy("arn:aws:iam::aws:policy/job-function/DatabaseAdministrator") - ManagedPolicyDynamoDBCloudWatchContributorInsightsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy") - ManagedPolicyDynamoDBKinesisReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy") - ManagedPolicyDynamoDBReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy") - ManagedPolicyEC2FastLaunchServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/EC2FastLaunchServiceRolePolicy") - ManagedPolicyEC2FleetTimeShiftableServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy") - ManagedPolicyEC2InstanceConnect = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceConnect") - ManagedPolicyEC2InstanceProfileForImageBuilder = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder") - ManagedPolicyEC2InstanceProfileForImageBuilderECRContainerBuilds = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds") - ManagedPolicyECRReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy") - ManagedPolicyEc2ImageBuilderCrossAccountDistributionAccess = ManagedPolicy("arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess") - ManagedPolicyEc2InstanceConnectEndpoint = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint") - ManagedPolicyElastiCacheServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy") - ManagedPolicyElasticLoadBalancingFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess") - ManagedPolicyElasticLoadBalancingReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly") - ManagedPolicyElementalActivationsDownloadSoftwareAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess") - ManagedPolicyElementalActivationsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsFullAccess") - ManagedPolicyElementalActivationsGenerateLicenses = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses") - ManagedPolicyElementalActivationsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess") - ManagedPolicyElementalAppliancesSoftwareFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess") - ManagedPolicyElementalAppliancesSoftwareReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess") - ManagedPolicyElementalSupportCenterFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess") - ManagedPolicyFMSServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy") - ManagedPolicyFSxDeleteServiceLinkedRoleAccess = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess") - ManagedPolicyFusionDevInternalServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FusionDevInternalServiceRolePolicy") - ManagedPolicyGameLiftGameServerGroupPolicy = ManagedPolicy("arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy") - ManagedPolicyGlobalAcceleratorFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess") - ManagedPolicyGlobalAcceleratorReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess") - ManagedPolicyGreengrassOTAUpdateArtifactAccess = ManagedPolicy("arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess") - ManagedPolicyGroundTruthSyntheticConsoleFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleFullAccess") - ManagedPolicyGroundTruthSyntheticConsoleReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleReadOnlyAccess") - ManagedPolicy_Health_OrganizationsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy") - ManagedPolicyIAMAccessAdvisorReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly") - ManagedPolicyIAMAccessAnalyzerFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess") - ManagedPolicyIAMAccessAnalyzerReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess") - ManagedPolicyIAMFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMFullAccess") - ManagedPolicyIAMReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMReadOnlyAccess") - ManagedPolicyIAMSelfManageServiceSpecificCredentials = ManagedPolicy("arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials") - ManagedPolicyIAMUserChangePassword = ManagedPolicy("arn:aws:iam::aws:policy/IAMUserChangePassword") - ManagedPolicyIAMUserSSHKeys = ManagedPolicy("arn:aws:iam::aws:policy/IAMUserSSHKeys") - ManagedPolicyIVSRecordToS3 = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3") - ManagedPolicyKafkaConnectServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy") - ManagedPolicyKafkaServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy") - ManagedPolicyLakeFormationDataAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy") - ManagedPolicyLexBotPolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy") - ManagedPolicyLexChannelPolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy") - ManagedPolicyLightsailExportAccess = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess") - ManagedPolicyMediaPackageServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy") - ManagedPolicyMemoryDBServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy") - ManagedPolicyMigrationHubDMSAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy") - ManagedPolicyMigrationHubSMSAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy") - ManagedPolicyMigrationHubServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy") - ManagedPolicyMonitronServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MonitronServiceRolePolicy") - ManagedPolicyNeptuneConsoleFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneConsoleFullAccess") - ManagedPolicyNeptuneFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneFullAccess") - ManagedPolicyNeptuneReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneReadOnlyAccess") - ManagedPolicyNetworkAdministrator = ManagedPolicy("arn:aws:iam::aws:policy/job-function/NetworkAdministrator") - ManagedPolicyOAMFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/OAMFullAccess") - ManagedPolicyOAMReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/OAMReadOnlyAccess") - ManagedPolicyPowerUserAccess = ManagedPolicy("arn:aws:iam::aws:policy/PowerUserAccess") - ManagedPolicyQuickSightAccessForS3StorageManagementAnalyticsReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly") - ManagedPolicyRDSCloudHsmAuthorizationRole = ManagedPolicy("arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole") - ManagedPolicyROSAManageSubscription = ManagedPolicy("arn:aws:iam::aws:policy/ROSAManageSubscription") - ManagedPolicyReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ReadOnlyAccess") - ManagedPolicyResourceGroupsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ResourceGroupsServiceRolePolicy") - ManagedPolicyResourceGroupsandTagEditorFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess") - ManagedPolicyResourceGroupsandTagEditorReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess") - ManagedPolicyRoute53RecoveryReadinessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy") - ManagedPolicyRoute53ResolverServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy") - ManagedPolicyS3StorageLensServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy") - ManagedPolicySecretsManagerReadWrite = ManagedPolicy("arn:aws:iam::aws:policy/SecretsManagerReadWrite") - ManagedPolicySecurityAudit = ManagedPolicy("arn:aws:iam::aws:policy/SecurityAudit") - ManagedPolicySecurityLakeServiceLinkedRole = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/SecurityLakeServiceLinkedRole") - ManagedPolicyServerMigrationConnector = ManagedPolicy("arn:aws:iam::aws:policy/ServerMigrationConnector") + // Deprecated: This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead. + ManagedPolicyCloudWatchFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchFullAccess") + ManagedPolicyCloudWatchFullAccessV2 = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchFullAccessV2") + ManagedPolicyCloudWatchInternetMonitorServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy") + ManagedPolicyCloudWatchLambdaInsightsExecutionRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy") + ManagedPolicyCloudWatchLogsCrossAccountSharingConfiguration = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration") + ManagedPolicyCloudWatchLogsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsFullAccess") + ManagedPolicyCloudWatchLogsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess") + ManagedPolicyCloudWatchReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess") + ManagedPolicyCloudWatchSyntheticsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess") + ManagedPolicyCloudWatchSyntheticsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess") + ManagedPolicyCloudwatchApplicationInsightsServiceLinkedRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy") + ManagedPolicyComprehendDataAccessRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy") + ManagedPolicyComprehendFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendFullAccess") + ManagedPolicyComprehendMedicalFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendMedicalFullAccess") + ManagedPolicyComprehendReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/ComprehendReadOnly") + ManagedPolicyComputeOptimizerReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess") + ManagedPolicyComputeOptimizerServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy") + ManagedPolicyConfigConformsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy") + ManagedPolicyDAXServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy") + ManagedPolicyDataScientist = ManagedPolicy("arn:aws:iam::aws:policy/job-function/DataScientist") + ManagedPolicyDatabaseAdministrator = ManagedPolicy("arn:aws:iam::aws:policy/job-function/DatabaseAdministrator") + ManagedPolicyDynamoDBCloudWatchContributorInsightsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy") + ManagedPolicyDynamoDBKinesisReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy") + ManagedPolicyDynamoDBReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy") + ManagedPolicyEC2FastLaunchServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/EC2FastLaunchServiceRolePolicy") + ManagedPolicyEC2FleetTimeShiftableServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy") + ManagedPolicyEC2InstanceConnect = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceConnect") + ManagedPolicyEC2InstanceProfileForImageBuilder = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder") + ManagedPolicyEC2InstanceProfileForImageBuilderECRContainerBuilds = ManagedPolicy("arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds") + ManagedPolicyECRReplicationServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy") + ManagedPolicyEc2ImageBuilderCrossAccountDistributionAccess = ManagedPolicy("arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess") + ManagedPolicyEc2InstanceConnectEndpoint = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint") + ManagedPolicyElastiCacheServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy") + ManagedPolicyElasticLoadBalancingFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess") + ManagedPolicyElasticLoadBalancingReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly") + ManagedPolicyElementalActivationsDownloadSoftwareAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess") + ManagedPolicyElementalActivationsFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsFullAccess") + ManagedPolicyElementalActivationsGenerateLicenses = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses") + ManagedPolicyElementalActivationsReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess") + ManagedPolicyElementalAppliancesSoftwareFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess") + ManagedPolicyElementalAppliancesSoftwareReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess") + ManagedPolicyElementalSupportCenterFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess") + ManagedPolicyFMSServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy") + ManagedPolicyFSxDeleteServiceLinkedRoleAccess = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess") + ManagedPolicyFusionDevInternalServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/FusionDevInternalServiceRolePolicy") + ManagedPolicyGameLiftGameServerGroupPolicy = ManagedPolicy("arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy") + ManagedPolicyGlobalAcceleratorFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess") + ManagedPolicyGlobalAcceleratorReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess") + ManagedPolicyGreengrassOTAUpdateArtifactAccess = ManagedPolicy("arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess") + ManagedPolicyGroundTruthSyntheticConsoleFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleFullAccess") + ManagedPolicyGroundTruthSyntheticConsoleReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/GroundTruthSyntheticConsoleReadOnlyAccess") + ManagedPolicy_Health_OrganizationsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy") + ManagedPolicyIAMAccessAdvisorReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly") + ManagedPolicyIAMAccessAnalyzerFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess") + ManagedPolicyIAMAccessAnalyzerReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess") + ManagedPolicyIAMFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMFullAccess") + ManagedPolicyIAMReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/IAMReadOnlyAccess") + ManagedPolicyIAMSelfManageServiceSpecificCredentials = ManagedPolicy("arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials") + ManagedPolicyIAMUserChangePassword = ManagedPolicy("arn:aws:iam::aws:policy/IAMUserChangePassword") + ManagedPolicyIAMUserSSHKeys = ManagedPolicy("arn:aws:iam::aws:policy/IAMUserSSHKeys") + ManagedPolicyIVSRecordToS3 = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3") + ManagedPolicyKafkaConnectServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy") + ManagedPolicyKafkaServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy") + ManagedPolicyLakeFormationDataAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy") + ManagedPolicyLexBotPolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy") + ManagedPolicyLexChannelPolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy") + ManagedPolicyLightsailExportAccess = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess") + ManagedPolicyMediaPackageServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy") + ManagedPolicyMemoryDBServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy") + ManagedPolicyMigrationHubDMSAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy") + ManagedPolicyMigrationHubSMSAccessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy") + ManagedPolicyMigrationHubServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy") + ManagedPolicyMonitronServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/MonitronServiceRolePolicy") + ManagedPolicyNeptuneConsoleFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneConsoleFullAccess") + ManagedPolicyNeptuneFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneFullAccess") + ManagedPolicyNeptuneReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/NeptuneReadOnlyAccess") + ManagedPolicyNetworkAdministrator = ManagedPolicy("arn:aws:iam::aws:policy/job-function/NetworkAdministrator") + ManagedPolicyOAMFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/OAMFullAccess") + ManagedPolicyOAMReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/OAMReadOnlyAccess") + ManagedPolicyPowerUserAccess = ManagedPolicy("arn:aws:iam::aws:policy/PowerUserAccess") + ManagedPolicyQuickSightAccessForS3StorageManagementAnalyticsReadOnly = ManagedPolicy("arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly") + ManagedPolicyRDSCloudHsmAuthorizationRole = ManagedPolicy("arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole") + ManagedPolicyROSAManageSubscription = ManagedPolicy("arn:aws:iam::aws:policy/ROSAManageSubscription") + ManagedPolicyReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ReadOnlyAccess") + ManagedPolicyResourceGroupsServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/ResourceGroupsServiceRolePolicy") + ManagedPolicyResourceGroupsandTagEditorFullAccess = ManagedPolicy("arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess") + ManagedPolicyResourceGroupsandTagEditorReadOnlyAccess = ManagedPolicy("arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess") + ManagedPolicyRoute53RecoveryReadinessServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy") + ManagedPolicyRoute53ResolverServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy") + ManagedPolicyS3StorageLensServiceRolePolicy = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy") + ManagedPolicySecretsManagerReadWrite = ManagedPolicy("arn:aws:iam::aws:policy/SecretsManagerReadWrite") + ManagedPolicySecurityAudit = ManagedPolicy("arn:aws:iam::aws:policy/SecurityAudit") + ManagedPolicySecurityLakeServiceLinkedRole = ManagedPolicy("arn:aws:iam::aws:policy/aws-service-role/SecurityLakeServiceLinkedRole") + ManagedPolicyServerMigrationConnector = ManagedPolicy("arn:aws:iam::aws:policy/ServerMigrationConnector") // Deprecated: This policy is deprecated and will be removed in a future release. Use AWSServerMigration_ServiceRole instead. ManagedPolicyServerMigrationServiceRole = ManagedPolicy("arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole") // Deprecated: This policy is deprecated and will be removed in a future release. Use AWSServiceCatalogAdminFullAccess instead. diff --git a/sdk/java/src/main/java/com/pulumi/aws/iam/enums/ManagedPolicy.java b/sdk/java/src/main/java/com/pulumi/aws/iam/enums/ManagedPolicy.java index b365755531b..0d6b0c60b8e 100644 --- a/sdk/java/src/main/java/com/pulumi/aws/iam/enums/ManagedPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/aws/iam/enums/ManagedPolicy.java @@ -1088,7 +1088,13 @@ public enum ManagedPolicy { CloudWatchEventsInvocationAccess("arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess"), CloudWatchEventsReadOnlyAccess("arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess"), CloudWatchEventsServiceRolePolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy"), + /** + * @deprecated + * This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead. + */ + @Deprecated /* This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead. */ CloudWatchFullAccess("arn:aws:iam::aws:policy/CloudWatchFullAccess"), + CloudWatchFullAccessV2("arn:aws:iam::aws:policy/CloudWatchFullAccessV2"), CloudWatchInternetMonitorServiceRolePolicy("arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy"), CloudWatchLambdaInsightsExecutionRolePolicy("arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"), CloudWatchLogsCrossAccountSharingConfiguration("arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration"), diff --git a/sdk/nodejs/iam/managedPolicies.ts b/sdk/nodejs/iam/managedPolicies.ts index ce6b81ea7c3..4571dd4e7c4 100644 --- a/sdk/nodejs/iam/managedPolicies.ts +++ b/sdk/nodejs/iam/managedPolicies.ts @@ -487,8 +487,10 @@ export module ManagedPolicies { export const CloudWatchEventsInvocationAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess"; /** Use ManagedPolicy.CloudWatchEventsReadOnlyAccess instead. */ export const CloudWatchEventsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess"; - /** Use ManagedPolicy.CloudWatchFullAccess instead. */ + /** @deprecated This policy is deprecated and will no longer be supported after December 7, 2023. Use ManagedPolicy.CloudWatchFullAccessV2 instead. */ export const CloudWatchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccess"; + /** Use ManagedPolicy.CloudWatchFullAccessV2 instead. */ + export const CloudWatchFullAccessV2: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccessV2"; /** Use ManagedPolicy.CloudWatchLogsFullAccess instead. */ export const CloudWatchLogsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"; /** Use ManagedPolicy.CloudWatchLogsReadOnlyAccess instead. */ diff --git a/sdk/nodejs/kinesis/kinesisMixins.ts b/sdk/nodejs/kinesis/kinesisMixins.ts index dfe916aee08..cf7553fb7cb 100644 --- a/sdk/nodejs/kinesis/kinesisMixins.ts +++ b/sdk/nodejs/kinesis/kinesisMixins.ts @@ -42,7 +42,7 @@ export interface StreamEventSubscriptionArgs { * * `ReportBatchItemFailures` */ readonly functionResponseTypes?: string[]; - + /** * The maximum amount of time to gather records before invoking the function, in seconds. Records will continue to buffer * until either maximum_batching_window_in_seconds expires or batch_size has been met. Defaults to as soon as records @@ -163,7 +163,7 @@ function createFunctionFromEventHandler( policies: [ iam.ManagedPolicy.AWSLambdaKinesisExecutionRole, iam.ManagedPolicy.AmazonKinesisFullAccess, - iam.ManagedPolicy.CloudWatchFullAccess, + iam.ManagedPolicy.CloudWatchFullAccessV2, iam.ManagedPolicy.CloudWatchEventsFullAccess, iam.ManagedPolicy.LambdaFullAccess, ], diff --git a/sdk/nodejs/lambda/lambdaMixins.ts b/sdk/nodejs/lambda/lambdaMixins.ts index 451a8aab23f..be4dc3211e7 100644 --- a/sdk/nodejs/lambda/lambdaMixins.ts +++ b/sdk/nodejs/lambda/lambdaMixins.ts @@ -271,7 +271,7 @@ export function createFunctionFromEventHandler( * details on this process. * If no IAM Role is specified, CallbackFunction will automatically use the following managed policies: * `AWSLambda_FullAccess` - * `CloudWatchFullAccess` + * `CloudWatchFullAccessV2` * `CloudWatchEventsFullAccess` * `AmazonS3FullAccess` * `AmazonDynamoDBFullAccess` @@ -313,7 +313,7 @@ export class CallbackFunction extends LambdaFunction { if (!args.policies) { - const policies = [iam.ManagedPolicy.LambdaFullAccess, iam.ManagedPolicy.CloudWatchFullAccess, + const policies = [iam.ManagedPolicy.LambdaFullAccess, iam.ManagedPolicy.CloudWatchFullAccessV2, iam.ManagedPolicy.CloudWatchEventsFullAccess, iam.ManagedPolicy.AmazonS3FullAccess, iam.ManagedPolicy.AmazonDynamoDBFullAccess, iam.ManagedPolicy.AmazonSQSFullAccess, iam.ManagedPolicy.AmazonKinesisFullAccess, iam.ManagedPolicy.AmazonCognitoPowerUser, diff --git a/sdk/nodejs/types/enums/iam/index.ts b/sdk/nodejs/types/enums/iam/index.ts index 3ae285eaddf..50b5563ff0e 100644 --- a/sdk/nodejs/types/enums/iam/index.ts +++ b/sdk/nodejs/types/enums/iam/index.ts @@ -1033,7 +1033,11 @@ export const ManagedPolicy = { CloudWatchEventsInvocationAccess: "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess", CloudWatchEventsReadOnlyAccess: "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess", CloudWatchEventsServiceRolePolicy: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy", + /** + * @deprecated This policy is deprecated and will no longer be supported by AWS after December 7, 2023. Use CloudWatchFullAccessV2 instead. + */ CloudWatchFullAccess: "arn:aws:iam::aws:policy/CloudWatchFullAccess", + CloudWatchFullAccessV2: "arn:aws:iam::aws:policy/CloudWatchFullAccessV2", CloudWatchInternetMonitorServiceRolePolicy: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy", CloudWatchLambdaInsightsExecutionRolePolicy: "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", CloudWatchLogsCrossAccountSharingConfiguration: "arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration", diff --git a/sdk/python/pulumi_aws/iam/_enums.py b/sdk/python/pulumi_aws/iam/_enums.py index c088751d3e9..8e47b5ab8eb 100644 --- a/sdk/python/pulumi_aws/iam/_enums.py +++ b/sdk/python/pulumi_aws/iam/_enums.py @@ -969,6 +969,7 @@ class ManagedPolicy(str, Enum): CLOUD_WATCH_EVENTS_READ_ONLY_ACCESS = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess" CLOUD_WATCH_EVENTS_SERVICE_ROLE_POLICY = "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy" CLOUD_WATCH_FULL_ACCESS = "arn:aws:iam::aws:policy/CloudWatchFullAccess" + CLOUD_WATCH_FULL_ACCESS_V2 = "arn:aws:iam::aws:policy/CloudWatchFullAccessV2" CLOUD_WATCH_INTERNET_MONITOR_SERVICE_ROLE_POLICY = "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy" CLOUD_WATCH_LAMBDA_INSIGHTS_EXECUTION_ROLE_POLICY = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" CLOUD_WATCH_LOGS_CROSS_ACCOUNT_SHARING_CONFIGURATION = "arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration"