Which actions are considered high-privilege in Critical Activity Logs for AWS?
{
“high_privilege_actions_in_aws_services”: [
{
“service_name”: “AWS Comprehend”,
“high_privilege_actions”: [
“DeleteDocumentClassifier”,
“DeleteEndpoint”,
“DeleteEntityRecognizer”,
“DeleteResourcePolicy”,
“StopDominantLanguageDetectionJob”,
“StopEntitiesDetectionJob”,
“StopEventsDetectionJob”,
“StopKeyPhrasesDetectionJob”,
“StopPiiEntitiesDetectionJob”,
“StopSentimentDetectionJob”,
“StopTrainingDocumentClassifier”,
“StopTrainingEntityRecognizer”,
“UntagResource”
]
},
{
“service_name”: “AWS EFS Service”,
“high_privilege_actions”: [
“DeleteAccessPoint”,
“DeleteFileSystem”,
“DeleteFileSystemPolicy”,
“DeleteMountTarget”,
“DeleteReplicationConfiguration”,
“DeleteTags”,
“UntagResource”
]
},
{
“service_name”: “AWS Glue Service”,
“high_privilege_actions”: [
“BatchDeleteConnection”,
“BatchDeletePartition”,
“BatchDeleteTable”,
“BatchDeleteTableVersion”,
“BatchStopJobRun”,
“DeleteBlueprint”,
“DeleteClassifier”,
“DeleteColumnStatisticsForPartition”,
“DeleteColumnStatisticsForTable”,
“DeleteConnection”,
“DeleteCrawler”,
“DeleteDatabase”,
“DeleteDevEndpoint”,
“DeleteJob”,
“DeleteMLTransform”,
“DeletePartition”,
“DeletePartitionIndex”,
“DeleteRegistry”,
“DeleteResourcePolicy”,
“DeleteSchema”,
“DeleteSchemaVersions”,
“DeleteSecurityConfiguration”,
“DeleteSession”,
“DeleteTable”,
“DeleteTableVersion”,
“DeleteTrigger”,
“DeleteUserDefinedFunction”,
“DeleteWorkflow”,
“RemoveSchemaVersionMetadata”,
“StopCrawler”,
“StopCrawlerSchedule”,
“StopSession”,
“StopTrigger”,
“StopWorkflowRun”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT Things Graph”,
“high_privilege_actions”: [
“AssociateEntityToThing”,
“DeleteFlowTemplate”,
“DeleteNamespace”,
“DeleteSystemInstance”,
“DeleteSystemTemplate”,
“UntagResource”
]
},
{
“service_name”: “AWS SageMaker Evidently”,
“high_privilege_actions”: [
“DeleteExperiment”,
“DeleteFeature”,
“DeleteLaunch”,
“DeleteProject”,
“StopExperiment”,
“StopLaunch”
]
},
{
“service_name”: “AWS Savings Plans”,
“high_privilege_actions”: [
“DeleteQueuedSavingsPlan”,
“UntagResource”
]
},
{
“service_name”: “AWS SSM Service”,
“high_privilege_actions”: [
“AssociateOpsItemRelatedItem”,
“DeleteActivation”,
“DeleteAssociation”,
“DeleteDocument”,
“DeleteInventory”,
“DeleteMaintenanceWindow”,
“DeleteOpsMetadata”,
“DeleteParameter”,
“DeleteParameters”,
“DeletePatchBaseline”,
“DeleteResourceDataSync”,
“DisassociateOpsItemRelatedItem”,
“RemoveTagsFromResource”,
“StopAutomationExecution”,
“TerminateSession”
]
},
{
“service_name”: “AWS Single Sign-On”,
“high_privilege_actions”: [
“AssociateDirectory”,
“AssociateProfile”,
“DeleteAccountAssignment”,
“DeleteApplicationInstance”,
“DeleteApplicationInstanceCertificate”,
“DeleteInlinePolicyFromPermissionSet”,
“DeleteInstanceAccessControlAttributeConfiguration”,
“DeleteManagedApplicationInstance”,
“DeletePermissionSet”,
“DeletePermissionsPolicy”,
“DeleteProfile”,
“DisassociateDirectory”,
“DisassociateProfile”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT Core”,
“high_privilege_actions”: [
“AssociateTargetsWithJob”,
“CloseTunnel”,
“DeleteAccountAuditConfiguration”,
“DeleteAuditSuppression”,
“DeleteAuthorizer”,
“DeleteBillingGroup”,
“DeleteCACertificate”,
“DeleteCertificate”,
“DeleteCustomMetric”,
“DeleteDimension”,
“DeleteDomainConfiguration”,
“DeleteDynamicThingGroup”,
“DeleteFleetMetric”,
“DeleteJob”,
“DeleteJobExecution”,
“DeleteJobTemplate”,
“DeleteMitigationAction”,
“DeleteOTAUpdate”,
“DeletePolicy”,
“DeletePolicyVersion”,
“DeleteProvisioningTemplate”,
“DeleteProvisioningTemplateVersion”,
“DeleteRegistrationCode”,
“DeleteRoleAlias”,
“DeleteScheduledAudit”,
“DeleteSecurityProfile”,
“DeleteStream”,
“DeleteThing”,
“DeleteThingGroup”,
“DeleteThingShadow”,
“DeleteThingType”,
“DeleteTopicRule”,
“DeleteTopicRuleDestination”,
“DeleteV2LoggingLevel”,
“DisableTopicRule”,
“RemoveThingFromBillingGroup”,
“RemoveThingFromThingGroup”,
“StopThingRegistrationTask”,
“UntagResource”
]
},
{
“service_name”: “AWS MGH”,
“high_privilege_actions”: [
“AssociateCreatedArtifact”,
“AssociateDiscoveredResource”,
“DeleteProgressUpdateStream”,
“DisassociateCreatedArtifact”,
“DisassociateDiscoveredResource”
]
},
{
“service_name”: “AWS Fault Injection Simulator”,
“high_privilege_actions”: [
“DeleteExperimentTemplate”,
“StopExperiment”,
“UntagResource”
]
},
{
“service_name”: “AWS Lambda Service”,
“high_privilege_actions”: [
“DeleteAlias”,
“DeleteCodeSigningConfig”,
“DeleteEventSourceMapping”,
“DeleteFunction”,
“DeleteFunctionCodeSigningConfig”,
“DeleteFunctionConcurrency”,
“DeleteFunctionEventInvokeConfig”,
“DeleteLayerVersion”,
“DeleteProvisionedConcurrencyConfig”,
“DisableReplication”,
“RemoveLayerVersionPermission”,
“RemovePermission”,
“UntagResource”
]
},
{
“service_name”: “AWS Application Migration Service”,
“high_privilege_actions”: [
“BatchDeleteSnapshotRequestForMgn”,
“DeleteJob”,
“DeleteReplicationConfigurationTemplate”,
“DeleteSourceServer”,
“DeleteVcenterClient”,
“TerminateTargetInstances”,
“UntagResource”
]
},
{
“service_name”: “AWS Data Exchange”,
“high_privilege_actions”: [
“DeleteAsset”,
“DeleteDataSet”,
“DeleteEventAction”,
“DeleteRevision”,
“UntagResource”
]
},
{
“service_name”: “AWS Machine Learning”,
“high_privilege_actions”: [
“DeleteBatchPrediction”,
“DeleteDataSource”,
“DeleteEvaluation”,
“DeleteMLModel”,
“DeleteRealtimeEndpoint”,
“DeleteTags”
]
},
{
“service_name”: “AWS Audit Manager”,
“high_privilege_actions”: [
“AssociateAssessmentReportEvidenceFolder”,
“BatchAssociateAssessmentReportEvidence”,
“BatchDeleteDelegationByAssessment”,
“BatchDisassociateAssessmentReportEvidence”,
“DeleteAssessment”,
“DeleteAssessmentFramework”,
“DeleteAssessmentFrameworkShare”,
“DeleteAssessmentReport”,
“DeleteControl”,
“DisassociateAssessmentReportEvidenceFolder”,
“UntagResource”
]
},
{
“service_name”: “AWS GuardDuty”,
“high_privilege_actions”: [
“DeleteDetector”,
“DeleteFilter”,
“DeleteIPSet”,
“DeleteInvitations”,
“DeleteMembers”,
“DeletePublishingDestination”,
“DeleteThreatIntelSet”,
“DisableOrganizationAdminAccount”,
“DisassociateFromMasterAccount”,
“DisassociateMembers”,
“StopMonitoringMembers”,
“UntagResource”
]
},
{
“service_name”: “AWS EventBridge Service”,
“high_privilege_actions”: [
“DeleteApiDestination”,
“DeleteArchive”,
“DeleteConnection”,
“DeleteEventBus”,
“DeletePartnerEventSource”,
“DeleteRule”,
“DisableRule”,
“RemovePermission”,
“RemoveTargets”,
“UntagResource”
]
},
{
“service_name”: “AWS Lex”,
“high_privilege_actions”: [
“DeleteBot”,
“DeleteBotAlias”,
“DeleteBotChannel”,
“DeleteBotLocale”,
“DeleteBotVersion”,
“DeleteCustomVocabulary”,
“DeleteExport”,
“DeleteImport”,
“DeleteIntent”,
“DeleteResourcePolicy”,
“DeleteSession”,
“DeleteSlot”,
“DeleteSlotType”,
“DeleteUtterances”,
“SearchAssociatedTranscripts”,
“UntagResource”,
“DeleteBot”,
“DeleteBotAlias”,
“DeleteBotChannelAssociation”,
“DeleteBotVersion”,
“DeleteIntent”,
“DeleteIntentVersion”,
“DeleteSession”,
“DeleteSlotType”,
“DeleteSlotTypeVersion”,
“DeleteUtterances”,
“UntagResource”
]
},
{
“service_name”: “AWS Proton”,
“high_privilege_actions”: [
“DeleteAccountRoles”,
“DeleteEnvironment”,
“DeleteEnvironmentAccountConnection”,
“DeleteEnvironmentTemplate”,
“DeleteEnvironmentTemplateMajorVersion”,
“DeleteEnvironmentTemplateMinorVersion”,
“DeleteEnvironmentTemplateVersion”,
“DeleteRepository”,
“DeleteService”,
“DeleteServiceTemplate”,
“DeleteServiceTemplateMajorVersion”,
“DeleteServiceTemplateMinorVersion”,
“DeleteServiceTemplateVersion”,
“DeleteTemplateSyncConfig”,
“UntagResource”
]
},
{
“service_name”: “AWS Resource Access Manager”,
“high_privilege_actions”: [
“AssociateResourceShare”,
“AssociateResourceSharePermission”,
“DeleteResourceShare”,
“DisassociateResourceShare”,
“DisassociateResourceSharePermission”,
“UntagResource”
]
},
{
“service_name”: “AWS MediaConnect”,
“high_privilege_actions”: [
“DeleteFlow”,
“RemoveFlowMediaStream”,
“RemoveFlowOutput”,
“RemoveFlowSource”,
“RemoveFlowVpcInterface”,
“RevokeFlowEntitlement”,
“StopFlow”,
“UntagResource”
]
},
{
“service_name”: “AWS S3 Service”,
“high_privilege_actions”: [
“BypassGovernanceRetention”,
“DeleteAccessPoint”,
“DeleteAccessPointForObjectLambda”,
“DeleteAccessPointPolicy”,
“DeleteAccessPointPolicyForObjectLambda”,
“DeleteBucket”,
“DeleteBucketPolicy”,
“DeleteBucketWebsite”,
“DeleteJobTagging”,
“DeleteMultiRegionAccessPoint”,
“DeleteObject”,
“DeleteObjectTagging”,
“DeleteObjectVersion”,
“DeleteObjectVersionTagging”,
“DeleteStorageLensConfiguration”,
“DeleteStorageLensConfigurationTagging”,
“ReplicateDelete”
]
},
{
“service_name”: “AWS SageMaker Service”,
“high_privilege_actions”: [
“AssociateTrialComponent”,
“DeleteAction”,
“DeleteAlgorithm”,
“DeleteApp”,
“DeleteAppImageConfig”,
“DeleteArtifact”,
“DeleteAssociation”,
“DeleteCodeRepository”,
“DeleteContext”,
“DeleteDataQualityJobDefinition”,
“DeleteDeviceFleet”,
“DeleteDomain”,
“DeleteEndpoint”,
“DeleteEndpointConfig”,
“DeleteExperiment”,
“DeleteFeatureGroup”,
“DeleteFlowDefinition”,
“DeleteHumanLoop”,
“DeleteHumanTaskUi”,
“DeleteImage”,
“DeleteImageVersion”,
“DeleteLineageGroupPolicy”,
“DeleteModel”,
“DeleteModelBiasJobDefinition”,
“DeleteModelExplainabilityJobDefinition”,
“DeleteModelPackage”,
“DeleteModelPackageGroup”,
“DeleteModelPackageGroupPolicy”,
“DeleteModelQualityJobDefinition”,
“DeleteMonitoringSchedule”,
“DeleteNotebookInstance”,
“DeleteNotebookInstanceLifecycleConfig”,
“DeletePipeline”,
“DeleteProject”,
“DeleteRecord”,
“DeleteTags”,
“DeleteTrial”,
“DeleteTrialComponent”,
“DeleteUserProfile”,
“DeleteWorkforce”,
“DeleteWorkteam”,
“DisableSagemakerServicecatalogPortfolio”,
“DisassociateTrialComponent”,
“StopAutoMLJob”,
“StopCompilationJob”,
“StopEdgePackagingJob”,
“StopHumanLoop”,
“StopHyperParameterTuningJob”,
“StopInferenceRecommendationsJob”,
“StopLabelingJob”,
“StopMonitoringSchedule”,
“StopNotebookInstance”,
“StopPipelineExecution”,
“StopProcessingJob”,
“StopTrainingJob”,
“StopTransformJob”
]
},
{
“service_name”: “AWS Lake Formation”,
“high_privilege_actions”: [
“BatchRevokePermissions”,
“DeleteDataCellsFilter”,
“DeleteLFTag”,
“DeleteObjectsOnCancel”,
“RemoveLFTagsFromResource”,
“RevokePermissions”
]
},
{
“service_name”: “AWS Prometheus Service”,
“high_privilege_actions”: [
“DeleteAlertManagerDefinition”,
“DeleteAlertManagerSilence”,
“DeleteRuleGroupsNamespace”,
“DeleteWorkspace”,
“UntagResource”
]
},
{
“service_name”: “AWS Mobile Hub”,
“high_privilege_actions”: [
“DeleteProject”,
“DeleteProjectSnapshot”
]
},
{
“service_name”: “AWS Global Accelerator”,
“high_privilege_actions”: [
“DeleteAccelerator”,
“DeleteCustomRoutingAccelerator”,
“DeleteCustomRoutingEndpointGroup”,
“DeleteCustomRoutingListener”,
“DeleteEndpointGroup”,
“DeleteListener”,
“RemoveCustomRoutingEndpoints”,
“UntagResource”,
“WithdrawByoipCidr”
]
},
{
“service_name”: “AWS Pinpoint Profiles”,
“high_privilege_actions”: [
“DeleteDomain”,
“DeleteIntegration”,
“DeleteProfile”,
“DeleteProfileKey”,
“DeleteProfileObject”,
“DeleteProfileObjectType”,
“UntagResource”
]
},
{
“service_name”: “AWS Serverless Application Repository Service”,
“high_privilege_actions”: [
“DeleteApplication”
]
},
{
“service_name”: “AWS Forecast”,
“high_privilege_actions”: [
“DeleteDataset”,
“DeleteDatasetGroup”,
“DeleteDatasetImportJob”,
“DeleteExplainability”,
“DeleteExplainabilityExport”,
“DeleteForecast”,
“DeleteForecastExportJob”,
“DeletePredictor”,
“DeletePredictorBacktestExportJob”,
“DeleteResourceTree”,
“StopResource”,
“UntagResource”
]
},
{
“service_name”: “AWS Cloud Directory”,
“high_privilege_actions”: [
“DeleteDirectory”,
“DeleteFacet”,
“DeleteObject”,
“DeleteSchema”,
“DeleteTypedLinkFacet”,
“DisableDirectory”,
“RemoveFacetFromObject”,
“UntagResource”
]
},
{
“service_name”: “AWS MediaTailor”,
“high_privilege_actions”: [
“DeleteChannel”,
“DeleteChannelPolicy”,
“DeletePlaybackConfiguration”,
“DeleteProgram”,
“DeleteSourceLocation”,
“DeleteVodSource”,
“StopChannel”,
“UntagResource”
]
},
{
“service_name”: “AWS Route53 Service”,
“high_privilege_actions”: [
“AssociateVPCWithHostedZone”,
“DeleteHealthCheck”,
“DeleteHostedZone”,
“DeleteKeySigningKey”,
“DeleteQueryLoggingConfig”,
“DeleteReusableDelegationSet”,
“DeleteTrafficPolicy”,
“DeleteTrafficPolicyInstance”,
“DeleteVPCAssociationAuthorization”,
“DisableHostedZoneDNSSEC”,
“DisassociateVPCFromHostedZone”
]
},
{
“service_name”: “AWS SimpleDB”,
“high_privilege_actions”: [
“BatchDeleteAttributes”,
“DeleteAttributes”,
“DeleteDomain”
]
},
{
“service_name”: “AWS Elemental MediaPackage”,
“high_privilege_actions”: [
“DeleteChannel”,
“DeleteOriginEndpoint”,
“UntagResource”
]
},
{
“service_name”: “AWS Keyspaces (for Apache Cassandra)”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS Resilience Hub”,
“high_privilege_actions”: [
“DeleteApp”,
“DeleteAppAssessment”,
“DeleteRecommendationTemplate”,
“DeleteResiliencyPolicy”,
“RemoveDraftAppVersionResourceMappings”,
“UntagResource”
]
},
{
“service_name”: “AWS Athena Service”,
“high_privilege_actions”: [
“DeleteDataCatalog”,
“DeleteNamedQuery”,
“DeletePreparedStatement”,
“DeleteWorkGroup”,
“StopQueryExecution”,
“UntagResource”
]
},
{
“service_name”: “AWS Marketplace”,
“high_privilege_actions”: [
“AssociateProductsWithPrivateMarketplace”,
“DisassociateProductsFromPrivateMarketplace”
]
},
{
“service_name”: “AWS Pinpoint”,
“high_privilege_actions”: [
“DeleteAdmChannel”,
“DeleteApnsChannel”,
“DeleteApnsSandboxChannel”,
“DeleteApnsVoipChannel”,
“DeleteApnsVoipSandboxChannel”,
“DeleteApp”,
“DeleteBaiduChannel”,
“DeleteCampaign”,
“DeleteEmailChannel”,
“DeleteEmailTemplate”,
“DeleteEndpoint”,
“DeleteEventStream”,
“DeleteGcmChannel”,
“DeleteJourney”,
“DeletePushTemplate”,
“DeleteRecommenderConfiguration”,
“DeleteSegment”,
“DeleteSmsChannel”,
“DeleteSmsTemplate”,
“DeleteUserEndpoints”,
“DeleteVoiceChannel”,
“DeleteVoiceTemplate”,
“RemoveAttributes”,
“UntagResource”
]
},
{
“service_name”: “AWS Auto Scaling Plans”,
“high_privilege_actions”: [
“DeleteScalingPlan”
]
},
{
“service_name”: “AWS Cost and Usage Report”,
“high_privilege_actions”: [
“DeleteReportDefinition”
]
},
{
“service_name”: “AWS Route 53 Domains”,
“high_privilege_actions”: [
“DeleteDomain”,
“DeleteTagsForDomain”,
“DisableDomainAutoRenew”,
“DisableDomainTransferLock”
]
},
{
“service_name”: “AWS OpsWorks”,
“high_privilege_actions”: [
“AssociateElasticIp”,
“DeleteApp”,
“DeleteInstance”,
“DeleteLayer”,
“DeleteStack”,
“DeleteUserProfile”,
“DisassociateElasticIp”,
“RebootInstance”,
“StopInstance”,
“StopStack”,
“UntagResource”
]
},
{
“service_name”: “AWS FreeRTOS”,
“high_privilege_actions”: [
“DeleteSoftwareConfiguration”
]
},
{
“service_name”: “AWS CodeDeploy”,
“high_privilege_actions”: [
“DeleteApplication”,
“DeleteDeploymentConfig”,
“DeleteDeploymentGroup”,
“DeleteGitHubAccountToken”,
“DeleteResourcesByExternalId”,
“RemoveTagsFromOnPremisesInstances”,
“StopDeployment”,
“UntagResource”
]
},
{
“service_name”: “AWS IAM Service”,
“high_privilege_actions”: [
“DeleteAccessKey”,
“DeleteAccountAlias”,
“DeleteAccountPasswordPolicy”,
“DeleteGroup”,
“DeleteGroupPolicy”,
“DeleteInstanceProfile”,
“DeleteLoginProfile”,
“DeleteOpenIDConnectProvider”,
“DeletePolicy”,
“DeletePolicyVersion”,
“DeleteRole”,
“DeleteRolePermissionsBoundary”,
“DeleteRolePolicy”,
“DeleteSAMLProvider”,
“DeleteSSHPublicKey”,
“DeleteServerCertificate”,
“DeleteServiceLinkedRole”,
“DeleteServiceSpecificCredential”,
“DeleteSigningCertificate”,
“DeleteUser”,
“DeleteUserPermissionsBoundary”,
“DeleteUserPolicy”,
“DeleteVirtualMFADevice”,
“RemoveClientIDFromOpenIDConnectProvider”,
“RemoveRoleFromInstanceProfile”,
“RemoveUserFromGroup”,
“UntagInstanceProfile”,
“UntagMFADevice”,
“UntagOpenIDConnectProvider”,
“UntagPolicy”,
“UntagRole”,
“UntagSAMLProvider”,
“UntagServerCertificate”,
“UntagUser”
]
},
{
“service_name”: “AWS Route 53 Resolver”,
“high_privilege_actions”: [
“AssociateFirewallRuleGroup”,
“AssociateResolverEndpointIpAddress”,
“AssociateResolverQueryLogConfig”,
“AssociateResolverRule”,
“DeleteFirewallDomainList”,
“DeleteFirewallRule”,
“DeleteFirewallRuleGroup”,
“DeleteResolverEndpoint”,
“DeleteResolverQueryLogConfig”,
“DeleteResolverRule”,
“DisassociateFirewallRuleGroup”,
“DisassociateResolverEndpointIpAddress”,
“DisassociateResolverQueryLogConfig”,
“DisassociateResolverRule”,
“UntagResource”
]
},
{
“service_name”: “AWS WorkMail”,
“high_privilege_actions”: [
“AssociateDelegateToResource”,
“AssociateMemberToGroup”,
“DeleteAccessControlRule”,
“DeleteAlias”,
“DeleteEmailMonitoringConfiguration”,
“DeleteGroup”,
“DeleteInboundMailFlowRule”,
“DeleteMailDomain”,
“DeleteMailboxPermissions”,
“DeleteMobileDevice”,
“DeleteMobileDeviceAccessOverride”,
“DeleteMobileDeviceAccessRule”,
“DeleteOrganization”,
“DeleteOutboundMailFlowRule”,
“DeleteResource”,
“DeleteRetentionPolicy”,
“DeleteSmtpGateway”,
“DeleteUser”,
“DisableMailGroups”,
“DisableMailUsers”,
“DisassociateDelegateFromResource”,
“DisassociateMemberFromGroup”,
“RemoveMembersFromGroup”,
“UntagResource”
]
},
{
“service_name”: “AWS Route 53 Recovery Readiness”,
“high_privilege_actions”: [
“DeleteCell”,
“DeleteCrossAccountAuthorization”,
“DeleteReadinessCheck”,
“DeleteRecoveryGroup”,
“DeleteResourceSet”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeBuild Service”,
“high_privilege_actions”: [
“BatchDeleteBuilds”,
“DeleteBuildBatch”,
“DeleteOAuthToken”,
“DeleteProject”,
“DeleteReport”,
“DeleteReportGroup”,
“DeleteResourcePolicy”,
“DeleteSourceCredentials”,
“DeleteWebhook”,
“StopBuild”,
“StopBuildBatch”
]
},
{
“service_name”: “AWS IoT Analytics”,
“high_privilege_actions”: [
“DeleteChannel”,
“DeleteDataset”,
“DeleteDatasetContent”,
“DeleteDatastore”,
“DeletePipeline”,
“UntagResource”
]
},
{
“service_name”: “AWS Connect”,
“high_privilege_actions”: [
“AssociateApprovedOrigin”,
“AssociateBot”,
“AssociateCustomerProfilesDomain”,
“AssociateDefaultVocabulary”,
“AssociateInstanceStorageConfig”,
“AssociateLambdaFunction”,
“AssociateLexBot”,
“AssociateQueueQuickConnects”,
“AssociateRoutingProfileQueues”,
“AssociateSecurityKey”,
“DeleteContactFlow”,
“DeleteContactFlowModule”,
“DeleteHoursOfOperation”,
“DeleteInstance”,
“DeleteIntegrationAssociation”,
“DeleteQuickConnect”,
“DeleteSecurityProfile”,
“DeleteUseCase”,
“DeleteUser”,
“DeleteUserHierarchyGroup”,
“DeleteVocabulary”,
“DisassociateApprovedOrigin”,
“DisassociateBot”,
“DisassociateCustomerProfilesDomain”,
“DisassociateInstanceStorageConfig”,
“DisassociateLambdaFunction”,
“DisassociateLexBot”,
“DisassociateQueueQuickConnects”,
“DisassociateRoutingProfileQueues”,
“DisassociateSecurityKey”,
“StopContact”,
“StopContactRecording”,
“SuspendContactRecording”,
“UntagResource”
]
},
{
“service_name”: “AWS SES Service”,
“high_privilege_actions”: [
“DeleteConfigurationSet”,
“DeleteConfigurationSetEventDestination”,
“DeleteDedicatedIpPool”,
“DeleteEmailIdentity”,
“UntagResource”,
“DeleteConfigurationSet”,
“DeleteConfigurationSetEventDestination”,
“DeleteContact”,
“DeleteContactList”,
“DeleteCustomVerificationEmailTemplate”,
“DeleteDedicatedIpPool”,
“DeleteEmailIdentity”,
“DeleteEmailIdentityPolicy”,
“DeleteEmailTemplate”,
“DeleteSuppressedDestination”,
“UntagResource”,
“DeleteConfigurationSet”,
“DeleteConfigurationSetEventDestination”,
“DeleteConfigurationSetTrackingOptions”,
“DeleteCustomVerificationEmailTemplate”,
“DeleteIdentity”,
“DeleteIdentityPolicy”,
“DeleteReceiptFilter”,
“DeleteReceiptRule”,
“DeleteReceiptRuleSet”,
“DeleteTemplate”,
“DeleteVerifiedEmailAddress”
]
},
{
“service_name”: “AWS Cost Explorer”,
“high_privilege_actions”: [
“DeleteAnomalyMonitor”,
“DeleteAnomalySubscription”,
“DeleteCostCategoryDefinition”,
“DeleteNotificationSubscription”,
“DeleteReport”
]
},
{
“service_name”: “AWS Amplify Backend”,
“high_privilege_actions”: [
“DeleteBackend”,
“DeleteBackendAPI”,
“DeleteBackendAuth”,
“DeleteToken”,
“RemoveAllBackends”,
“RemoveBackendConfig”
]
},
{
“service_name”: “AWS CloudWatch Synthetics”,
“high_privilege_actions”: [
“DeleteCanary”,
“StopCanary”,
“UntagResource”
]
},
{
“service_name”: “AWS Elastic Inference”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS Application Cost Profiler”,
“high_privilege_actions”: [
“DeleteReportDefinition”
]
},
{
“service_name”: “AWS Refactor Spaces”,
“high_privilege_actions”: [
“DeleteApplication”,
“DeleteEnvironment”,
“DeleteResourcePolicy”,
“DeleteRoute”,
“DeleteService”,
“UntagResource”
]
},
{
“service_name”: “AWS DeepLens”,
“high_privilege_actions”: [
“AssociateServiceRoleToAccount”,
“DeleteModel”,
“DeleteProject”,
“RemoveProject”
]
},
{
“service_name”: “SQL Workbench”,
“high_privilege_actions”: [
“AssociateConnectionWithChart”,
“AssociateConnectionWithTab”,
“AssociateQueryWithTab”,
“BatchDeleteFolder”,
“DeleteChart”,
“DeleteConnection”,
“DeleteSavedQuery”,
“DeleteTab”,
“UntagResource”
]
},
{
“service_name”: “AWS Inspector 2”,
“high_privilege_actions”: [
“AssociateMember”,
“DeleteFilter”,
“Disable”,
“DisableDelegatedAdminAccount”,
“DisassociateMember”,
“UntagResource”
]
},
{
“service_name”: “AWS Single Sign-On Directory”,
“high_privilege_actions”: [
“DeleteBearerToken”,
“DeleteExternalIdPCertificate”,
“DeleteExternalIdPConfigurationForDirectory”,
“DeleteGroup”,
“DeleteMfaDeviceForUser”,
“DeleteProvisioningTenant”,
“DeleteUser”,
“DisableExternalIdPConfigurationForDirectory”,
“DisableUser”,
“RemoveMemberFromGroup”
]
},
{
“service_name”: “AWS AppFlow”,
“high_privilege_actions”: [
“DeleteConnectorProfile”,
“DeleteFlow”,
“StopFlow”,
“UntagResource”
]
},
{
“service_name”: “AWS Config Service”,
“high_privilege_actions”: [
“DeleteAggregationAuthorization”,
“DeleteConfigRule”,
“DeleteConfigurationAggregator”,
“DeleteConfigurationRecorder”,
“DeleteConformancePack”,
“DeleteDeliveryChannel”,
“DeleteEvaluationResults”,
“DeleteOrganizationConfigRule”,
“DeleteOrganizationConformancePack”,
“DeletePendingAggregationRequest”,
“DeleteRemediationConfiguration”,
“DeleteRemediationExceptions”,
“DeleteResourceConfig”,
“DeleteRetentionConfiguration”,
“DeleteStoredQuery”,
“StopConfigurationRecorder”,
“UntagResource”
]
},
{
“service_name”: “AWS RDS Service”,
“high_privilege_actions”: [
“DeleteCustomAvailabilityZone”,
“DeleteCustomDBEngineVersion”,
“DeleteDBCluster”,
“DeleteDBClusterEndpoint”,
“DeleteDBClusterParameterGroup”,
“DeleteDBClusterSnapshot”,
“DeleteDBInstance”,
“DeleteDBInstanceAutomatedBackup”,
“DeleteDBParameterGroup”,
“DeleteDBProxy”,
“DeleteDBProxyEndpoint”,
“DeleteDBSecurityGroup”,
“DeleteDBSnapshot”,
“DeleteDBSubnetGroup”,
“DeleteEventSubscription”,
“DeleteGlobalCluster”,
“DeleteInstallationMedia”,
“DeleteOptionGroup”,
“RebootDBCluster”,
“RebootDBInstance”,
“RemoveFromGlobalCluster”,
“RemoveRoleFromDBCluster”,
“RemoveRoleFromDBInstance”,
“RemoveSourceIdentifierFromSubscription”,
“RemoveTagsFromResource”,
“RevokeDBSecurityGroupIngress”,
“StopActivityStream”,
“StopDBCluster”,
“StopDBInstance”,
“StopDBInstanceAutomatedBackupsReplication”
]
},
{
“service_name”: “AWS Simple Workflow Service”,
“high_privilege_actions”: [
“CountClosedWorkflowExecutions”,
“TerminateWorkflowExecution”,
“UntagResource”
]
},
{
“service_name”: “AWS Macie”,
“high_privilege_actions”: [
“AssociateMemberAccount”,
“AssociateS3Resources”,
“DisassociateMemberAccount”,
“DisassociateS3Resources”,
“DeleteCustomDataIdentifier”,
“DeleteFindingsFilter”,
“DeleteInvitations”,
“DeleteMember”,
“DisableMacie”,
“DisableOrganizationAdminAccount”,
“DisassociateFromAdministratorAccount”,
“DisassociateFromMasterAccount”,
“DisassociateMember”,
“UntagResource”
]
},
{
“service_name”: “AWS AppSync”,
“high_privilege_actions”: [
“AssociateApi”,
“DeleteApiCache”,
“DeleteApiKey”,
“DeleteDataSource”,
“DeleteDomainName”,
“DeleteFunction”,
“DeleteGraphqlApi”,
“DeleteResolver”,
“DeleteType”,
“DisassociateApi”,
“UntagResource”
]
},
{
“service_name”: “AWS ACM Service”,
“high_privilege_actions”: [
“DeleteCertificate”,
“RemoveTagsFromCertificate”
]
},
{
“service_name”: “AWS Systems Manager Incidents”,
“high_privilege_actions”: [
“DeleteIncidentRecord”,
“DeleteReplicationSet”,
“DeleteResourcePolicy”,
“DeleteResponsePlan”,
“DeleteTimelineEvent”,
“UntagResource”
]
},
{
“service_name”: “AWS X-Ray”,
“high_privilege_actions”: [
“DeleteGroup”,
“DeleteSamplingRule”,
“UntagResource”
]
},
{
“service_name”: “AWS RUM (Real User Monitoring)”,
“high_privilege_actions”: [
“DeleteAppMonitor”,
“UntagResource”
]
},
{
“service_name”: “AWS CloudFront Service”,
“high_privilege_actions”: [
“AssociateAlias”,
“DeleteCachePolicy”,
“DeleteCloudFrontOriginAccessIdentity”,
“DeleteDistribution”,
“DeleteFieldLevelEncryptionConfig”,
“DeleteFieldLevelEncryptionProfile”,
“DeleteFunction”,
“DeleteKeyGroup”,
“DeleteMonitoringSubscription”,
“DeleteOriginRequestPolicy”,
“DeletePublicKey”,
“DeleteRealtimeLogConfig”,
“DeleteResponseHeadersPolicy”,
“DeleteStreamingDistribution”,
“UntagResource”
]
},
{
“service_name”: “AWS EKS Service”,
“high_privilege_actions”: [
“AssociateEncryptionConfig”,
“AssociateIdentityProviderConfig”,
“DeleteAddon”,
“DeleteCluster”,
“DeleteFargateProfile”,
“DeleteNodegroup”,
“DisassociateIdentityProviderConfig”,
“UntagResource”
]
},
{
“service_name”: “AWS Firewall Manager”,
“high_privilege_actions”: [
“AssociateAdminAccount”,
“DeleteAppsList”,
“DeleteNotificationChannel”,
“DeletePolicy”,
“DeleteProtocolsList”,
“DisassociateAdminAccount”,
“UntagResource”
]
},
{
“service_name”: “AWS Kinesis Service”,
“high_privilege_actions”: [
“DeleteStream”,
“DisableEnhancedMonitoring”,
“RemoveTagsFromStream”,
“StopStreamEncryption”
]
},
{
“service_name”: “AWS Directory Service”,
“high_privilege_actions”: [
“DeleteConditionalForwarder”,
“DeleteDirectory”,
“DeleteLogSubscription”,
“DeleteSnapshot”,
“DeleteTrust”,
“DisableClientAuthentication”,
“DisableLDAPS”,
“DisableRadius”,
“DisableSso”,
“RemoveIpRoutes”,
“RemoveRegion”,
“RemoveTagsFromResource”
]
},
{
“service_name”: “AWS IoT SiteWise”,
“high_privilege_actions”: [
“AssociateAssets”,
“AssociateTimeSeriesToAssetProperty”,
“BatchAssociateProjectAssets”,
“BatchDisassociateProjectAssets”,
“DeleteAccessPolicy”,
“DeleteAsset”,
“DeleteAssetModel”,
“DeleteDashboard”,
“DeleteGateway”,
“DeletePortal”,
“DeleteProject”,
“DeleteTimeSeries”,
“DisassociateAssets”,
“DisassociateTimeSeriesFromAssetProperty”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeStar Notifications”,
“high_privilege_actions”: [
“DeleteNotificationRule”,
“DeleteTarget”,
“UntagResource”
]
},
{
“service_name”: “AWS Fraud Detector”,
“high_privilege_actions”: [
“DeleteBatchImportJob”,
“DeleteBatchPredictionJob”,
“DeleteDetector”,
“DeleteDetectorVersion”,
“DeleteEntityType”,
“DeleteEvent”,
“DeleteEventType”,
“DeleteEventsByEventType”,
“DeleteExternalModel”,
“DeleteLabel”,
“DeleteModel”,
“DeleteModelVersion”,
“DeleteOutcome”,
“DeleteRule”,
“DeleteVariable”,
“UntagResource”
]
},
{
“service_name”: “AWS WorkLink”,
“high_privilege_actions”: [
“AssociateDomain”,
“AssociateWebsiteAuthorizationProvider”,
“AssociateWebsiteCertificateAuthority”,
“DeleteFleet”,
“DisassociateDomain”,
“DisassociateWebsiteAuthorizationProvider”,
“DisassociateWebsiteCertificateAuthority”,
“RevokeDomainAccess”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeStar Connections”,
“high_privilege_actions”: [
“DeleteConnection”,
“DeleteHost”,
“UntagResource”
]
},
{
“service_name”: “AWS WorkSpaces”,
“high_privilege_actions”: [
“AssociateConnectionAlias”,
“AssociateIpGroups”,
“DeleteConnectionAlias”,
“DeleteIpGroup”,
“DeleteTags”,
“DeleteWorkspaceBundle”,
“DeleteWorkspaceImage”,
“DisassociateConnectionAlias”,
“DisassociateIpGroups”,
“RebootWorkspaces”,
“RevokeIpRules”,
“StopWorkspaces”,
“TerminateWorkspaces”
]
},
{
“service_name”: “AWS Lookout for Vision”,
“high_privilege_actions”: [
“DeleteDataset”,
“DeleteModel”,
“DeleteProject”,
“StopModel”,
“UntagResource”
]
},
{
“service_name”: “AWS Chime”,
“high_privilege_actions”: [
“AssociateChannelFlow”,
“AssociatePhoneNumberWithUser”,
“AssociatePhoneNumbersWithVoiceConnector”,
“AssociatePhoneNumbersWithVoiceConnectorGroup”,
“AssociateSigninDelegateGroupsWithAccount”,
“BatchDeletePhoneNumber”,
“BatchSuspendUser”,
“BatchUnsuspendUser”,
“DeleteAccount”,
“DeleteAccountOpenIdConfig”,
“DeleteApiKey”,
“DeleteAppInstance”,
“DeleteAppInstanceAdmin”,
“DeleteAppInstanceStreamingConfigurations”,
“DeleteAppInstanceUser”,
“DeleteAttendee”,
“DeleteCDRBucket”,
“DeleteChannel”,
“DeleteChannelBan”,
“DeleteChannelFlow”,
“DeleteChannelMembership”,
“DeleteChannelMessage”,
“DeleteChannelModerator”,
“DeleteDelegate”,
“DeleteDomain”,
“DeleteEventsConfiguration”,
“DeleteGroups”,
“DeleteMediaCapturePipeline”,
“DeleteMeeting”,
“DeletePhoneNumber”,
“DeleteProxySession”,
“DeleteRoom”,
“DeleteRoomMembership”,
“DeleteSipMediaApplication”,
“DeleteSipRule”,
“DeleteVoiceConnector”,
“DeleteVoiceConnectorEmergencyCallingConfiguration”,
“DeleteVoiceConnectorGroup”,
“DeleteVoiceConnectorOrigination”,
“DeleteVoiceConnectorProxy”,
“DeleteVoiceConnectorStreamingConfiguration”,
“DeleteVoiceConnectorTermination”,
“DeleteVoiceConnectorTerminationCredentials”,
“DisassociateChannelFlow”,
“DisassociatePhoneNumberFromUser”,
“DisassociatePhoneNumbersFromVoiceConnector”,
“DisassociatePhoneNumbersFromVoiceConnectorGroup”,
“DisassociateSigninDelegateGroupsFromAccount”,
“StopMeetingTranscription”,
“SuspendUsers”,
“UntagAttendee”,
“UntagMeeting”,
“UntagResource”
]
},
{
“service_name”: “AWS ElastiCache”,
“high_privilege_actions”: [
“BatchStopUpdateAction”,
“DeleteCacheCluster”,
“DeleteCacheParameterGroup”,
“DeleteCacheSecurityGroup”,
“DeleteCacheSubnetGroup”,
“DeleteGlobalReplicationGroup”,
“DeleteReplicationGroup”,
“DeleteSnapshot”,
“DeleteUser”,
“DeleteUserGroup”,
“DisassociateGlobalReplicationGroup”,
“RebootCacheCluster”,
“RemoveTagsFromResource”,
“RevokeCacheSecurityGroupIngress”
]
},
{
“service_name”: “AWS IoT Wireless”,
“high_privilege_actions”: [
“AssociateAwsAccountWithPartnerAccount”,
“AssociateMulticastGroupWithFuotaTask”,
“AssociateWirelessDeviceWithFuotaTask”,
“AssociateWirelessDeviceWithMulticastGroup”,
“AssociateWirelessDeviceWithThing”,
“AssociateWirelessGatewayWithCertificate”,
“AssociateWirelessGatewayWithThing”,
“DeleteDestination”,
“DeleteDeviceProfile”,
“DeleteFuotaTask”,
“DeleteMulticastGroup”,
“DeleteQueuedMessages”,
“DeleteServiceProfile”,
“DeleteWirelessDevice”,
“DeleteWirelessGateway”,
“DeleteWirelessGatewayTask”,
“DeleteWirelessGatewayTaskDefinition”,
“DisassociateAwsAccountFromPartnerAccount”,
“DisassociateMulticastGroupFromFuotaTask”,
“DisassociateWirelessDeviceFromFuotaTask”,
“DisassociateWirelessDeviceFromMulticastGroup”,
“DisassociateWirelessDeviceFromThing”,
“DisassociateWirelessGatewayFromCertificate”,
“DisassociateWirelessGatewayFromThing”,
“StartBulkAssociateWirelessDeviceWithMulticastGroup”,
“StartBulkDisassociateWirelessDeviceFromMulticastGroup”,
“UntagResource”
]
},
{
“service_name”: “AWS Firehose Service”,
“high_privilege_actions”: [
“DeleteDeliveryStream”,
“StopDeliveryStreamEncryption”,
“UntagDeliveryStream”
]
},
{
“service_name”: “AWS Mechanical Turk”,
“high_privilege_actions”: [
“AssociateQualificationWithWorker”,
“DeleteHIT”,
“DeleteQualificationType”,
“DeleteWorkerBlock”,
“DisassociateQualificationFromWorker”
]
},
{
“service_name”: “AWS StorageGateway Service”,
“high_privilege_actions”: [
“AssociateFileSystem”,
“BypassGovernanceRetention”,
“DeleteAutomaticTapeCreationPolicy”,
“DeleteBandwidthRateLimit”,
“DeleteChapCredentials”,
“DeleteFileShare”,
“DeleteGateway”,
“DeleteSnapshotSchedule”,
“DeleteTape”,
“DeleteTapeArchive”,
“DeleteTapePool”,
“DeleteVolume”,
“DisableGateway”,
“DisassociateFileSystem”,
“RemoveTagsFromResource”
]
},
{
“service_name”: “AWS EMR”,
“high_privilege_actions”: [
“DeleteEditor”,
“DeleteRepository”,
“DeleteSecurityConfiguration”,
“DeleteStudio”,
“DeleteStudioSessionMapping”,
“RemoveAutoScalingPolicy”,
“RemoveAutoTerminationPolicy”,
“RemoveManagedScalingPolicy”,
“RemoveTags”,
“StopEditor”,
“StopNotebookExecution”,
“TerminateJobFlows”
]
},
{
“service_name”: “AWS Batch”,
“high_privilege_actions”: [
“DeleteComputeEnvironment”,
“DeleteJobQueue”,
“DeleteSchedulingPolicy”,
“TerminateJob”,
“UntagResource”
]
},
{
“service_name”: “AWS Connect Campaigns”,
“high_privilege_actions”: [
“DeleteCampaign”,
“StopCampaign”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT Events”,
“high_privilege_actions”: [
“BatchDisableAlarm”,
“DeleteAlarmModel”,
“DeleteDetectorModel”,
“DeleteInput”,
“UntagResource”
]
},
{
“service_name”: “AWS CloudTrail Service”,
“high_privilege_actions”: [
“DeleteEventDataStore”,
“DeleteTrail”,
“RemoveTags”,
“StopLogging”
]
},
{
“service_name”: “AWS DynamoDB Service”,
“high_privilege_actions”: [
“DeleteBackup”,
“DeleteItem”,
“DeleteTable”,
“DeleteTableReplica”,
“DisableKinesisStreamingDestination”,
“PartiQLDelete”,
“UntagResource”
]
},
{
“service_name”: “AWS OpenSearch Service”,
“high_privilege_actions”: [
“AssociatePackage”,
“DeleteDomain”,
“DeleteElasticsearchDomain”,
“DeleteElasticsearchServiceRole”,
“DeleteInboundConnection”,
“DeleteInboundCrossClusterSearchConnection”,
“DeleteOutboundConnection”,
“DeleteOutboundCrossClusterSearchConnection”,
“DeletePackage”,
“ESHttpDelete”,
“RemoveTags”
]
},
{
“service_name”: “AWS DeepRacer”,
“high_privilege_actions”: [
“AdminListAssociatedResources”,
“AdminListAssociatedUsers”,
“DeleteLeaderboard”,
“DeleteModel”,
“RemoveLeaderboardAccessPermission”,
“StopEvaluation”,
“StopTrainingReinforcementLearningModel”,
“UntagResource”
]
},
{
“service_name”: “AWS Voice ID”,
“high_privilege_actions”: [
“DeleteDomain”,
“DeleteFraudster”,
“DeleteSpeaker”,
“UntagResource”
]
},
{
“service_name”: “AWS EMR on EKS”,
“high_privilege_actions”: [
“DeleteManagedEndpoint”,
“DeleteVirtualCluster”,
“UntagResource”
]
},
{
“service_name”: “AWS Budgets”,
“high_privilege_actions”: [
“DeleteBudgetAction”
]
},
{
“service_name”: “AWS EventBridge Schema Registry”,
“high_privilege_actions”: [
“DeleteDiscoverer”,
“DeleteRegistry”,
“DeleteResourcePolicy”,
“DeleteSchema”,
“DeleteSchemaVersion”,
“StopDiscoverer”,
“UntagResource”
]
},
{
“service_name”: “AWS Network Manager”,
“high_privilege_actions”: [
“AssociateConnectPeer”,
“AssociateCustomerGateway”,
“AssociateLink”,
“AssociateTransitGatewayConnectPeer”,
“DeleteAttachment”,
“DeleteConnectPeer”,
“DeleteConnection”,
“DeleteCoreNetwork”,
“DeleteCoreNetworkPolicyVersion”,
“DeleteDevice”,
“DeleteGlobalNetwork”,
“DeleteLink”,
“DeleteResourcePolicy”,
“DeleteSite”,
“DisassociateConnectPeer”,
“DisassociateCustomerGateway”,
“DisassociateLink”,
“DisassociateTransitGatewayConnectPeer”,
“UntagResource”
]
},
{
“service_name”: “AWS Cognito Identity”,
“high_privilege_actions”: [
“DeleteIdentities”,
“DeleteIdentityPool”,
“UntagResource”
]
},
{
“service_name”: “AWS Polly”,
“high_privilege_actions”: [
“DeleteLexicon”
]
},
{
“service_name”: “AWS AppConfig”,
“high_privilege_actions”: [
“DeleteApplication”,
“DeleteConfigurationProfile”,
“DeleteDeploymentStrategy”,
“DeleteEnvironment”,
“DeleteHostedConfigurationVersion”,
“StopDeployment”,
“UntagResource”
]
},
{
“service_name”: “AWS App Runner”,
“high_privilege_actions”: [
“AssociateCustomDomain”,
“DeleteAutoScalingConfiguration”,
“DeleteConnection”,
“DeleteService”,
“DisassociateCustomDomain”,
“UntagResource”
]
},
{
“service_name”: “AWS License Manager”,
“high_privilege_actions”: [
“DeleteGrant”,
“DeleteLicense”,
“DeleteLicenseConfiguration”,
“DeleteLicenseManagerReportGenerator”,
“DeleteToken”,
“UntagResource”
]
},
{
“service_name”: “AWS Alexa for Business Service”,
“high_privilege_actions”: [
“AssociateContactWithAddressBook”,
“AssociateDeviceWithNetworkProfile”,
“AssociateDeviceWithRoom”,
“AssociateSkillGroupWithRoom”,
“AssociateSkillWithSkillGroup”,
“AssociateSkillWithUsers”,
“DeleteAddressBook”,
“DeleteBusinessReportSchedule”,
“DeleteConferenceProvider”,
“DeleteContact”,
“DeleteDevice”,
“DeleteDeviceUsageData”,
“DeleteGatewayGroup”,
“DeleteNetworkProfile”,
“DeleteProfile”,
“DeleteRoom”,
“DeleteRoomSkillParameter”,
“DeleteSkillAuthorization”,
“DeleteSkillGroup”,
“DeleteUser”,
“DisassociateContactFromAddressBook”,
“DisassociateDeviceFromRoom”,
“DisassociateSkillFromSkillGroup”,
“DisassociateSkillFromUsers”,
“DisassociateSkillGroupFromRoom”,
“RevokeInvitation”,
“UntagResource”
]
},
{
“service_name”: “AWS Certificate Manager Private Certificate Authority”,
“high_privilege_actions”: [
“DeleteCertificateAuthority”,
“DeletePermission”,
“DeletePolicy”,
“RevokeCertificate”,
“UntagCertificateAuthority”
]
},
{
“service_name”: “AWS StepFunctions Service”,
“high_privilege_actions”: [
“DeleteActivity”,
“DeleteStateMachine”,
“StopExecution”,
“UntagResource”
]
},
{
“service_name”: “AWS Connect Wisdom”,
“high_privilege_actions”: [
“DeleteAssistant”,
“DeleteAssistantAssociation”,
“DeleteContent”,
“DeleteKnowledgeBase”,
“RemoveKnowledgeBaseTemplateUri”,
“UntagResource”
]
},
{
“service_name”: “EC2 Messages”,
“high_privilege_actions”: [
“DeleteMessage”
]
},
{
“service_name”: “AWS IoT Greengrass”,
“high_privilege_actions”: [
“AssociateServiceRoleToAccount”,
“BatchAssociateClientDeviceWithCoreDevice”,
“BatchDisassociateClientDeviceFromCoreDevice”,
“DeleteComponent”,
“DeleteCoreDevice”,
“DisassociateServiceRoleFromAccount”,
“UntagResource”,
“AssociateRoleToGroup”,
“AssociateServiceRoleToAccount”,
“DeleteConnectorDefinition”,
“DeleteCoreDefinition”,
“DeleteDeviceDefinition”,
“DeleteFunctionDefinition”,
“DeleteGroup”,
“DeleteLoggerDefinition”,
“DeleteResourceDefinition”,
“DeleteSubscriptionDefinition”,
“DisassociateRoleFromGroup”,
“DisassociateServiceRoleFromAccount”,
“StopBulkDeployment”,
“UntagResource”
]
},
{
“service_name”: “AWS Redshift Service”,
“high_privilege_actions”: [
“AssociateDataShareConsumer”,
“BatchDeleteClusterSnapshots”,
“DeleteAuthenticationProfile”,
“DeleteCluster”,
“DeleteClusterParameterGroup”,
“DeleteClusterSecurityGroup”,
“DeleteClusterSnapshot”,
“DeleteClusterSubnetGroup”,
“DeleteEventSubscription”,
“DeleteHsmClientCertificate”,
“DeleteHsmConfiguration”,
“DeleteSavedQueries”,
“DeleteScheduledAction”,
“DeleteSnapshotCopyGrant”,
“DeleteSnapshotSchedule”,
“DeleteTags”,
“DeleteUsageLimit”,
“DisableLogging”,
“DisableSnapshotCopy”,
“DisassociateDataShareConsumer”,
“RebootCluster”,
“RevokeClusterSecurityGroupIngress”,
“RevokeSnapshotAccess”
]
},
{
“service_name”: “AWS WorkDocs”,
“high_privilege_actions”: [
“DeleteComment”,
“DeleteCustomMetadata”,
“DeleteDocument”,
“DeleteFolder”,
“DeleteFolderContents”,
“DeleteInstance”,
“DeleteLabels”,
“DeleteNotificationSubscription”,
“DeleteUser”,
“RemoveAllResourcePermissions”,
“RemoveResourcePermission”
]
},
{
“service_name”: “AWS Comprehend Medical”,
“high_privilege_actions”: [
“StopEntitiesDetectionV2Job”,
“StopICD10CMInferenceJob”,
“StopPHIDetectionJob”,
“StopRxNormInferenceJob”
]
},
{
“service_name”: “AWS DeepComposer”,
“high_privilege_actions”: [
“AssociateCoupon”,
“DeleteComposition”,
“DeleteModel”,
“UntagResource”
]
},
{
“service_name”: “AWS Managed Blockchain”,
“high_privilege_actions”: [
“DeleteMember”,
“DeleteNode”,
“UntagResource”
]
},
{
“service_name”: “AWS WAF”,
“high_privilege_actions”: [
“DeleteByteMatchSet”,
“DeleteGeoMatchSet”,
“DeleteIPSet”,
“DeleteLoggingConfiguration”,
“DeletePermissionPolicy”,
“DeleteRateBasedRule”,
“DeleteRegexMatchSet”,
“DeleteRegexPatternSet”,
“DeleteRule”,
“DeleteRuleGroup”,
“DeleteSizeConstraintSet”,
“DeleteSqlInjectionMatchSet”,
“DeleteWebACL”,
“DeleteXssMatchSet”,
“UntagResource”
]
},
{
“service_name”: “AWS AppStream”,
“high_privilege_actions”: [
“AssociateApplicationFleet”,
“AssociateApplicationToEntitlement”,
“AssociateFleet”,
“BatchAssociateUserStack”,
“BatchDisassociateUserStack”,
“DeleteAppBlock”,
“DeleteApplication”,
“DeleteDirectoryConfig”,
“DeleteEntitlement”,
“DeleteFleet”,
“DeleteImage”,
“DeleteImageBuilder”,
“DeleteImagePermissions”,
“DeleteStack”,
“DeleteUsageReportSubscription”,
“DeleteUser”,
“DisableUser”,
“DisassociateApplicationFleet”,
“DisassociateApplicationFromEntitlement”,
“DisassociateFleet”,
“StopFleet”,
“StopImageBuilder”,
“UntagResource”
]
},
{
“service_name”: “AWS QuickSight”,
“high_privilege_actions”: [
“DeleteAccountCustomization”,
“DeleteAnalysis”,
“DeleteCustomPermissions”,
“DeleteDashboard”,
“DeleteDataSet”,
“DeleteDataSource”,
“DeleteEmailCustomizationTemplate”,
“DeleteFolder”,
“DeleteFolderMembership”,
“DeleteGroup”,
“DeleteGroupMembership”,
“DeleteIAMPolicyAssignment”,
“DeleteNamespace”,
“DeleteTemplate”,
“DeleteTemplateAlias”,
“DeleteTheme”,
“DeleteThemeAlias”,
“DeleteUser”,
“DeleteUserByPrincipalId”,
“DeleteVPCConnection”,
“UntagResource”
]
},
{
“service_name”: “AWS WAFv2”,
“high_privilege_actions”: [
“AssociateWebACL”,
“DeleteFirewallManagerRuleGroups”,
“DeleteIPSet”,
“DeleteLoggingConfiguration”,
“DeletePermissionPolicy”,
“DeleteRegexPatternSet”,
“DeleteRuleGroup”,
“DeleteWebACL”,
“DisassociateFirewallManager”,
“DisassociateWebACL”,
“UntagResource”
]
},
{
“service_name”: “AWS Data Lifecycle Manager”,
“high_privilege_actions”: [
“DeleteLifecyclePolicy”,
“UntagResource”
]
},
{
“service_name”: “AWS Well-Architected Tool”,
“high_privilege_actions”: [
“AssociateLenses”,
“DeleteLens”,
“DeleteLensShare”,
“DeleteWorkload”,
“DeleteWorkloadShare”,
“DisassociateLenses”,
“UntagResource”
]
},
{
“service_name”: “AWS Kendra”,
“high_privilege_actions”: [
“BatchDeleteDocument”,
“DeleteDataSource”,
“DeleteFaq”,
“DeleteIndex”,
“DeletePrincipalMapping”,
“DeleteQuerySuggestionsBlockList”,
“DeleteThesaurus”,
“StopDataSourceSyncJob”,
“UntagResource”
]
},
{
“service_name”: “AWS Interactive Video Service”,
“high_privilege_actions”: [
“DeleteChannel”,
“DeletePlaybackKeyPair”,
“DeleteRecordingConfiguration”,
“DeleteStreamKey”,
“StopStream”,
“UntagResource”
]
},
{
“service_name”: “AWS Lightsail”,
“high_privilege_actions”: [
“CloseInstancePublicPorts”,
“DeleteAlarm”,
“DeleteAutoSnapshot”,
“DeleteBucket”,
“DeleteBucketAccessKey”,
“DeleteCertificate”,
“DeleteContactMethod”,
“DeleteContainerImage”,
“DeleteContainerService”,
“DeleteDisk”,
“DeleteDiskSnapshot”,
“DeleteDistribution”,
“DeleteDomain”,
“DeleteDomainEntry”,
“DeleteInstance”,
“DeleteInstanceSnapshot”,
“DeleteKeyPair”,
“DeleteKnownHostKeys”,
“DeleteLoadBalancer”,
“DeleteLoadBalancerTlsCertificate”,
“DeleteRelationalDatabase”,
“DeleteRelationalDatabaseSnapshot”,
“DisableAddOn”,
“RebootInstance”,
“RebootRelationalDatabase”,
“StopInstance”,
“StopRelationalDatabase”,
“UntagResource”
]
},
{
“service_name”: “AWS Cognito Sync”,
“high_privilege_actions”: [
“DeleteDataset”
]
},
{
“service_name”: “AWS CloudSearch”,
“high_privilege_actions”: [
“DeleteAnalysisScheme”,
“DeleteDomain”,
“DeleteExpression”,
“DeleteIndexField”,
“DeleteSuggester”,
“RemoveTags”
]
},
{
“service_name”: “AWS Elastic Transcoder”,
“high_privilege_actions”: [
“DeletePipeline”,
“DeletePreset”
]
},
{
“service_name”: “AWS IoT FleetWise”,
“high_privilege_actions”: [
“AssociateVehicle”,
“DeleteCampaign”,
“DeleteDecoderManifest”,
“DeleteFleet”,
“DeleteModelManifest”,
“DeleteSignalCatalog”,
“DeleteVehicle”,
“DisassociateVehicle”
]
},
{
“service_name”: “AWS Backup Service”,
“high_privilege_actions”: [
“DeleteBackupPlan”,
“DeleteBackupSelection”,
“DeleteBackupVault”,
“DeleteBackupVaultAccessPolicy”,
“DeleteBackupVaultLockConfiguration”,
“DeleteBackupVaultNotifications”,
“DeleteFramework”,
“DeleteRecoveryPoint”,
“DeleteReportPlan”,
“DisassociateRecoveryPoint”,
“StopBackupJob”,
“UntagResource”
]
},
{
“service_name”: “AWS DataBrew”,
“high_privilege_actions”: [
“BatchDeleteRecipeVersion”,
“DeleteDataset”,
“DeleteJob”,
“DeleteProject”,
“DeleteRecipeVersion”,
“DeleteRuleset”,
“DeleteSchedule”,
“StopJobRun”,
“UntagResource”
]
},
{
“service_name”: “AWS Braket”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS Database Migration Service”,
“high_privilege_actions”: [
“DeleteCertificate”,
“DeleteConnection”,
“DeleteEndpoint”,
“DeleteEventSubscription”,
“DeleteReplicationInstance”,
“DeleteReplicationSubnetGroup”,
“DeleteReplicationTask”,
“DeleteReplicationTaskAssessmentRun”,
“RebootReplicationInstance”,
“RemoveTagsFromResource”,
“StopReplicationTask”
]
},
{
“service_name”: “AWS Network Firewall”,
“high_privilege_actions”: [
“AssociateFirewallPolicy”,
“AssociateSubnets”,
“DeleteFirewall”,
“DeleteFirewallPolicy”,
“DeleteResourcePolicy”,
“DeleteRuleGroup”,
“DisassociateSubnets”,
“UntagResource”,
“UpdateFirewallDeleteProtection”
]
},
{
“service_name”: “AWS Artifact”,
“high_privilege_actions”: [
“TerminateAgreement”
]
},
{
“service_name”: “AWS Systems Manager Contacts”,
“high_privilege_actions”: [
“AssociateContact”,
“DeleteContact”,
“DeleteContactChannel”,
“DeleteContactPolicy”,
“StopEngagement”,
“UntagResource”
]
},
{
“service_name”: “AWS Transcribe”,
“high_privilege_actions”: [
“DeleteCallAnalyticsCategory”,
“DeleteCallAnalyticsJob”,
“DeleteLanguageModel”,
“DeleteMedicalTranscriptionJob”,
“DeleteMedicalVocabulary”,
“DeleteTranscriptionJob”,
“DeleteVocabulary”,
“DeleteVocabularyFilter”
]
},
{
“service_name”: “AWS Elemental MediaPackage VOD”,
“high_privilege_actions”: [
“DeleteAsset”,
“DeletePackagingConfiguration”,
“DeletePackagingGroup”,
“UntagResource”
]
},
{
“service_name”: “AWS Device Farm”,
“high_privilege_actions”: [
“DeleteDevicePool”,
“DeleteInstanceProfile”,
“DeleteNetworkProfile”,
“DeleteProject”,
“DeleteRemoteAccessSession”,
“DeleteRun”,
“DeleteTestGridProject”,
“DeleteUpload”,
“DeleteVPCEConfiguration”,
“StopJob”,
“StopRemoteAccessSession”,
“StopRun”,
“UntagResource”
]
},
{
“service_name”: “AWS Ground Station”,
“high_privilege_actions”: [
“DeleteConfig”,
“DeleteDataflowEndpointGroup”,
“DeleteMissionProfile”,
“UntagResource”
]
},
{
“service_name”: “AWS DevOps Guru”,
“high_privilege_actions”: [
“RemoveNotificationChannel”
]
},
{
“service_name”: “AWS Signer”,
“high_privilege_actions”: [
“RemoveProfilePermission”,
“RevokeSignature”,
“RevokeSigningProfile”,
“UntagResource”
]
},
{
“service_name”: “AWS ResourceGroups Service”,
“high_privilege_actions”: [
“DeleteGroup”,
“Untag”
]
},
{
“service_name”: “AWS Honeycode”,
“high_privilege_actions”: [
“BatchDeleteTableRows”
]
},
{
“service_name”: “AWS Amplify UI Builder”,
“high_privilege_actions”: [
“DeleteComponent”,
“DeleteTheme”,
“UntagResource”
]
},
{
“service_name”: “AWS WorkSpaces Web”,
“high_privilege_actions”: [
“AssociateBrowserSettings”,
“AssociateNetworkSettings”,
“AssociateTrustStore”,
“AssociateUserSettings”,
“DeleteBrowserSettings”,
“DeleteIdentityProvider”,
“DeleteNetworkSettings”,
“DeletePortal”,
“DeleteTrustStore”,
“DeleteUserSettings”,
“DisassociateBrowserSettings”,
“DisassociateNetworkSettings”,
“DisassociateTrustStore”,
“DisassociateUserSettings”,
“UntagResource”
]
},
{
“service_name”: “AWS ECR Public”,
“high_privilege_actions”: [
“BatchDeleteImage”,
“DeleteRepository”,
“DeleteRepositoryPolicy”,
“UntagResource”
]
},
{
“service_name”: “AWS Snow Device Management”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS APIGateway Service”,
“high_privilege_actions”: [
“DELETE”,
“DELETE”,
“RemoveCertificateFromDomain”
]
},
{
“service_name”: “AWS MSK (Managed Streaming for Apache Kafka)”,
“high_privilege_actions”: [
“DeleteGroup”,
“DeleteTopic”
]
},
{
“service_name”: “AWS Elemental Activations”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS Managed Grafana”,
“high_privilege_actions”: [
“AssociateLicense”,
“DeleteWorkspace”,
“DisassociateLicense”
]
},
{
“service_name”: “AWS App Mesh”,
“high_privilege_actions”: [
“DeleteGatewayRoute”,
“DeleteMesh”,
“DeleteRoute”,
“DeleteVirtualGateway”,
“DeleteVirtualNode”,
“DeleteVirtualRouter”,
“DeleteVirtualService”,
“UntagResource”
]
},
{
“service_name”: “AWS DBQMS”,
“high_privilege_actions”: [
“DeleteFavoriteQueries”,
“DeleteQueryHistory”,
“DeleteTab”
]
},
{
“service_name”: “AWS MSK Service”,
“high_privilege_actions”: [
“BatchAssociateScramSecret”,
“BatchDisassociateScramSecret”,
“DeleteCluster”,
“DeleteConfiguration”,
“RebootBroker”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeGuru Reviewer”,
“high_privilege_actions”: [
“AssociateRepository”,
“DisassociateRepository”,
“UnTagResource”
]
},
{
“service_name”: “AWS MemoryDB for Redis”,
“high_privilege_actions”: [
“DeleteAcl”,
“DeleteCluster”,
“DeleteParameterGroup”,
“DeleteSnapshot”,
“DeleteSubnetGroup”,
“DeleteUser”,
“UntagResource”
]
},
{
“service_name”: “AWS SMS Voice”,
“high_privilege_actions”: [
“DeleteConfigurationSet”,
“DeleteConfigurationSetEventDestination”
]
},
{
“service_name”: “AWS CloudWatch Service”,
“high_privilege_actions”: [
“DeleteAlarms”,
“DeleteAnomalyDetector”,
“DeleteDashboards”,
“DeleteInsightRules”,
“DeleteMetricStream”,
“DisableAlarmActions”,
“DisableInsightRules”,
“StopMetricStreams”,
“UntagResource”
]
},
{
“service_name”: “AWS AutoScaling Service”,
“high_privilege_actions”: [
“BatchDeleteScheduledAction”,
“DeleteAutoScalingGroup”,
“DeleteLaunchConfiguration”,
“DeleteLifecycleHook”,
“DeleteNotificationConfiguration”,
“DeletePolicy”,
“DeleteScheduledAction”,
“DeleteTags”,
“DeleteWarmPool”,
“DisableMetricsCollection”,
“SuspendProcesses”,
“TerminateInstanceInAutoScalingGroup”
]
},
{
“service_name”: “AWS Shield”,
“high_privilege_actions”: [
“AssociateDRTLogBucket”,
“AssociateDRTRole”,
“AssociateHealthCheck”,
“AssociateProactiveEngagementDetails”,
“DeleteProtection”,
“DeleteProtectionGroup”,
“DeleteSubscription”,
“DisableApplicationLayerAutomaticResponse”,
“DisableProactiveEngagement”,
“DisassociateDRTLogBucket”,
“DisassociateDRTRole”,
“DisassociateHealthCheck”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT TwinMaker”,
“high_privilege_actions”: [
“DeleteComponentType”,
“DeleteEntity”,
“DeleteScene”,
“DeleteWorkspace”,
“UntagResource”
]
},
{
“service_name”: “AWS SecretsManager Service”,
“high_privilege_actions”: [
“DeleteResourcePolicy”,
“DeleteSecret”,
“RemoveRegionsFromReplication”,
“StopReplicationToReplica”,
“UntagResource”
]
},
{
“service_name”: “Application Auto Scaling”,
“high_privilege_actions”: [
“DeleteScalingPolicy”,
“DeleteScheduledAction”
]
},
{
“service_name”: “AWS FSx Service”,
“high_privilege_actions”: [
“AssociateFileGateway”,
“AssociateFileSystemAliases”,
“DeleteBackup”,
“DeleteDataRepositoryAssociation”,
“DeleteFileSystem”,
“DeleteSnapshot”,
“DeleteStorageVirtualMachine”,
“DeleteVolume”,
“DisassociateFileGateway”,
“DisassociateFileSystemAliases”,
“UntagResource”
]
},
{
“service_name”: “AWS Amplify”,
“high_privilege_actions”: [
“DeleteApp”,
“DeleteBackendEnvironment”,
“DeleteBranch”,
“DeleteDomainAssociation”,
“DeleteJob”,
“DeleteWebHook”,
“StopJob”,
“UntagResource”
]
},
{
“service_name”: “AWS App Mesh Preview”,
“high_privilege_actions”: [
“DeleteGatewayRoute”,
“DeleteMesh”,
“DeleteRoute”,
“DeleteVirtualGateway”,
“DeleteVirtualNode”,
“DeleteVirtualRouter”,
“DeleteVirtualService”
]
},
{
“service_name”: “AWS Kinesis Video Streams”,
“high_privilege_actions”: [
“DeleteSignalingChannel”,
“DeleteStream”,
“UntagResource”,
“UntagStream”
]
},
{
“service_name”: “AWS Migration Hub Strategy”,
“high_privilege_actions”: [
“StopAssessment”
]
},
{
“service_name”: “AWS Elemental MediaLive”,
“high_privilege_actions”: [
“BatchDelete”,
“BatchStop”,
“DeleteChannel”,
“DeleteInput”,
“DeleteInputSecurityGroup”,
“DeleteMultiplex”,
“DeleteMultiplexProgram”,
“DeleteReservation”,
“DeleteSchedule”,
“DeleteTags”,
“StopChannel”,
“StopMultiplex”
]
},
{
“service_name”: “AWS CloudShell”,
“high_privilege_actions”: [
“DeleteEnvironment”,
“StopEnvironment”
]
},
{
“service_name”: “AWS Location Service”,
“high_privilege_actions”: [
“AssociateTrackerConsumer”,
“BatchDeleteDevicePositionHistory”,
“BatchDeleteGeofence”,
“DeleteGeofenceCollection”,
“DeleteMap”,
“DeletePlaceIndex”,
“DeleteRouteCalculator”,
“DeleteTracker”,
“DisassociateTrackerConsumer”,
“UntagResource”
]
},
{
“service_name”: “AWS KMS Service”,
“high_privilege_actions”: [
“DeleteAlias”,
“DeleteCustomKeyStore”,
“DeleteImportedKeyMaterial”,
“DisableKey”,
“DisableKeyRotation”,
“RevokeGrant”,
“UntagResource”
]
},
{
“service_name”: “AWS CloudHSM”,
“high_privilege_actions”: [
“DeleteBackup”,
“DeleteCluster”,
“DeleteHapg”,
“DeleteHsm”,
“DeleteLunaClient”,
“RemoveTagsFromResource”,
“UntagResource”
]
},
{
“service_name”: “AWS EC2 Service”,
“high_privilege_actions”: [
“AssociateAddress”,
“AssociateClientVpnTargetNetwork”,
“AssociateDhcpOptions”,
“AssociateEnclaveCertificateIamRole”,
“AssociateIamInstanceProfile”,
“AssociateInstanceEventWindow”,
“AssociateRouteTable”,
“AssociateSubnetCidrBlock”,
“AssociateTransitGatewayMulticastDomain”,
“AssociateTransitGatewayRouteTable”,
“AssociateTrunkInterface”,
“AssociateVpcCidrBlock”,
“DeleteCarrierGateway”,
“DeleteClientVpnEndpoint”,
“DeleteClientVpnRoute”,
“DeleteCustomerGateway”,
“DeleteDhcpOptions”,
“DeleteEgressOnlyInternetGateway”,
“DeleteFleets”,
“DeleteFlowLogs”,
“DeleteFpgaImage”,
“DeleteInstanceEventWindow”,
“DeleteInternetGateway”,
“DeleteIpam”,
“DeleteIpamPool”,
“DeleteIpamScope”,
“DeleteKeyPair”,
“DeleteLaunchTemplate”,
“DeleteLaunchTemplateVersions”,
“DeleteLocalGatewayRoute”,
“DeleteLocalGatewayRouteTableVpcAssociation”,
“DeleteManagedPrefixList”,
“DeleteNatGateway”,
“DeleteNetworkAcl”,
“DeleteNetworkAclEntry”,
“DeleteNetworkInsightsAccessScope”,
“DeleteNetworkInsightsAccessScopeAnalysis”,
“DeleteNetworkInsightsAnalysis”,
“DeleteNetworkInsightsPath”,
“DeleteNetworkInterface”,
“DeleteNetworkInterfacePermission”,
“DeletePlacementGroup”,
“DeletePublicIpv4Pool”,
“DeleteQueuedReservedInstances”,
“DeleteRoute”,
“DeleteRouteTable”,
“DeleteSecurityGroup”,
“DeleteSnapshot”,
“DeleteSpotDatafeedSubscription”,
“DeleteSubnet”,
“DeleteSubnetCidrReservation”,
“DeleteTags”,
“DeleteTrafficMirrorFilter”,
“DeleteTrafficMirrorFilterRule”,
“DeleteTrafficMirrorSession”,
“DeleteTrafficMirrorTarget”,
“DeleteTransitGateway”,
“DeleteTransitGatewayConnect”,
“DeleteTransitGatewayConnectPeer”,
“DeleteTransitGatewayMulticastDomain”,
“DeleteTransitGatewayPeeringAttachment”,
“DeleteTransitGatewayPrefixListReference”,
“DeleteTransitGatewayRoute”,
“DeleteTransitGatewayRouteTable”,
“DeleteTransitGatewayVpcAttachment”,
“DeleteVolume”,
“DeleteVpc”,
“DeleteVpcEndpointConnectionNotifications”,
“DeleteVpcEndpointServiceConfigurations”,
“DeleteVpcEndpoints”,
“DeleteVpcPeeringConnection”,
“DeleteVpnConnection”,
“DeleteVpnConnectionRoute”,
“DeleteVpnGateway”,
“DisableEbsEncryptionByDefault”,
“DisableFastLaunch”,
“DisableFastSnapshotRestores”,
“DisableImageDeprecation”,
“DisableIpamOrganizationAdminAccount”,
“DisableSerialConsoleAccess”,
“DisableTransitGatewayRouteTablePropagation”,
“DisableVgwRoutePropagation”,
“DisableVpcClassicLink”,
“DisableVpcClassicLinkDnsSupport”,
“DisassociateAddress”,
“DisassociateClientVpnTargetNetwork”,
“DisassociateEnclaveCertificateIamRole”,
“DisassociateIamInstanceProfile”,
“DisassociateInstanceEventWindow”,
“DisassociateRouteTable”,
“DisassociateSubnetCidrBlock”,
“DisassociateTransitGatewayMulticastDomain”,
“DisassociateTransitGatewayRouteTable”,
“DisassociateTrunkInterface”,
“DisassociateVpcCidrBlock”,
“RebootInstances”,
“RevokeClientVpnIngress”,
“RevokeSecurityGroupEgress”,
“RevokeSecurityGroupIngress”,
“StopInstances”,
“TerminateClientVpnConnections”,
“TerminateInstances”,
“WithdrawByoipCidr”
]
},
{
“service_name”: “AWS Data Pipeline”,
“high_privilege_actions”: [
“DeletePipeline”,
“RemoveTags”
]
},
{
“service_name”: “AWS Simple Notification Service”,
“high_privilege_actions”: [
“DeleteApp”,
“DeleteAppLaunchConfiguration”,
“DeleteAppReplicationConfiguration”,
“DeleteAppValidationConfiguration”,
“DeleteReplicationJob”,
“DeleteServerCatalog”,
“DisassociateConnector”,
“StopAppReplication”,
“TerminateApp”
]
},
{
“service_name”: “AWS Monitron”,
“high_privilege_actions”: [
“AssociateProjectAdminUser”,
“DeleteProject”,
“DisassociateProjectAdminUser”,
“UntagResource”
]
},
{
“service_name”: “AWS CloudFormation Service”,
“high_privilege_actions”: [
“DeleteChangeSet”,
“DeleteStack”,
“DeleteStackInstances”,
“DeleteStackSet”,
“StopStackSetOperation”,
“UntagResource”,
“DeleteResource”
]
},
{
“service_name”: “AWS Rbin”,
“high_privilege_actions”: [
“DeleteRule”,
“UntagResource”
]
},
{
“service_name”: “AWS SNS Chatbot”,
“high_privilege_actions”: [
“DeleteChimeWebhookConfiguration”,
“DeleteSlackChannelConfiguration”,
“DeleteSlackWorkspaceAuthorization”
]
},
{
“service_name”: “AWS Health”,
“high_privilege_actions”: [
“DisableHealthServiceAccessForOrganization”
]
},
{
“service_name”: “AWS Outposts”,
“high_privilege_actions”: [
“DeleteOutpost”,
“DeleteSite”,
“UntagResource”
]
},
{
“service_name”: “AWS GameLift”,
“high_privilege_actions”: [
“DeleteAlias”,
“DeleteBuild”,
“DeleteFleet”,
“DeleteFleetLocations”,
“DeleteGameServerGroup”,
“DeleteGameSessionQueue”,
“DeleteMatchmakingConfiguration”,
“DeleteMatchmakingRuleSet”,
“DeleteScalingPolicy”,
“DeleteScript”,
“DeleteVpcPeeringAuthorization”,
“DeleteVpcPeeringConnection”,
“StopFleetActions”,
“StopGameSessionPlacement”,
“StopMatchmaking”,
“SuspendGameServerGroup”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT Fleet Hub”,
“high_privilege_actions”: [
“DeleteApplication”,
“UntagResource”
]
},
{
“service_name”: “AWS Route 53 Recovery Control Config”,
“high_privilege_actions”: [
“DeleteCluster”,
“DeleteControlPanel”,
“DeleteRoutingControl”,
“DeleteSafetyRule”,
“UntagResource”
]
},
{
“service_name”: “AWS OpsWorks Configuration Management”,
“high_privilege_actions”: [
“AssociateNode”,
“DeleteBackup”,
“DeleteServer”,
“DisassociateNode”,
“UntagResource”
]
},
{
“service_name”: “AWS Timestream Service”,
“high_privilege_actions”: [
“DeleteDatabase”,
“DeleteScheduledQuery”,
“DeleteTable”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT RoboRunner”,
“high_privilege_actions”: [
“DeleteAction”,
“DeleteActionTemplate”,
“DeleteActionTemplateDependency”,
“DeleteActivity”,
“DeleteActivityDependency”,
“DeleteDestination”,
“DeleteDestinationRelationship”,
“DeleteSite”,
“DeleteTask”,
“DeleteTaskDependency”,
“DeleteWorker”,
“DeleteWorkerFleet”
]
},
{
“service_name”: “AWS Discovery”,
“high_privilege_actions”: [
“AssociateConfigurationItemsToApplication”,
“BatchDeleteImportData”,
“DeleteApplications”,
“DeleteTags”,
“DisassociateConfigurationItemsFromApplication”,
“StopContinuousExport”,
“StopDataCollectionByAgentIds”
]
},
{
“service_name”: “AWS CodeCommit Service”,
“high_privilege_actions”: [
“AssociateApprovalRuleTemplateWithRepository”,
“BatchAssociateApprovalRuleTemplateWithRepositories”,
“BatchDisassociateApprovalRuleTemplateFromRepositories”,
“DeleteApprovalRuleTemplate”,
“DeleteBranch”,
“DeleteCommentContent”,
“DeleteFile”,
“DeletePullRequestApprovalRule”,
“DeleteRepository”,
“DisassociateApprovalRuleTemplateFromRepository”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeGuru Profiler”,
“high_privilege_actions”: [
“DeleteProfilingGroup”,
“RemoveNotificationChannel”,
“RemovePermission”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT Device Advisor”,
“high_privilege_actions”: [
“DeleteSuiteDefinition”,
“StopSuiteRun”,
“UntagResource”
]
},
{
“service_name”: “AWS SNS Service”,
“high_privilege_actions”: [
“DeleteEndpoint”,
“DeletePlatformApplication”,
“DeleteSMSSandboxPhoneNumber”,
“DeleteTopic”,
“RemovePermission”,
“UntagResource”
]
},
{
“service_name”: “AWS Cognito Identity Provider”,
“high_privilege_actions”: [
“AdminDeleteUser”,
“AdminDeleteUserAttributes”,
“AdminDisableProviderForUser”,
“AdminDisableUser”,
“AdminRemoveUserFromGroup”,
“AssociateSoftwareToken”,
“DeleteGroup”,
“DeleteIdentityProvider”,
“DeleteResourceServer”,
“DeleteUser”,
“DeleteUserAttributes”,
“DeleteUserPool”,
“DeleteUserPoolClient”,
“DeleteUserPoolDomain”,
“RevokeToken”,
“StopUserImportJob”,
“UntagResource”
]
},
{
“service_name”: “AWS Elastic Beanstalk”,
“high_privilege_actions”: [
“AssociateEnvironmentOperationsRole”,
“DeleteApplication”,
“DeleteApplicationVersion”,
“DeleteConfigurationTemplate”,
“DeleteEnvironmentConfiguration”,
“DeletePlatformVersion”,
“DisassociateEnvironmentOperationsRole”,
“RemoveTags”,
“TerminateEnvironment”
]
},
{
“service_name”: “AWS CloudWatch Application Insights”,
“high_privilege_actions”: [
“DeleteApplication”,
“DeleteComponent”,
“DeleteLogPattern”,
“UntagResource”
]
},
{
“service_name”: “AWS ELB Service”,
“high_privilege_actions”: [
“DeleteListener”,
“DeleteLoadBalancer”,
“DeleteRule”,
“DeleteTargetGroup”,
“RemoveListenerCertificates”,
“RemoveTags”,
“DeleteLoadBalancer”,
“DeleteLoadBalancerListeners”,
“DeleteLoadBalancerPolicy”,
“DisableAvailabilityZonesForLoadBalancer”,
“RemoveTags”
]
},
{
“service_name”: “AWS Lookout for Equipment”,
“high_privilege_actions”: [
“DeleteDataset”,
“DeleteInferenceScheduler”,
“DeleteModel”,
“StopInferenceScheduler”,
“UntagResource”
]
},
{
“service_name”: “AWS Lookout for Metrics”,
“high_privilege_actions”: [
“DeleteAlert”,
“DeleteAnomalyDetector”,
“UntagResource”
]
},
{
“service_name”: “AWS Translate”,
“high_privilege_actions”: [
“DeleteParallelData”,
“DeleteTerminology”,
“StopTextTranslationJob”
]
},
{
“service_name”: “AWS WAF Regional”,
“high_privilege_actions”: [
“AssociateWebACL”,
“DeleteByteMatchSet”,
“DeleteGeoMatchSet”,
“DeleteIPSet”,
“DeleteLoggingConfiguration”,
“DeletePermissionPolicy”,
“DeleteRateBasedRule”,
“DeleteRegexMatchSet”,
“DeleteRegexPatternSet”,
“DeleteRule”,
“DeleteRuleGroup”,
“DeleteSizeConstraintSet”,
“DeleteSqlInjectionMatchSet”,
“DeleteWebACL”,
“DeleteXssMatchSet”,
“DisassociateWebACL”,
“UntagResource”
]
},
{
“service_name”: “AWS ECS Service”,
“high_privilege_actions”: [
“DeleteAccountSetting”,
“DeleteAttributes”,
“DeleteCapacityProvider”,
“DeleteCluster”,
“DeleteService”,
“DeleteTaskSet”,
“StopTask”,
“UntagResource”
]
},
{
“service_name”: “AWS ECR Service”,
“high_privilege_actions”: [
“BatchDeleteImage”,
“DeleteLifecyclePolicy”,
“DeletePullThroughCacheRule”,
“DeleteRegistryPolicy”,
“DeleteRepository”,
“DeleteRepositoryPolicy”,
“UntagResource”
]
},
{
“service_name”: “AWS DynamoDB Accelerator (DAX)”,
“high_privilege_actions”: [
“DeleteCluster”,
“DeleteItem”,
“DeleteParameterGroup”,
“DeleteSubnetGroup”,
“RebootNode”,
“UntagResource”
]
},
{
“service_name”: “AWS Resource Groups Tagging API”,
“high_privilege_actions”: [
“UntagResources”
]
},
{
“service_name”: “AWS CloudWatch Logs Service”,
“high_privilege_actions”: [
“AssociateKmsKey”,
“DeleteDestination”,
“DeleteLogDelivery”,
“DeleteLogGroup”,
“DeleteLogStream”,
“DeleteMetricFilter”,
“DeleteQueryDefinition”,
“DeleteResourcePolicy”,
“DeleteRetentionPolicy”,
“DeleteSubscriptionFilter”,
“DisassociateKmsKey”,
“StopQuery”,
“UntagLogGroup”
]
},
{
“service_name”: “AWS Backup Gateway Service”,
“high_privilege_actions”: [
“AssociateGatewayToServer”,
“DeleteGateway”,
“DeleteHypervisor”,
“DisassociateGatewayFromServer”,
“UntagResource”
]
},
{
“service_name”: “AWS Service Catalog”,
“high_privilege_actions”: [
“AssociateAttributeGroup”,
“AssociateBudgetWithResource”,
“AssociatePrincipalWithPortfolio”,
“AssociateProductWithPortfolio”,
“AssociateResource”,
“AssociateServiceActionWithProvisioningArtifact”,
“AssociateTagOptionWithResource”,
“BatchAssociateServiceActionWithProvisioningArtifact”,
“BatchDisassociateServiceActionFromProvisioningArtifact”,
“DeleteApplication”,
“DeleteAttributeGroup”,
“DeleteConstraint”,
“DeletePortfolio”,
“DeletePortfolioShare”,
“DeleteProduct”,
“DeleteProvisionedProductPlan”,
“DeleteProvisioningArtifact”,
“DeleteServiceAction”,
“DeleteTagOption”,
“DisableAWSOrganizationsAccess”,
“DisassociateAttributeGroup”,
“DisassociateBudgetFromResource”,
“DisassociatePrincipalFromPortfolio”,
“DisassociateProductFromPortfolio”,
“DisassociateResource”,
“DisassociateServiceActionFromProvisioningArtifact”,
“DisassociateTagOptionFromResource”,
“TerminateProvisionedProduct”,
“UntagResource”
]
},
{
“service_name”: “AWS Elastic Disaster Recovery”,
“high_privilege_actions”: [
“AssociateFailbackClientToRecoveryInstanceForDrs”,
“BatchDeleteSnapshotRequestForDrs”,
“DeleteJob”,
“DeleteRecoveryInstance”,
“DeleteReplicationConfigurationTemplate”,
“DeleteSourceServer”,
“StopFailback”,
“TerminateRecoveryInstances”,
“UntagResource”
]
},
{
“service_name”: “AWS Message Queue”,
“high_privilege_actions”: [
“DeleteBroker”,
“DeleteTags”,
“DeleteUser”,
“RebootBroker”
]
},
{
“service_name”: “AWS Control Tower”,
“high_privilege_actions”: [
“DisableGuardrail”
]
},
{
“service_name”: “AWS Nimble Studio”,
“high_privilege_actions”: [
“DeleteLaunchProfile”,
“DeleteLaunchProfileMember”,
“DeleteStreamingImage”,
“DeleteStreamingSession”,
“DeleteStudio”,
“DeleteStudioComponent”,
“DeleteStudioMember”,
“StopStreamingSession”,
“UntagResource”
]
},
{
“service_name”: “AWS Managed Workflows for Apache Airflow”,
“high_privilege_actions”: [
“DeleteEnvironment”,
“UntagResource”
]
},
{
“service_name”: “AWS S3 Object Lambda”,
“high_privilege_actions”: [
“DeleteObject”,
“DeleteObjectTagging”,
“DeleteObjectVersion”,
“DeleteObjectVersionTagging”
]
},
{
“service_name”: “AWS Personalize”,
“high_privilege_actions”: [
“DeleteCampaign”,
“DeleteDataset”,
“DeleteDatasetGroup”,
“DeleteEventTracker”,
“DeleteFilter”,
“DeleteRecommender”,
“DeleteSchema”,
“DeleteSolution”,
“StopSolutionVersionCreation”
]
},
{
“service_name”: “AWS Cloud9”,
“high_privilege_actions”: [
“DeleteEnvironment”,
“DeleteEnvironmentMembership”,
“UntagResource”
]
},
{
“service_name”: “AWS Elemental Appliances and Software”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS Detective”,
“high_privilege_actions”: [
“DeleteGraph”,
“DeleteMembers”,
“DisableOrganizationAdminAccount”,
“DisassociateMembership”,
“UntagResource”
]
},
{
“service_name”: “AWS Transfer for SFTP”,
“high_privilege_actions”: [
“DeleteAccess”,
“DeleteServer”,
“DeleteSshPublicKey”,
“DeleteUser”,
“DeleteWorkflow”,
“StopServer”,
“UntagResource”
]
},
{
“service_name”: “AWS Panorama”,
“high_privilege_actions”: [
“DeleteApp”,
“DeleteAppVersion”,
“DeleteDataSource”,
“DeleteDevice”,
“DeleteModel”,
“DeletePackage”,
“RemoveApplicationInstance”,
“UntagResource”
]
},
{
“service_name”: “AWS IAM Access Analyzer”,
“high_privilege_actions”: [
“DeleteAnalyzer”,
“DeleteArchiveRule”,
“UntagResource”
]
},
{
“service_name”: “AWS App Integrations”,
“high_privilege_actions”: [
“DeleteDataIntegration”,
“DeleteDataIntegrationAssociation”,
“DeleteEventIntegration”,
“DeleteEventIntegrationAssociation”,
“UntagResource”
]
},
{
“service_name”: “AWS FinSpace”,
“high_privilege_actions”: [
“DeleteEnvironment”,
“UntagResource”
]
},
{
“service_name”: “AWS SageMaker Ground Truth Labeling”,
“high_privilege_actions”: [
“AssociatePatchToManifestJob”
]
},
{
“service_name”: “AWS S3 on Outposts”,
“high_privilege_actions”: [
“DeleteAccessPoint”,
“DeleteAccessPointPolicy”,
“DeleteBucket”,
“DeleteBucketPolicy”,
“DeleteEndpoint”,
“DeleteObject”,
“DeleteObjectTagging”
]
},
{
“service_name”: “AWS Elemental MediaStore”,
“high_privilege_actions”: [
“DeleteContainer”,
“DeleteContainerPolicy”,
“DeleteCorsPolicy”,
“DeleteLifecyclePolicy”,
“DeleteMetricPolicy”,
“DeleteObject”,
“StopAccessLogging”,
“UntagResource”
]
},
{
“service_name”: “AWS BugBust”,
“high_privilege_actions”: [
“UntagResource”
]
},
{
“service_name”: “AWS HealthLake”,
“high_privilege_actions”: [
“DeleteFHIRDatastore”,
“DeleteResource”,
“UntagResource”
]
},
{
“service_name”: “AWS IoT 1-Click”,
“high_privilege_actions”: [
“AssociateDeviceWithPlacement”,
“DeletePlacement”,
“DeleteProject”,
“DisassociateDeviceFromPlacement”,
“UntagResource”
]
},
{
“service_name”: “AWS MSK Connect”,
“high_privilege_actions”: [
“DeleteConnector”
]
},
{
“service_name”: “AWS CodePipeline”,
“high_privilege_actions”: [
“DeleteCustomActionType”,
“DeletePipeline”,
“DeleteWebhook”,
“DisableStageTransition”,
“StopPipelineExecution”,
“UntagResource”
]
},
{
“service_name”: “AWS Security Hub”,
“high_privilege_actions”: [
“BatchDisableStandards”,
“DeleteActionTarget”,
“DeleteFindingAggregator”,
“DeleteInsight”,
“DeleteInvitations”,
“DeleteMembers”,
“DisableImportFindingsForProduct”,
“DisableOrganizationAdminAccount”,
“DisableSecurityHub”,
“DisassociateFromAdministratorAccount”,
“DisassociateFromMasterAccount”,
“DisassociateMembers”,
“UntagResource”
]
},
{
“service_name”: “AWS EC2 Image Builder”,
“high_privilege_actions”: [
“DeleteComponent”,
“DeleteContainerRecipe”,
“DeleteDistributionConfiguration”,
“DeleteImage”,
“DeleteImagePipeline”,
“DeleteImageRecipe”,
“DeleteInfrastructureConfiguration”,
“UntagResource”
]
},
{
“service_name”: “AWS SQS Service”,
“high_privilege_actions”: [
“DeleteMessage”,
“DeleteQueue”,
“RemovePermission”,
“UntagQueue”
]
},
{
“service_name”: “AWS ServiceDiscovery Service”,
“high_privilege_actions”: [
“DeleteNamespace”,
“DeleteService”,
“UntagResource”
]
},
{
“service_name”: “AWS Compute Optimizer”,
“high_privilege_actions”: [
“DeleteRecommendationPreferences”
]
},
{
“service_name”: “AWS Glacier”,
“high_privilege_actions”: [
“DeleteArchive”,
“DeleteVault”,
“DeleteVaultAccessPolicy”,
“DeleteVaultNotifications”,
“RemoveTagsFromVault”
]
},
{
“service_name”: “AWS Rekognition”,
“high_privilege_actions”: [
“DeleteCollection”,
“DeleteDataset”,
“DeleteFaces”,
“DeleteProject”,
“DeleteProjectVersion”,
“DeleteStreamProcessor”,
“StopProjectVersion”,
“StopStreamProcessor”,
“UntagResource”
]
},
{
“service_name”: “AWS Launch Wizard”,
“high_privilege_actions”: [
“DeleteApp”
]
},
{
“service_name”: “AWS Elemental MediaConvert”,
“high_privilege_actions”: [
“AssociateCertificate”,
“DeleteJobTemplate”,
“DeletePolicy”,
“DeletePreset”,
“DeleteQueue”,
“DisassociateCertificate”,
“UntagResource”
]
},
{
“service_name”: “AWS ServiceQuotas Service”,
“high_privilege_actions”: [
“AssociateServiceQuotaTemplate”,
“DeleteServiceQuotaIncreaseRequestFromTemplate”,
“DisassociateServiceQuotaTemplate”,
“UntagResource”
]
},
{
“service_name”: “AWS Inspector”,
“high_privilege_actions”: [
“DeleteAssessmentRun”,
“DeleteAssessmentTarget”,
“DeleteAssessmentTemplate”,
“RemoveAttributesFromFindings”,
“StopAssessmentRun”
]
},
{
“service_name”: “AWS RoboMaker”,
“high_privilege_actions”: [
“BatchDeleteWorlds”,
“DeleteFleet”,
“DeleteRobot”,
“DeleteRobotApplication”,
“DeleteSimulationApplication”,
“DeleteWorldTemplate”,
“UntagResource”
]
},
{
“service_name”: “AWS Quantum Ledger Database”,
“high_privilege_actions”: [
“DeleteLedger”,
“PartiQLDelete”,
“UntagResource”
]
},
{
“service_name”: “AWS CodeStar”,
“high_privilege_actions”: [
“AssociateTeamMember”,
“DeleteExtendedAccess”,
“DeleteProject”,
“DeleteUserProfile”,
“DisassociateTeamMember”,
“UntagProject”
]
},
{
“service_name”: “AWS CodeArtifact”,
“high_privilege_actions”: [
“AssociateExternalConnection”,
“AssociateWithDownstreamRepository”,
“DeleteDomain”,
“DeleteDomainPermissionsPolicy”,
“DeletePackageVersions”,
“DeleteRepository”,
“DeleteRepositoryPermissionsPolicy”,
“DisassociateExternalConnection”,
“UntagResource”
]
},
{
“service_name”: “AWS Direct Connect”,
“high_privilege_actions”: [
“AssociateConnectionWithLag”,
“AssociateHostedConnection”,
“AssociateMacSecKey”,
“AssociateVirtualInterface”,
“DeleteBGPPeer”,
“DeleteConnection”,
“DeleteDirectConnectGateway”,
“DeleteDirectConnectGatewayAssociation”,
“DeleteDirectConnectGatewayAssociationProposal”,
“DeleteInterconnect”,
“DeleteLag”,
“DeleteVirtualInterface”,
“DisassociateConnectionFromLag”,
“DisassociateMacSecKey”,
“StopBgpFailoverTest”,
“UntagResource”
]
},
{
“service_name”: “AWS DataSync”,
“high_privilege_actions”: [
“DeleteAgent”,
“DeleteLocation”,
“DeleteTask”,
“UntagResource”
]
},
{
“service_name”: “AWS Organizations”,
“high_privilege_actions”: [
“DeleteOrganization”,
“DeleteOrganizationalUnit”,
“DeletePolicy”,
“DisableAWSServiceAccess”,
“DisablePolicyType”,
“RemoveAccountFromOrganization”,
“UntagResource”
]
},
{
“service_name”: “AWS Kinesis Analytics”,
“high_privilege_actions”: [
“DeleteApplication”,
“DeleteApplicationCloudWatchLoggingOption”,
“DeleteApplicationInputProcessingConfiguration”,
“DeleteApplicationOutput”,
“DeleteApplicationReferenceDataSource”,
“DeleteApplicationSnapshot”,
“DeleteApplicationVpcConfiguration”,
“StopApplication”,
“UntagResource”,
“DeleteApplication”,
“DeleteApplicationOutput”,
“DeleteApplicationReferenceDataSource”,
“StopApplication”,
“UntagResource”
]
},
{
“service_name”: “AWS Account”,
“high_privilege_actions”: [
“DeleteAlternateContact”,
“DisableRegion”
]
}
]
}
Why are the actions considered high privilege?
Reasons for actions marked as high-privilege:
- Data Loss: Deletion actions cause irreversible loss of critical models, endpoints, or policies.
- Operational Disruption: Prematurely stopping jobs wastes resources and disrupts workflows.
- Security Impact: Removing policies or tags weakens access control, governance, and monitoring.
- Resource Investment: Training classifiers or recognizers involves significant time, effort, and cost.
How to Manage these Actions? Any Recommended Best Practices?
- Audit These Actions Regularly: Ensure these actions are logged in AWS CloudTrail and reviewed periodically.
- Restrict Permissions: Use the principle of least privilege, granting access to these actions only to trusted, high-level users or service roles.
- Enable Multi-Factor Authentication (MFA): Require MFA for users with permissions to perform these actions.
- Use Resource Policies: Set resource-based policies to add an extra layer of control.
- Tag Governance: Maintain a tagging strategy and monitor untagging actions.
Related Topics:
