Policy: AmazonGuardDutyServiceRolePolicy

ARN: arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy

Allowed Actions

Actions	Services
ec2:AuthorizeSecurityGroupEgress	ec2
ec2:AuthorizeSecurityGroupIngress	ec2
ec2:CreateSecurityGroup	ec2
ec2:CreateSecurityGroup	ec2
ec2:CreateTags	ec2
ec2:CreateTags	ec2
ec2:CreateVpcEndpoint	ec2
ec2:CreateVpcEndpoint	ec2
ec2:DeleteSecurityGroup	ec2
ec2:DeleteVpcEndpoints	ec2
ec2:DescribeImages	ec2
ec2:DescribeInstances	ec2
ec2:DescribeSecurityGroups	ec2
ec2:DescribeSubnets	ec2
ec2:DescribeTransitGatewayAttachments	ec2
ec2:DescribeVpcEndpointServices	ec2
ec2:DescribeVpcEndpoints	ec2
ec2:DescribeVpcPeeringConnections	ec2
ec2:DescribeVpcs	ec2
ec2:ModifyVpcEndpoint	ec2
ec2:ModifyVpcEndpoint	ec2
ec2:RevokeSecurityGroupEgress	ec2
ec2:RevokeSecurityGroupIngress	ec2
ecs:DescribeClusters	ecs
ecs:ListClusters	ecs
ecs:PutAccountSettingDefault	ecs
eks:CreateAddon	eks
eks:DeleteAddon	eks
eks:DescribeAddon	eks
eks:DescribeCluster	eks
eks:ListClusters	eks
eks:TagResource	eks
eks:UpdateAddon	eks
iam:CreateServiceLinkedRole	iam
lambda:GetFunctionConfiguration	lambda
lambda:ListTags	lambda
organizations:DescribeAccount	organizations
organizations:DescribeOrganization	organizations
organizations:ListAccounts	organizations
s3:GetAccountPublicAccessBlock	s3
s3:GetBucketAcl	s3
s3:GetBucketPolicy	s3
s3:GetBucketPolicyStatus	s3
s3:GetBucketPublicAccessBlock	s3
s3:GetBucketTagging	s3
s3:GetEncryptionConfiguration	s3
s3:ListAllMyBuckets	s3
ssm:AddTagsToResource	ssm
ssm:CreateAssociation	ssm
ssm:CreateAssociation	ssm
ssm:DeleteAssociation	ssm
ssm:DescribeAssociation	ssm
ssm:GetCommandInvocation	ssm
ssm:SendCommand	ssm
ssm:StartAssociationsOnce	ssm
ssm:UpdateAssociation	ssm
ssm:UpdateAssociation	ssm