Skip to content

Policy: AmazonSecurityLakeAdministrator

ARN: arn:aws:iam::aws:policy/AmazonSecurityLakeAdministrator

Allowed Actions

Actions Services
events:CreateApiDestination events
events:CreateConnection events
events:DeleteApiDestination events
events:DeleteConnection events
events:DeleteRule events
events:DescribeRule events
events:ListApiDestinations events
events:ListConnections events
events:ListTargetsByRule events
events:PutRule events
events:PutTargets events
events:RemoveTargets events
events:UpdateApiDestination events
events:UpdateConnection events
glue:CreateCrawler glue
glue:CreateDatabase glue
glue:CreateTable glue
glue:GetDatabase glue
glue:GetTable glue
glue:StopCrawlerSchedule glue
iam:CreateRole iam
iam:CreateServiceLinkedRole iam
iam:DeleteRole iam
iam:DeleteRolePolicy iam
iam:GetRole iam
iam:GetRolePolicy iam
iam:ListAttachedRolePolicies iam
iam:ListRolePolicies iam
iam:ListRoles iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PassRole iam
iam:PutRolePolicy iam
iam:PutRolePolicy iam
kms:CreateGrant kms
kms:DescribeKey kms
lakeformation:GetDatalakeSettings lakeformation
lakeformation:GrantPermissions lakeformation
lakeformation:ListPermissions lakeformation
lakeformation:RegisterResource lakeformation
lakeformation:RevokePermissions lakeformation
lambda:AddPermission lambda
lambda:CreateEventSourceMapping lambda
lambda:CreateFunction lambda
organizations:DescribeOrganization organizations
organizations:ListAccounts organizations
organizations:ListDelegatedServicesForAccount organizations
ram:AssociateResourceShare ram
ram:CreateResourceShare ram
ram:DeleteResourceShare ram
ram:DisassociateResourceShare ram
ram:GetResourceShareAssociations ram
ram:GetResourceShares ram
ram:UpdateResourceShare ram
s3:CreateBucket s3
s3:Get* s3
s3:GetAccountPublicAccessBlock s3
s3:GetBucketNotification s3
s3:GetObject s3
s3:GetObjectVersion s3
s3:List* s3
s3:ListAccessPoints s3
s3:ListAllMyBuckets s3
s3:ListBucket s3
s3:PutBucketNotification s3
s3:PutBucketPolicy s3
s3:PutBucketPublicAccessBlock s3
s3:PutBucketTagging s3
s3:PutBucketVersioning s3
s3:PutEncryptionConfiguration s3
s3:PutLifecycleConfiguration s3
s3:PutObject s3
s3:PutReplicationConfiguration s3
secretsmanager:CreateSecret secretsmanager
secretsmanager:GetSecretValue secretsmanager
secretsmanager:PutSecretValue secretsmanager
securitylake:* securitylake
sqs:AddPermission sqs
sqs:CreateQueue sqs
sqs:DeleteQueue sqs
sqs:GetQueueAttributes sqs
sqs:GetQueueURL sqs
sqs:SetQueueAttributes sqs