A List of AWS Managed Policies

How to Build it

Run

sh ./run.sh

Enjoy this generated README.md.

Policy	Description
AWSDirectConnectReadOnlyAccess	Provides read only access to AWS Direct Connect via the AWS Management Console.
AmazonGlacierReadOnlyAccess	Provides read only access to Amazon Glacier via the AWS Management Console.
AWSMarketplaceFullAccess	Provides the ability to subscribe and unsubscribe to AWS Marketplace software, allows users to manage Marketplace software instances from the Marketplace 'Your Software' page, and provides administrative access to EC2.
ClientVPNServiceRolePolicy	Policy to enable AWS Client VPN to manage your Client VPN endpoints.
AWSSSODirectoryAdministrator	Administrator access for SSO Directory
AWSIoT1ClickReadOnlyAccess	Provides read only access to AWS IoT 1-Click.
AutoScalingConsoleReadOnlyAccess	Provides read-only access to Auto Scaling via the AWS Management Console.
AmazonDMSRedshiftS3Role	Provides access to manage S3 settings for Redshift endpoints for DMS.
AWSQuickSightListIAM	Allow QuickSight to list IAM entities
AWSHealthFullAccess	Allows full access to the AWS Health Apis and Notifications and the Personal Health Dashboard
AlexaForBusinessGatewayExecution	Provide gateway execution access to AlexaForBusiness services
AmazonElasticTranscoder_ReadOnlyAccess	Grants users read-only access to Elastic Transcoder and list access to related services.
AmazonRDSFullAccess	Provides full access to Amazon RDS via the AWS Management Console.
SupportUser	This policy grants permissions to troubleshoot and resolve issues in an AWS account. This policy also enables the user to contact AWS support to create and manage cases.
AmazonEC2FullAccess	Provides full access to Amazon EC2 via the AWS Management Console.
SecretsManagerReadWrite	Provides read/write access to AWS Secrets Manager via the AWS Management Console. Note: this exludes IAM actions, so combine with IAMFullAccess if rotation configuration is required.
AWSIoTThingsRegistration	This policy allows users to register things at bulk using AWS IoT StartThingRegistrationTask API
AmazonDocDBReadOnlyAccess	Provides read-only access to Amazon DocumentDB with MongoDB compatibility. Note that this policy also grants access to Amazon RDS and Amazon Neptune resources.
AmazonMQApiFullAccess	Provides full access to AmazonMQ via our API/SDK.
AWSElementalMediaStoreReadOnly	Provides read-only permissions for MediaStore APIs
AWSCertificateManagerReadOnly	Provides read only access to AWS Certificate Manager (ACM).
AWSQuicksightAthenaAccess	Quicksight access to Athena API and S3 buckets used for Athena query results
AWSCloudMapRegisterInstanceAccess	Provides registrant level access to AWS Cloud Map actions.
AWSMarketplaceImageBuildFullAccess	Provides full access to AWS Marketplace Private Image Build Feature. In addition to create private images, it also provides permissions to add tags to images, launch and terminate ec2 instances.
AWSCodeCommitPowerUser	Provides full access to AWS CodeCommit repositories, but does not allow repository deletion.
AWSCodeCommitFullAccess	Provides full access to AWS CodeCommit via the AWS Management Console.
IAMSelfManageServiceSpecificCredentials	Allows an IAM user to manage their own Service Specific Credentials.
AmazonEMRCleanupPolicy	Allows the actions that EMR requires to terminate and delete AWS EC2 resources if the EMR Service role has lost that ability.
AWSCloud9EnvironmentMember	Provides the ability to be invited into AWS Cloud9 shared development environments.
AWSApplicationAutoscalingSageMakerEndpointPolicy	Policy granting permissions to Application Auto Scaling to access SageMaker and CloudWatch.
FMSServiceRolePolicy	Access policy to allow FM service linked role to perform FM-related actions on FM-managed resources within a customer AWS Organization account.
AmazonSQSFullAccess	Provides full access to Amazon SQS via the AWS Management Console.
AlexaForBusinessReadOnlyAccess	Provide read only access to AlexaForBusiness services
AWSLambdaFullAccess	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html. Provides full access to Lambda, S3, DynamoDB, CloudWatch Metrics and Logs.
AmazonLexBotPolicy	Policy for AWS Lex Bot use case
AWSIoTLogging	Allows creation of Amazon CloudWatch Log groups and streaming logs to the groups
AmazonEC2RoleforSSM	This policy will soon be deprecated. Please use AmazonSSMManagedInstanceCore policy to enable AWS Systems Manager service core functionality on EC2 instances. For more information see https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html
AlexaForBusinessNetworkProfileServicePolicy	This policy enables Alexa for Business to perform automated tasks scheduled by your network profiles.
AWSCloudHSMRole	Default policy for the AWS CloudHSM service role.
AWSEnhancedClassicNetworkingMangementPolicy	Policy to enable enhanced classic networking management feature.
IAMFullAccess	Provides full access to IAM via the AWS Management Console.
AmazonInspectorFullAccess	Provides full access to Amazon Inspector.
AmazonElastiCacheFullAccess	Provides full access to Amazon ElastiCache via the AWS Management Console.
AWSAgentlessDiscoveryService	Provides access for the Discovery Agentless Connector to register with AWS Application Discovery Service.
AWSXrayWriteOnlyAccess	AWS X-Ray write only managed policy
AWSPriceListServiceFullAccess	Provides full access to AWS Price List Service.
AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy	Enables access to AWS services and resources required for AWS KMS custom key stores
AutoScalingReadOnlyAccess	Provides read-only access to Auto Scaling.
AmazonForecastFullAccess	Gives access to all actions for Amazon Forecast
AmazonWorkLinkReadOnly	Grants read only access to Amazon WorkLink resources
TranslateFullAccess	Provides full access to Amazon Translate.
AutoScalingFullAccess	Provides full access to Auto Scaling.
AmazonEC2RoleforAWSCodeDeploy	Provides EC2 access to S3 bucket to download revision. This role is needed by the CodeDeploy agent on EC2 instances.
AWSFMMemberReadOnlyAccess	Provides read only access to AWS WAF actions for AWS Firewall Manager member accounts
AmazonElasticMapReduceEditorsRole	Default policy for the Amazon Elastic MapReduce Editors service role.
AmazonEKSClusterPolicy	This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces.
AmazonEKSWorkerNodePolicy	This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters.
AWSMobileHub_ReadOnly	This policy may be attached to any User, Role, or Group, in order to grant users permission to list and view projects in AWS Mobile Hub. This also includes permissions to generate and download sample mobile app source code for each Mobile Hub project. It does not allow the user to modify any configuration for any Mobile Hub project.
CloudWatchEventsBuiltInTargetExecutionAccess	Allows built-in targets in Amazon CloudWatch Events to perform EC2 actions on your behalf.
AutoScalingServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Auto Scaling
AmazonElasticTranscoder_FullAccess	Grants users full access to Elastic Transcoder and the access to associated services that is required for full Elastic Transcoder functionality.
AmazonCloudDirectoryReadOnlyAccess	Provides read only access to Amazon Cloud Directory Service.
CloudWatchAgentAdminPolicy	Full permissions required to use AmazonCloudWatchAgent.
AWSOpsWorksCMInstanceProfileRole	Provides S3 access for instances launched by OpsWorks CM.
AWSBatchServiceEventTargetRole	Policy to enable CloudWatch Event Target for AWS Batch Job Submission
AWSCodePipelineApproverAccess	Provides access to view and approve manual changes for all pipelines
AWSApplicationDiscoveryAgentAccess	Provides access for the Discovery Agent to register with AWS Application Discovery Service.
ViewOnlyAccess	This policy grants permissions to view resources and basic metadata across all AWS services.
AmazonElasticMapReduceRole	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html. Default policy for the Amazon Elastic MapReduce service role.
ElasticLoadBalancingFullAccess	Provides full access to Amazon ElasticLoadBalancing, and limited access to other services necessary to provide ElasticLoadBalancing features.
AmazonRoute53DomainsReadOnlyAccess	Provides access to Route53 Domains list and actions.
AmazonSSMAutomationApproverAccess	Provides access to view automation executions and send approval decisions to automation waiting for approval
AWSSecurityHubReadOnlyAccess	Provides read only access to AWS Security Hub resources
AWSConfigRoleForOrganizations	Allows AWS Config to call read-only AWS Organizations APIs
ApplicationAutoScalingForAmazonAppStreamAccess	Policy to enable Application Autoscaling for Amazon AppStream
AmazonEC2ContainerRegistryFullAccess	Provides administrative access to Amazon ECR resources
AmazonFSxFullAccess	Provides full access to Amazon FSx and access to related AWS services.
SimpleWorkflowFullAccess	Provides full access to the Simple Workflow configuration service.
GreengrassOTAUpdateArtifactAccess	Provides read access to the Greengrass OTA Update artifacts in all Greengrass regions
AmazonS3FullAccess	Provides full access to all buckets via the AWS Management Console.
AWSStorageGatewayReadOnlyAccess	Provides access to AWS Storage Gateway via the AWS Management Console.
Billing	Grants permissions for billing and cost management. This includes viewing account usage and viewing and modifying budgets and payment methods.
QuickSightAccessForS3StorageManagementAnalyticsReadOnly	Policy used by QuickSight team to access customer data produced by S3 Storage Management Analytics.
AmazonEC2ContainerRegistryReadOnly	Provides read-only access to Amazon EC2 Container Registry repositories.
AmazonElasticMapReduceforEC2Role	Default policy for the Amazon Elastic MapReduce for EC2 service role.
DatabaseAdministrator	Grants full access permissions to AWS services and actions required to set up and configure AWS database services.
AmazonRedshiftReadOnlyAccess	Provides read only access to Amazon Redshift via the AWS Management Console.
AmazonEC2ReadOnlyAccess	Provides read only access to Amazon EC2 via the AWS Management Console.
CloudWatchAgentServerPolicy	Permissions required to use AmazonCloudWatchAgent on servers
AWSXrayReadOnlyAccess	AWS X-Ray read only managed policy
AWSElasticBeanstalkEnhancedHealth	AWS Elastic Beanstalk Service policy for Health Monitoring system
WellArchitectedConsoleFullAccess	Provides full access to AWS Well-Architected Tool via the AWS Management Console
AmazonElasticMapReduceReadOnlyAccess	Provides read only access to Amazon Elastic MapReduce via the AWS Management Console.
AWSDirectoryServiceReadOnlyAccess	Provides read only access to AWS Directory Service.
AWSSSOMasterAccountAdministrator	Provides access within AWS SSO to manage AWS Organizations master and member accounts and cloud application
AmazonGuardDutyServiceRolePolicy	Enable access to AWS Resources used or managed by Amazon Guard Duty
AmazonVPCReadOnlyAccess	Provides read only access to Amazon VPC via the AWS Management Console.
AWSElasticBeanstalkServiceRolePolicy	AWS Elastic Beanstalk Service Linked Role policy which grants permissions to create & manage resources (i.e.: AutoScaling, EC2, S3, CloudFormation, ELB, etc.) on your behalf.
ServerMigrationServiceLaunchRole	Permissions to allow the AWS Server Migration Service to create and update relevant AWS resources into the customer's AWS account for launching migrated servers and applications.
AWSCodeDeployRoleForECS	Provides CodeDeploy service wide access to perform an ECS blue/green deployment on your behalf. Grants full access to support services, such as full access to read all S3 objects, invoke all Lambda functions, publish to all SNS topics within the account and update all ECS services.
CloudWatchEventsReadOnlyAccess	Provides read only access to Amazon CloudWatch Events.
AWSLambdaReplicator	Grants Lambda Replicator necessary permissions to replicate functions across regions
AmazonAPIGatewayInvokeFullAccess	Provides full access to invoke APIs in Amazon API Gateway.
AWSSSOServiceRolePolicy	Grants AWS SSO permissions to manage AWS resources, including IAM roles, policies and SAML IdP on your behalf.
AWSLicenseManagerMasterAccountRolePolicy	AWS License Manager service master account role policy
AmazonKinesisAnalyticsReadOnly	Provides read-only access to Amazon Kinesis Analytics via the AWS Management Console.
AmazonMobileAnalyticsFullAccess	Provides full access to all application resources.
AWSMobileHub_FullAccess	This policy may be attached to any User, Role, or Group, in order to grant users permission to create, delete, and modify projects (and their associated AWS resources) in AWS Mobile Hub. This also includes permissions to generate and download sample mobile app source code for each Mobile Hub project.
AmazonAPIGatewayPushToCloudWatchLogs	Allows API Gateway to push logs to user's account.
AWSDataPipelineRole	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-iam-roles.html. Default policy for the AWS Data Pipeline service role.
CloudWatchFullAccess	Provides full access to CloudWatch.
AmazonMQApiReadOnlyAccess	Provides read only access to AmazonMQ via our API/SDK.
AWSDeepLensLambdaFunctionAccessPolicy	This policy specifies permissions required by DeepLens Administrative lambda functions that run on a DeepLens device
AmazonGuardDutyFullAccess	Provides full access to use Amazon GuardDuty.
AmazonRDSDirectoryServiceAccess	Allow RDS to access Directory Service Managed AD on behalf of the customer for domain-joined SQL Server DB instances.
AWSCodePipelineReadOnlyAccess	Provides read only access to AWS CodePipeline via the AWS Management Console.
ReadOnlyAccess	Provides read-only access to AWS services and resources.
AWSAppSyncInvokeFullAccess	Provides full invoking access to the AppSync service - both through the console and independently
AmazonMachineLearningBatchPredictionsAccess	Grants users permission to request Amazon Machine Learning batch predictions.
AWSIoTSiteWiseFullAccess	Provides full access to IoT SiteWise.
AlexaForBusinessFullAccess	Grants full access to AlexaForBusiness resources and access to related AWS Services
AWSEC2SpotFleetServiceRolePolicy	Allows EC2 Spot Fleet to launch and manage spot fleet instances
AmazonRekognitionReadOnlyAccess	Access to all Read rekognition APIs
AWSCodeDeployReadOnlyAccess	Provides read only access to CodeDeploy resources.
CloudSearchFullAccess	Provides full access to the Amazon CloudSearch configuration service.
AWSLicenseManagerServiceRolePolicy	AWS License Manager service default role policy
AWSCloudHSMFullAccess	Provides full access to all CloudHSM resources.
AmazonEC2SpotFleetAutoscaleRole	Policy to enable Autoscaling for Amazon EC2 Spot Fleet
AWSElasticLoadBalancingServiceRolePolicy	Service Linked Role Policy for AWS Elastic Load Balancing Control Plane
AWSCodeBuildDeveloperAccess	Provides access to AWS CodeBuild via the AWS Management Console, but does not allow CodeBuild project administration. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts.
ElastiCacheServiceRolePolicy	This policy allows ElastiCache to manage AWS resources on your behalf as necessary for managing your cache
AWSGlueServiceNotebookRole	Policy for AWS Glue service role which allows customer to manage notebook server
AWSDataPipeline_PowerUser	Provides full access to Data Pipeline, list access for S3, DynamoDB, Redshift, RDS, SNS, and IAM roles, and passRole access for default Roles.
AWSCodeStarServiceRole	DO NOT USE - AWS CodeStar Service Role Policy which grants administrative privileges in order for CodeStar to manage IAM and other service resources on behalf of the customer.
AmazonTranscribeFullAccess	Provides full access to Amazon Transcribe operations
AWSDirectoryServiceFullAccess	Provides full access to AWS Directory Service.
AmazonFreeRTOSOTAUpdate	Allows user to access Amazon FreeRTOS OTA Update
AmazonWorkLinkServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Amazon WorkLink
AmazonDynamoDBFullAccess	Provides full access to Amazon DynamoDB via the AWS Management Console.
AmazonSESReadOnlyAccess	Provides read only access to Amazon SES via the AWS Management Console.
AmazonRedshiftQueryEditor	Provides full access to the Amazon Redshift Query Editor and to saved queries via the AWS Management Console.
AWSWAFReadOnlyAccess	Provides read only access to AWS WAF actions.
AutoScalingNotificationAccessRole	Default policy for the AutoScaling Notification Access service role.
AmazonMechanicalTurkReadOnly	Provides access to read only APIs in Amazon Mechanical Turk.
AmazonKinesisReadOnlyAccess	Provides read only access to all streams via the AWS Management Console.
AWSXRayDaemonWriteAccess	Allow the AWS X-Ray Daemon to relay raw trace segments data to the service's API and retrieve sampling data (rules, targets, etc.) to be used by the X-Ray SDK.
AWSCloudMapReadOnlyAccess	Provides read-only access to all AWS Cloud Map actions.
AWSCloudFrontLogger	Grants CloudFront Logger write permissions to CloudWatch Logs.
AWSCodeDeployFullAccess	Provides full access to CodeDeploy resources.
AWSBackupServiceRolePolicyForBackup	Provides AWS Backup permission to create backups on your behalf across AWS services
AWSRoboMakerServiceRolePolicy	RoboMaker service policy
CloudWatchActionsEC2Access	Provides read-only access to CloudWatch alarms and metrics as well as EC2 metadata. Provides access to Stop, Terminate and Reboot EC2 instances.
AWSLambdaDynamoDBExecutionRole	Provides list and read access to DynamoDB streams and write permissions to CloudWatch logs.
AmazonRoute53DomainsFullAccess	Provides full access to all Route53 Domains actions and Create Hosted Zone to allow Hosted Zone creation as part of domain registrations.
AmazonElastiCacheReadOnlyAccess	Provides read only access to Amazon ElastiCache via the AWS Management Console.
AmazonRDSServiceRolePolicy	Allows Amazon RDS to manage AWS resources on your behalf.
AmazonAthenaFullAccess	Provide full access to Amazon Athena and scoped access to the dependencies needed to enable querying, writing results, and data management.
AmazonElasticFileSystemReadOnlyAccess	Provides read only access to Amazon EFS via the AWS Management Console.
AWSCloudMapDiscoverInstanceAccess	Provides access to AWS Cloud Map discovery API.
CloudFrontFullAccess	Provides full access to the CloudFront console plus the ability to list Amazon S3 buckets via the AWS Management Console.
AWSCloud9Administrator	Provides administrator access to AWS Cloud9.
AWSApplicationAutoscalingEMRInstanceGroupPolicy	Policy granting permissions to Application Auto Scaling to access Elastic Map Reduce and CloudWatch.
AmazonTextractFullAccess	Access to all Amazon Textract APIs
AWSOrganizationsServiceTrustPolicy	A policy to allow AWS Organizations to share trust with other approved AWS Services for the purpose of simplifying customer configuration.
AmazonDocDBFullAccess	Provides full access to Amazon DocumentDB with MongoDB compatibility. Note this policy also grants full access to publish on all SNS topics within the account and full access to Amazon RDS and Amazon Neptune.
AmazonMobileAnalyticsNon-financialReportAccess	Provides read only access to non financial reports for all application resources.
AmazonCognitoDeveloperAuthenticatedIdentities	Provides access to Amazon Cognito APIs to support developer authenticated identities from your authentication backend.
AWSConfigRole	Default policy for AWS Config service role.
AWSSSOMemberAccountAdministrator	Provides access within AWS SSO to manage AWS Organizations member accounts and cloud application
AWSApplicationAutoscalingAppStreamFleetPolicy	Policy granting permissions to Application Auto Scaling to access AppStream and CloudWatch.
AWSCertificateManagerPrivateCAFullAccess	Provides full access to AWS Certificate Manager Private Certificate Authority
AWSGlueServiceRole	Policy for AWS Glue service role which allows access to related services including EC2, S3, and Cloudwatch Logs
AmazonAppStreamServiceAccess	Default policy for Amazon AppStream service role.
AmazonRedshiftFullAccess	Provides full access to Amazon Redshift via the AWS Management Console.
AWSTransferLoggingAccess	Allows AWS Transfer full access to create log streams and groups and put log events to your account
AmazonZocaloReadOnlyAccess	Provides read only access to Amazon Zocalo
AWSCloudHSMReadOnlyAccess	Provides read only access to all CloudHSM resources.
ComprehendFullAccess	Provides full access to Amazon Comprehend.
AmazonFSxConsoleFullAccess	Provides full access to Amazon FSx and access to related AWS services via the AWS Management Console.
SystemAdministrator	Grants full access permissions necessary for resources required for application and development operations.
AmazonEC2ContainerServiceEventsRole	Policy to enable CloudWatch Events for EC2 Container Service
AmazonRoute53ReadOnlyAccess	Provides read only access to all Amazon Route 53 via the AWS Management Console.
AWSMigrationHubDiscoveryAccess	Policy allows AWSMigrationHubService to call AWSApplicationDiscoveryService on behalf of the customer.
AmazonEC2ContainerServiceAutoscaleRole	Policy to enable Task Autoscaling for Amazon EC2 Container Service
AWSAppSyncSchemaAuthor	Provides access to create, update, and query the schema.
AlexaForBusinessDeviceSetup	Provide device setup access to AlexaForBusiness services
AWSBatchServiceRole	Policy for AWS Batch service role which allows access to related services including EC2, Autoscaling, EC2 Container service and Cloudwatch Logs.
AWSElasticBeanstalkWebTier	Provide the instances in your web server environment access to upload log files to Amazon S3.
AmazonSQSReadOnlyAccess	Provides read only access to Amazon SQS via the AWS Management Console.
AmazonChimeFullAccess	Provides full access to Amazon Chime Admin Console via the AWS Management Console.
AWSDeepRacerRoboMakerAccessPolicy	Allows RoboMaker to create required resources and call AWS services on your behalf.
AWSElasticLoadBalancingClassicServiceRolePolicy	Service Linked Role Policy for AWS Elastic Load Balancing Control Plane - Classic
AWSMigrationHubDMSAccess	Policy for Database Migration Service to assume role in customer's account to call Migration Hub
WellArchitectedConsoleReadOnlyAccess	Provides read-only access to AWS Well-Architected Tool via the AWS Management Console
AmazonKinesisFullAccess	Provides full access to all streams via the AWS Management Console.
AmazonGuardDutyReadOnlyAccess	Provides read only access to Amazon GuardDuty resources
AmazonFSxServiceRolePolicy	Allows Amazon FSx to manage AWS resources on your behalf
AmazonECSServiceRolePolicy	Policy to enable Amazon ECS to manage your cluster.
AmazonConnectReadOnlyAccess	Grants permission to view the Amazon Connect instances in your AWS account.
AmazonMachineLearningReadOnlyAccess	Provides read only access to Amazon Machine Learning resources.
AmazonRekognitionFullAccess	Access to all Amazon Rekognition APIs
RDSCloudHsmAuthorizationRole	Default policy for the Amazon RDS service role.
AmazonMachineLearningFullAccess	Provides full access to Amazon Machine Learning resources.
AdministratorAccess	Provides full access to AWS services and resources.
AmazonMachineLearningRealTimePredictionOnlyAccess	Grants users permission to request Amazon Machine Learning real-time predictions.
AWSAppSyncPushToCloudWatchLogs	Allows AppSync to push logs to user's CloudWatch account.
AWSMigrationHubSMSAccess	Policy for Server Migration Service to assume role in customer's account to call Migration Hub
AWSConfigUserAccess	Provides access to use AWS Config, including searching by tags on resources, and reading all tags. This does not provide permission to configure AWS Config, which requires administrative privileges.
AWSIoTConfigAccess	This policy gives full access to the AWS IoT configuration actions
SecurityAudit	The security audit template grants access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account.
AWSDiscoveryContinuousExportFirehosePolicy	Provides write access to AWS resources required for AWS Discovery Continuous Export
AmazonCognitoIdpEmailServiceRolePolicy	Allows Amazon Cognito User Pools service to use your SES identities for email sending
AWSElementalMediaConvertFullAccess	Provides full access to AWS Elemental MediaConvert via the AWS Management Console and SDK.
AWSRoboMakerReadOnlyAccess	Provides read only access to AWS RoboMaker via the AWS Management Console and SDK
AWSResourceGroupsReadOnlyAccess	This is the read only policy for AWS Resource Groups
AWSCodeStarFullAccess	Provides full access to AWS CodeStar via the AWS Management Console.
AmazonSSMServiceRolePolicy	Provides access to AWS Resources managed or used by Amazon SSM
AWSDataPipeline_FullAccess	Provides full access to Data Pipeline, list access for S3, DynamoDB, Redshift, RDS, SNS, and IAM roles, and passRole access for default Roles.
NeptuneFullAccess	Provides full access to Amazon Neptune. Note this policy also grants full access to publish on all SNS topics within the account and full access to Amazon RDS. For more information, see https://aws.amazon.com/neptune/faqs/.
AmazonSSMManagedInstanceCore	The policy for Amazon EC2 Role to enable AWS Systems Manager service core functionality.
AWSAutoScalingPlansEC2AutoScalingPolicy	Policy granting permissions to AWS Auto Scaling to periodically forecast capacity and generate scheduled scaling actions for Auto Scaling groups in a scaling plan
AmazonDynamoDBReadOnlyAccess	Provides read only access to Amazon DynamoDB via the AWS Management Console.
AutoScalingConsoleFullAccess	Provides full access to Auto Scaling via the AWS Management Console.
AWSElementalMediaPackageFullAccess	Provides full access to AWS Elemental MediaPackage resources
AmazonKinesisVideoStreamsFullAccess	Provides full access to Amazon Kinesis Video Streams via the AWS Management Console.
AmazonSNSReadOnlyAccess	Provides read only access to Amazon SNS via the AWS Management Console.
AmazonRDSPreviewServiceRolePolicy	Amazon RDS Preview Service Role Policy
AWSEC2SpotServiceRolePolicy	Allows EC2 Spot to launch and manage spot instances
AmazonElasticMapReduceFullAccess	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html. Provides full access to Amazon Elastic MapReduce and underlying services that it requires such as EC2 and S3
AWSCloudMapFullAccess	Provides full access to all AWS Cloud Map actions.
AWSDataLifecycleManagerServiceRole	Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources
AmazonS3ReadOnlyAccess	Provides read only access to all buckets via the AWS Management Console.
AmazonWorkSpacesAdmin	Provides access to Amazon WorkSpaces administrative actions via AWS SDK and CLI.
AWSCodeDeployRole	Provides CodeDeploy service access to expand tags and interact with Auto Scaling on your behalf.
AmazonSESFullAccess	Provides full access to Amazon SES via the AWS Management Console.
CloudWatchLogsReadOnlyAccess	Provides read only access to CloudWatch Logs
AmazonRDSBetaServiceRolePolicy	Allows Amazon RDS to manage AWS resources on your behalf.
AmazonKinesisFirehoseReadOnlyAccess	Provides read only access to all Amazon Kinesis Firehose Delivery Streams.
GlobalAcceleratorFullAccess	Allow GlobalAccelerator Users full Access to all APIs
AmazonDynamoDBFullAccesswithDataPipeline	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBPipeline.html. Provides full access to Amazon DynamoDB including Export/Import using AWS Data Pipeline via the AWS Management Console.
AWSIoTAnalyticsReadOnlyAccess	Provides read only access to IoT Analytics.
AmazonEC2RoleforDataPipelineRole	Default policy for the Amazon EC2 Role for Data Pipeline service role.
CloudWatchLogsFullAccess	Provides full access to CloudWatch Logs
AWSSecurityHubFullAccess	Provides full access to use AWS Security Hub.
AWSElementalMediaPackageReadOnly	Provides read only access to AWS Elemental MediaPackage resources
AWSElasticBeanstalkMulticontainerDocker	Provide the instances in your multicontainer Docker environment access to use the Amazon EC2 Container Service to manage container deployment tasks.
AmazonPersonalizeFullAccess	Provides full access to Amazon Personalize via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, CloudWatch).
AWSMigrationHubFullAccess	Managed policy to provide the customer access to the Migration Hub Service
AmazonFSxReadOnlyAccess	Provides read only access to Amazon FSx.
IAMUserChangePassword	Provides the ability for an IAM user to change their own password.
LightsailExportAccess	AWS Lightsail service linked role policy which grants permissions to export resources
AmazonAPIGatewayAdministrator	Provides full access to create/edit/delete APIs in Amazon API Gateway via the AWS Management Console.
AmazonVPCCrossAccountNetworkInterfaceOperations	Provides access to create network interfaces and attach them to cross-account resources
AmazonMacieSetupRole	Provides Macie with access to your AWS account.
AmazonPollyReadOnlyAccess	Grants read-only access to Amazon Polly resources.
AmazonRDSDataFullAccess	Allows full access to use the RDS data APIs, secret store APIs for RDS database credentials, and DB console query management APIs to execute SQL statements on Aurora Serverless clusters in the AWS account.
AmazonMobileAnalyticsWriteOnlyAccess	Provides write only access to put event data for all application resources. (Recommended for SDK integration)
AmazonEC2SpotFleetTaggingRole	Allows EC2 Spot Fleet to request, terminate and tag Spot Instances on your behalf.
DataScientist	Grants permissions to AWS data analytics services.
AWSMarketplaceMeteringFullAccess	Provides full access to AWS Marketplace Metering.
AWSOpsWorksCMServiceRole	Service Role Policy to be used for Creating OpsWorks CM servers.
FSxDeleteServiceLinkedRoleAccess	Allows Amazon FSx to delete its Service Linked Roles for Amazon S3 access
WorkLinkServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Amazon WorkLink
AmazonConnectServiceLinkedRolePolicy	Allows Amazon Connect to create and manage AWS resources on your behalf.
AWSPrivateMarketplaceAdminFullAccess	Provides full access to all administrative actions for an AWS Private Marketplace.
AWSConnector	Enables broad read/write access to ALL EC2 objects, read/write access to S3 buckets starting with 'import-to-ec2-', and the ability to list all S3 buckets, for the AWS Connector to import VMs on your behalf.
AWSCodeDeployRoleForECSLimited	Provides CodeDeploy service limited access to perform an ECS blue/green deployment on your behalf.
AmazonElasticTranscoder_JobsSubmitter	Grants users permission to change presets, submit jobs, and view Elastic Transcoder settings. This policy also grants some read-only access to some other services required to use the Elastic Transcode console, including S3, IAM, and SNS.
AmazonMacieHandshakeRole	Grants permission to create the service-linked role of Amazon Macie.
AWSIoTAnalyticsFullAccess	Provides full access to IoT Analytics.
AWSBatchFullAccess	Provides full access for AWS Batch resources.
AmazonSSMDirectoryServiceAccess	This policy allows SSM Agent to access Directory Service on behalf of the customer for domain-join the managed instance.
AmazonECS_FullAccess	Provides administrative access to Amazon ECS resources and enables ECS features through access to other AWS service resources, including VPCs, Auto Scaling groups, and CloudFormation stacks.
AWSSupportServiceRolePolicy	Allows AWS Support to access AWS resources to provide billing, administrative, and support services.
AWSApplicationAutoscalingRDSClusterPolicy	Policy granting permissions to Application Auto Scaling to access RDS and CloudWatch.
AWSServiceRoleForEC2ScheduledInstances	Allows EC2 Scheduled Instances to launch and manage spot instances.
AWSCodeDeployRoleForLambda	Provides CodeDeploy service access to perform a Lambda deployment on your behalf.
AWSFMAdminReadOnlyAccess	Read only access for AWS FM Administrator that allows monitoring AWS FM operations
AmazonSSMFullAccess	Provides full access to Amazon SSM.
AWSCodeCommitReadOnly	Provides read only access to AWS CodeCommit via the AWS Management Console.
AmazonFreeRTOSFullAccess	Full Access Policy for Amazon FreeRTOS
AmazonTextractServiceRole	Allows Textract to call AWS services on your behalf.
AmazonCognitoReadOnly	Provides read only access to Amazon Cognito resources.
AmazonDMSCloudWatchLogsRole	Provides access to upload DMS replication logs to cloudwatch logs in customer account.
AWSApplicationDiscoveryServiceFullAccess	Provides full access to view and tag Configuration Items maintained by the AWS Application Discovery Service
AmazonRoute53AutoNamingReadOnlyAccess	Provides read-only access to all Route 53 Auto Naming actions.
AWSSSOReadOnly	Provides read only access to AWS SSO configurations.
AmazonVPCFullAccess	Provides full access to Amazon VPC via the AWS Management Console.
AWSCertificateManagerPrivateCAUser	Provides certificate user access to AWS Certificate Manager Private Certificate Authority
AWSAppSyncAdministrator	Provides administrative access to the AppSync service, though not enough to access via the console.
AWSEC2FleetServiceRolePolicy	Allows EC2 Fleet to launch and manage instances.
AmazonRoute53AutoNamingFullAccess	Provides full access to all Route 53 Auto Naming actions.
AWSImportExportFullAccess	Provides read and write access to the jobs created under the AWS account.
DynamoDBReplicationServiceRolePolicy	Permissions required by DynamoDB for cross-region data replication
AmazonMechanicalTurkFullAccess	Provides full access to all APIs in Amazon Mechanical Turk.
AmazonEC2ContainerRegistryPowerUser	Provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes.
AWSSSODirectoryReadOnly	ReadOnly access for SSO Directory
AmazonMachineLearningCreateOnlyAccess	Provides create access for non-prediction Amazon Machine Learning resources.
AmazonKinesisVideoStreamsReadOnlyAccess	Provides read only access to AWS Kinesis Video Streams via the AWS Management Console.
AWSCloudTrailReadOnlyAccess	Provides read only access to AWS CloudTrail.
WAFRegionalLoggingServiceRolePolicy	Creating SLR to write customer's logs to a firehose stream
AWSLambdaExecute	Provides Put, Get access to S3 and full access to CloudWatch Logs.
AWSGlueConsoleSageMakerNotebookFullAccess	Provides full access to AWS Glue via the AWS Management Console and access to sagemaker notebook instances.
AmazonMSKFullAccess	Provide full access to Amazon MSK and other required permissions for its dependencies.
AWSIoTRuleActions	Allows access to all AWS services supported in AWS IoT Rule Actions
AmazonEKSServicePolicy	This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters.
AWSQuickSightDescribeRedshift	Allow QuickSight to describe Redshift resources
AmazonElasticsearchServiceRolePolicy	Allow Amazon Elasticsearch Service to access other AWS services such as EC2 Networking APIs on your behalf.
AmazonMQReadOnlyAccess	Provides read only access to AmazonMQ via the AWS Management Console.
VMImportExportRoleForAWSConnector	Default policy for the VM Import/Export service role, for customers using the AWS Connector. The VM Import/Export service assumes a role with this policy to fulfill virtual machine migration requests from the AWS Connector virtual appliance. (Note that the AWS Connector uses the "AWSConnector" managed policy to issue requests on the customer's behalf to the VM Import/Export service.) Provides the ability to create AMIs and EBS snapshots, modify EBS snapshot attributes, make "Describe*" calls on EC2 objects, and read from S3 buckets starting with 'import-to-ec2-'.
AWSCodePipelineCustomActionAccess	Provides access for custom actions to poll for jobs details (including temporary credentials) and report status updates to AWS CodePipeline.
AWSLambdaSQSQueueExecutionRole	Provides receive message, delete message, and read attribute access to SQS queues, and write permissions to CloudWatch logs.
AWSCloud9ServiceRolePolicy	Service Linked Role Policy for AWS Cloud9
AWSApplicationAutoscalingECSServicePolicy	Policy granting permissions to Application Auto Scaling to access EC2 Container Service and CloudWatch.
AWSOpsWorksInstanceRegistration	Provides access for an Amazon EC2 instance to register with an AWS OpsWorks stack.
AmazonCloudDirectoryFullAccess	Provides full access to Amazon Cloud Directory Service.
AmazonECSTaskExecutionRolePolicy	Provides access to other AWS service resources that are required to run Amazon ECS tasks
AWSStorageGatewayFullAccess	Provides full access to AWS Storage Gateway via the AWS Management Console.
AWSIoTEventsFullAccess	Provides full access to IoT Events.
AmazonLexReadOnly	Provides read-only access to Amazon Lex.
AmazonChimeUserManagement	Provides user management access to Amazon Chime Admin Console via the AWS Management Console.
AmazonMSKReadOnlyAccess	Provide readonly access to Amazon MSK
AWSDataSyncFullAccess	Provides full access to AWS DataSync and minimal access to its dependencies
AWSServiceRoleForIoTSiteWise	Allows AWS IoT SiteWise to provision and manage gateways as well as query data. The policy includes required AWS Greengrass permissions for deploying to groups, AWS Lambda permissions for creating and updating service-prefixed functions, and AWS IoT Analytics permissions for querying data from datastores.
CloudwatchApplicationInsightsServiceLinkedRolePolicy	Cloudwatch Application Insights Service Linked Role Policy
AWSTrustedAdvisorServiceRolePolicy	Access for the AWS Trusted Advisor Service to help reduce cost, increase performance, and improve security of your AWS environment.
AWSIoTConfigReadOnlyAccess	This policy gives read only access to the AWS IoT configuration actions
AmazonWorkMailReadOnlyAccess	Provides read only access to WorkMail and SES.
AmazonDMSVPCManagementRole	Provides access to manage VPC settings for AWS managed customer configurations
AWSLambdaKinesisExecutionRole	Provides list and read access to Kinesis streams and write permissions to CloudWatch logs.
ComprehendDataAccessRolePolicy	Policy for AWS Comprehend service role which allows access to S3 resources for data access
AmazonDocDBConsoleFullAccess	Provides full access to manage Amazon DocumentDB with MongoDB compatibility using the AWS Management Console. Note this policy also grants full access to publish on all SNS topics within the account, permissions to create and edit Amazon EC2 instances and VPC configurations, permissions to view and list keys on Amazon KMS, and full access to Amazon RDS and Amazon Neptune.
ResourceGroupsandTagEditorReadOnlyAccess	Provides access to use Resource Groups and Tag Editor, but does not allow editing of tags via the Tag Editor.
AmazonRekognitionServiceRole	Allows Rekognition to call AWS services on your behalf.
AmazonSSMAutomationRole	Provides permissions for EC2 Automation service to execute activities defined within Automation documents
CloudHSMServiceRolePolicy	Enables access to AWS resources used or managed by CloudHSM
ComprehendReadOnly	Provides read-only access to Amazon Comprehend.
AWSStepFunctionsConsoleFullAccess	An access policy for providing a user/role/etc access to the AWS StepFunctions console. For a full console experience, in addition to this policy, a user may need iam:PassRole permission on other IAM roles that can be assumed by the service.
AWSQuickSightIoTAnalyticsAccess	Give QuickSight read-only access to IoT Analytics datasets
AWSCodeBuildReadOnlyAccess	Provides read only access to AWS CodeBuild via the AWS Management Console. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts.
LexBotPolicy	Policy for AWS Lex Bot use case
AmazonMacieFullAccess	Provides full access to Amazon Macie.
AmazonMachineLearningManageRealTimeEndpointOnlyAccess	Grants users permission to create and delete the real-time endpoint for Amazon Machine Learning models.
CloudWatchEventsInvocationAccess	Allows Amazon CloudWatch Events to relay events to the streams in AWS Kinesis Streams in your account.
CloudFrontReadOnlyAccess	Provides access to CloudFront distribution configuration information and list distributions via the AWS Management Console.
AWSDeepLensServiceRolePolicy	Grants AWS DeepLens access to AWS Services, resources and roles needed by DeepLens and its dependencies including IoT, S3, GreenGrass and AWS Lambda.
AmazonSNSRole	Default policy for Amazon SNS service role.
AmazonInspectorServiceRolePolicy	Grants Amazon Inspector access to AWS Services needed to perform security assessments
AmazonMobileAnalyticsFinancialReportAccess	Provides read only access to all reports including financial data for all application resources.
AWSElasticBeanstalkService	This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-servicerole.html. AWS Elastic Beanstalk Service role policy which grants permissions to create & manage resources (i.e.: AutoScaling, EC2, S3, CloudFormation, ELB, etc.) on your behalf.
IAMReadOnlyAccess	Provides read only access to IAM via the AWS Management Console.
AmazonRDSReadOnlyAccess	Provides read only access to Amazon RDS via the AWS Management Console.
AWSIoTDeviceDefenderAudit	Provides read access for IoT and related resources
AmazonCognitoPowerUser	Provides administrative access to existing Amazon Cognito resources. You will need AWS account admin privileges to create new Cognito resources.
AmazonRoute53AutoNamingRegistrantAccess	Provides registrant level access to Route 53 Auto Naming actions.
AmazonElasticFileSystemFullAccess	Provides full access to Amazon EFS via the AWS Management Console.
LexChannelPolicy	Policy for AWS Lex Channel use case
ServerMigrationConnector	Permissions to allow the AWS Server Migration Connector to migrate VMs to EC2. Allows communication with the AWS Server Migration Service, read/write access to S3 buckets starting with 'sms-b-' and 'import-to-ec2-' as well as the buckets used for AWS Server Migration Connector upgrade, AWS Server Migration Connector registration with AWS, and metrics upload to AWS.
AmazonESCognitoAccess	Provides limited access to the Amazon Cognito configuration service.
AWSFMAdminFullAccess	Full access for AWS FM Administrator
AmazonChimeReadOnly	Provides read only access to Amazon Chime Admin Console via the AWS Management Console.
AmazonZocaloFullAccess	Provides full access to Amazon Zocalo.
AWSIoTSiteWiseReadOnlyAccess	Provides read only access to IoT SiteWise.
AWSAccountUsageReportAccess	Allows users to access the Account Usage Report page.
AWSIoTOTAUpdate	Allows access to create AWS IoT Job and describe the AWS code signer job
AmazonMQFullAccess	Provides full access to AmazonMQ via the AWS Management Console.
AWSMarketplaceGetEntitlements	Provides read access to AWS Marketplace Entitlements
AWSGreengrassReadOnlyAccess	This policy gives read only access to the AWS Greengrass configuration, management and deployment actions
AmazonEC2ContainerServiceforEC2Role	Default policy for the Amazon EC2 Role for Amazon EC2 Container Service.
AmazonAppStreamFullAccess	Provides full access to Amazon AppStream via the AWS Management Console.
AWSIoTDataAccess	This policy gives full access to the AWS IoT messaging actions
AmazonWorkLinkFullAccess	Grants full access to Amazon WorkLink resources
AmazonTranscribeReadOnlyAccess	Provides access to read only operation for Amazon Transcribe
AmazonESFullAccess	Provides full access to the Amazon ES configuration service.
ApplicationDiscoveryServiceContinuousExportServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Application Discovery Service Continuous Export feature
AmazonSumerianFullAccess	Provides full access to Amazon Sumerian.
AWSWAFFullAccess	Provides full access to AWS WAF actions.
ElasticLoadBalancingReadOnly	Provides read only access to Amazon ElasticLoadBalancing and dependent services
AWSArtifactAccountSync	Allows AWS Artifact read-only access to operations in AWS Organizations.
AmazonKinesisFirehoseFullAccess	Provides full access to all Amazon Kinesis Firehose Delivery Streams.
CloudWatchReadOnlyAccess	Provides read only access to CloudWatch.
AWSLambdaBasicExecutionRole	Provides write permissions to CloudWatch Logs.
ResourceGroupsandTagEditorFullAccess	Provides full access to Resource Groups and Tag Editor.
AWSKeyManagementServicePowerUser	Provides access to AWS Key Management Service (KMS).
AWSApplicationAutoscalingEC2SpotFleetRequestPolicy	Policy granting permissions to Application Auto Scaling to access EC2 Spot Fleet and CloudWatch.
AWSImportExportReadOnlyAccess	Provides read only access to the jobs created under the AWS account.
CloudWatchEventsServiceRolePolicy	Allow AWS CloudWatch to execute actions on your behalf configured through alarms and events.
AmazonElasticTranscoderRole	Default policy for the Amazon Elastic Transcoder service role.
AWSGlueConsoleFullAccess	Provides full access to AWS Glue via the AWS Management Console
AmazonEC2ContainerServiceRole	Default policy for Amazon ECS service role.
AWSDeviceFarmFullAccess	Provides full access to all AWS Device Farm operations.
AmazonSSMReadOnlyAccess	Provides read only access to Amazon SSM.
AWSStepFunctionsReadOnlyAccess	An access policy for providing a user/role/etc read only access to the AWS StepFunctions service.
AWSMarketplaceRead-only	Provides the ability to review AWS Marketplace subscriptions
AWSApplicationAutoscalingDynamoDBTablePolicy	Policy granting permissions to Application Auto Scaling to access DynamoDB and CloudWatch.
AWSCodePipelineFullAccess	Provides full access to AWS CodePipeline via the AWS Management Console.
AWSCloud9User	Provides permission to create AWS Cloud9 development environments and to manage owned environments.
AWSGreengrassResourceAccessRolePolicy	Policy for AWS Greengrass service role which allows access to related services including AWS Lambda and AWS IoT thing shadows.
AmazonMacieServiceRolePolicy	Service linked role for Amazon Macie
NetworkAdministrator	Grants full access permissions to AWS services and actions required to set up and configure AWS network resources.
AWSIoT1ClickFullAccess	Provides full access to AWS IoT 1-Click.
AmazonWorkSpacesApplicationManagerAdminAccess	Provides administrator access for packaging an application in Amazon WorkSpaces Application Manager.
AmazonDRSVPCManagement	Provides access to manage VPC settings for Amazon managed customer configurations
AmazonRedshiftServiceLinkedRolePolicy	Allows Amazon Redshift to call AWS services on your behalf
AWSCertificateManagerPrivateCAReadOnly	Provides read only access to AWS Certificate Manager Private Certificate Authority
AWSXrayFullAccess	AWS X-Ray full access managed policy
AWSElasticBeanstalkWorkerTier	Provide the instances in your worker environment access to upload log files to Amazon S3, to use Amazon SQS to monitor your application's job queue, to use Amazon DynamoDB to perform leader election, and to Amazon CloudWatch to publish metrics for health monitoring.
AWSDirectConnectFullAccess	Provides full access to AWS Direct Connect via the AWS Management Console.
AWSCodeBuildAdminAccess	Provides full access to AWS CodeBuild via the AWS Management Console. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts, and attach IAMFullAccess to create and manage the service role for CodeBuild.
AmazonKinesisAnalyticsFullAccess	Provides full access to Amazon Kinesis Analytics via the AWS Management Console.
AWSSecurityHubServiceRolePolicy	A service-linked role required for AWS Security Hub to access your resources.
AWSElasticBeanstalkMaintenance	AWS Elastic Beanstalk Service Role policy that grants limited permissions to update your resources on your behalf for maintenance purposes.
APIGatewayServiceRolePolicy	Allows API Gateway to manage associated AWS Resources on behalf of the customer.
AWSAccountActivityAccess	Allows users to access the Account Activity page.
AmazonGlacierFullAccess	Provides full access to Amazon Glacier via the AWS Management Console.
AmazonFSxConsoleReadOnlyAccess	Provides read only access to Amazon FSx and access to related AWS services via the AWS Management Console.
AmazonWorkMailFullAccess	Provides full access to WorkMail, Directory Service, SES, EC2 and read access to KMS metadata.
DAXServiceRolePolicy	This policy allows DAX to create and manage Network interface, Security group, Subnet and Vpc on behalf of customer
ComprehendMedicalFullAccess	Provides full access to Amazon Comprehend Medical
AWSMarketplaceManageSubscriptions	Provides the ability to subscribe and unsubscribe to AWS Marketplace software
AWSElasticBeanstalkCustomPlatformforEC2Role	Provide the instance in your custom platform builder environment permission to launch EC2 instance, create EBS snapshot and AMI, stream logs to Amazon CloudWatch Logs, and store artifacts in Amazon S3.
AWSDataSyncReadOnlyAccess	Provides read-only access to AWS DataSync
AWSVPCTransitGatewayServiceRolePolicy	Allow VPC Transit Gateway to create and manage necessary resources for your Transit Gateway VPC Attachments.
NeptuneReadOnlyAccess	Provides read only access to Amazon Neptune. Note that this policy also grants access to Amazon RDS resources. For more information, see https://aws.amazon.com/neptune/faqs/.
AWSSupportAccess	Allows users to access the AWS Support Center.
AmazonElasticMapReduceforAutoScalingRole	Amazon Elastic MapReduce for Auto Scaling. Role to allow Auto Scaling to add and remove instances from your EMR cluster.
AWSElementalMediaConvertReadOnly	Provides read only access to AWS Elemental MediaConvert via the AWS Management Console and SDK.
AWSLambdaInvocation-DynamoDB	Provides read access to DynamoDB Streams.
AWSServiceCatalogEndUserFullAccess	Provides full access to service catalog enduser capabilities
IAMUserSSHKeys	Provides the ability for an IAM user to manage their own SSH keys.
AWSDeepRacerServiceRolePolicy	Allows DeepRacer to create required resources and call AWS services on your behalf.
AmazonSageMakerReadOnly	Provides read only access to Amazon SageMaker via the AWS Management Console and SDK.
AWSIoTFullAccess	This policy gives full access to the AWS IoT configuration and messaging actions
AWSQuickSightDescribeRDS	Allow QuickSight to describe the RDS resources
AWSResourceAccessManagerServiceRolePolicy	Policy containing Read-only AWS Resource Access Manager access to customers' Organizations structure. It also contains IAM permissions to self-delete the role.
AWSConfigRulesExecutionRole	Allows an AWS Lambda function to access the AWS Config API and the configuration snapshots that AWS Config delivers periodically to Amazon S3. This access is required by functions that evaluate configuration changes for custom Config rules.
AWSConfigServiceRolePolicy	Allows Config to call AWS services and collect resource configurations on your behalf.
AmazonESReadOnlyAccess	Provides read-only access to the Amazon ES configuration service.
AWSCodeDeployDeployerAccess	Provides access to register and deploy a revision.
KafkaServiceRolePolicy	IAM service linked role policy for Kafka.
AmazonPollyFullAccess	Grants full access to Amazon Polly service and resources.
AmazonSSMMaintenanceWindowRole	Service Role to be used for EC2 Maintenance Window
AmazonRDSEnhancedMonitoringRole	Provides access to Cloudwatch for RDS Enhanced Monitoring
AmazonLexFullAccess	Provides full access to Amazon Lex via the AWS Management Console. Also provides access to create Lex Service Linked Roles and grant Lex permissions to invoke a limited set of Lambda functions.
AWSLambdaVPCAccessExecutionRole	Provides minimum permissions for a Lambda function to execute while accessing a resource within a VPC - create, describe, delete network interfaces and write permissions to CloudWatch Logs.
AmazonMacieServiceRole	Grants Macie read-only access to resource dependencies in your account in order to enable data analysis.
AmazonLexRunBotsOnly	Provides access to Amazon Lex conversational APIs.
AWSCertificateManagerPrivateCAAuditor	Provides auditor access to AWS Certificate Manager Private Certificate Authority
AmazonSNSFullAccess	Provides full access to Amazon SNS via the AWS Management Console.
AmazonEKS_CNI_Policy	This policy provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IP address configuration on your EKS worker nodes. This permission set allows the CNI to list, describe, and modify Elastic Network Interfaces on your behalf. More information on the AWS VPC CNI Plugin is available here: https://github.com/aws/amazon-vpc-cni-k8s
AWSServiceCatalogAdminFullAccess	Provides full access to service catalog admin capabilities
AWSShieldDRTAccessPolicy	Provides the AWS DDoS Response Team with limited access to your AWS account to assist with DDoS attack mitigation during a high-severity event.
CloudSearchReadOnlyAccess	Provides read only access to the Amazon CloudSearch configuration service.
AWSGreengrassFullAccess	This policy gives full access to the AWS Greengrass configuration, management and deployment actions
NeptuneConsoleFullAccess	Provides full access to manage Amazon Neptune using the AWS Console. Note this policy also grants full access to publish on all SNS topics within the account, permissions to create and edit Amazon EC2 instances and VPC configurations, permissions to view and list keys on Amazon KMS, and full access to Amazon RDS. For more information, see https://aws.amazon.com/neptune/faqs/.
AWSCloudFormationReadOnlyAccess	Provides access to AWS CloudFormation via the AWS Management Console.
AmazonRoute53FullAccess	Provides full access to all Amazon Route 53 via the AWS Management Console.
AWSLambdaRole	Default policy for AWS Lambda service role.
AWSLambdaENIManagementAccess	Provides minimum permissions for a Lambda function to manage ENIs (create, describe, delete) used by a VPC-enabled Lambda Function.
AWSOpsWorksCloudWatchLogs	Enables OpsWorks instances with the CWLogs integration enabled to ship logs and create required log groups
AmazonAppStreamReadOnlyAccess	Provides read only access to Amazon AppStream via the AWS Management Console.
AWSStepFunctionsFullAccess	An access policy for providing a user/role/etc access to the AWS StepFunctions API. For full access, in addition to this policy, a user MUST have iam:PassRole permission on at least one IAM role that can be assumed by the service.
CloudTrailServiceRolePolicy	Permission policy for CloudTrail ServiceLinkedRole
AmazonInspectorReadOnlyAccess	Provides read only access to Amazon Inspector.
AWSOrganizationsReadOnlyAccess	Provides read-only access to AWS Organizations.
TranslateReadOnly	Provides read-only access to Amazon Translate.
AWSCertificateManagerFullAccess	Provides full access to AWS Certificate Manager (ACM)
AWSDeepRacerCloudFormationAccessPolicy	Allows CloudFormation to create and manage AWS stacks and resources on your behalf.
AWSIoTEventsReadOnlyAccess	Provides read only access to IoT Events.
AWSRoboMakerServicePolicy	RoboMaker service policy
PowerUserAccess	Provides full access to AWS services and resources, but does not allow management of Users and groups.
AWSApplicationAutoScalingCustomResourcePolicy	Policy granting permissions to Application Auto Scaling to access APIGateway and CloudWatch for custom resource scaling
GlobalAcceleratorReadOnlyAccess	Allow GlobalAccelerator Users Access to Read Only APIs
AmazonSageMakerFullAccess	Provides full access to Amazon SageMaker via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, ECR, CloudWatch Logs).
WAFLoggingServiceRolePolicy	Creating SLR to write customer's logs to a firehose stream
AWSBackupServiceRolePolicyForRestores	Provides AWS Backup permission to perform restores on your behalf across AWS services. This policy includes permissions to create and delete AWS resources, such as EBS volumes, RDS instances, and EFS file systems, which are part of the restore process.
AWSElementalMediaStoreFullAccess	Provides full read and write access to all MediaStore APIs
CloudWatchEventsFullAccess	Provides full access to Amazon CloudWatch Events.
AWSLicenseManagerMemberAccountRolePolicy	AWS License Manager service member account role policy
AWSOrganizationsFullAccess	Provides full access to AWS Organizations.
AWSCodePipeline_FullAccess	Provides full access to AWS CodePipeline via the AWS Management Console.
DynamoDBKinesisReplicationServiceRolePolicy	Provide AWS DynamoDB access to KinesisDataStreams
AmazonAugmentedAIIntegratedAPIAccess	Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Also provides access to those operations of services that are integrated with Amazon Augmented AI.
AmazonFraudDetectorFullAccessPolicy	Gives access to all actions for Amazon Fraud Detector
AmazonLaunchWizard_Fullaccess	Full access to AWS Launch wizard and other required services.
AmazonChimeSDK	Provides access to Amazon Chime SDK operations
AwsGlueDataBrewFullAccessPolicy	Provides full access to AWS Glue DataBrew via the AWS Management Console. Also provides select access to related services (e.g., S3, KMS, Glue).
AmazonElasticContainerRegistryPublicReadOnly	Provides read-only access to Amazon ECR Public repositories.
AWSIoTDeviceTesterForFreeRTOSFullAccess	Allows AWS IoT Device Tester to run the FreeRTOS qualification suite by allowing access to services including IoT, S3, and IAM
Route53ResolverServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Route53 Resolver
WAFV2LoggingServiceRolePolicy	This policy creates a service-linked role that allows AWS WAF to write logs to Amazon Kinesis Data Firehose.
AWSBudgetsActionsWithAWSResourceControlAccess	Provides full access to AWS Budgets Actions including using Budgets Actions to control states of running AWS resources via AWS Management Console
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy	This policy is for the AWS Elastic Beanstalk service role used to perform managed updates of Elastic Beanstalk environments. This policy should not be attached to other users or roles. The policy grants broad permissions to create and manage resources across a number of AWS services including AutoScaling, EC2, ECS, Elastic Load Balancing and CloudFormation. This policy also allows passing of any IAM role usable with those services.
AdministratorAccess-Amplify	Grants account administrative permissions while explicitly allowing direct access to resources needed by Amplify applications.
AWSNetworkManagerFullAccess	Provides full access to Amazon NetworkManager via the AWS Management Console.
AWSMarketplaceAmiIngestion	Allows AWS Marketplace to copy your Amazon Machine Images (AMIs) in order to list them on AWS Marketplace
AWSPrivateMarketplaceRequests	Provides access to creating requests in an AWS Private Marketplace.
CloudWatchApplicationInsightsReadOnlyAccess	Provides read only access to CloudWatch Application Insights.
AdministratorAccess-AWSElasticBeanstalk	Grants account administrative permissions. Explicitly allows developers and administrators to gain direct access to resources they need to manage AWS Elastic Beanstalk applications
AmazonSageMakerMechanicalTurkAccess	Provides access to create Amazon Augmented AI FlowDefinition resources against any Workteam.
AmazonTimestreamConsoleFullAccess	Provides full access to manage Amazon Timestream using the AWS Management Console. Note that this policy also grants permissions for certain KMS operations, and operations to manage your saved queries. If using Customer managed CMK, please refer to documentation for additional permissions needed.
AWSWAFConsoleFullAccess	Provides full access to AWS WAF via the AWS Management Console. Note that this policy also grants permissions to list and update Amazon CloudFront distributions, permissions to view load balancers on AWS Elastic Load Balancing, permissions to view Amazon API Gateway REST APIs and stages, permissions to list and view Amazon CloudWatch metrics, and permissions to view regions enabled within the account.
AWSGlueSchemaRegistryReadonlyAccess	Provides readonly access to the AWS Glue Schema Registry Service
AWSNetworkManagerServiceRolePolicy	Allow NetworkManager to access resources associated with your Global Networks
AWSAppMeshServiceRolePolicy	Enables access to AWS Services and Resources used or managed by AWS AppMesh
AWSConfigRemediationServiceRolePolicy	Allows AWS Config to remediate noncompliant resources on your behalf.
ConfigConformsServiceRolePolicy	Policy needed for AWSConfig to create conformance packs
AmazonEventBridgeReadOnlyAccess	Provides read only access to Amazon EventBridge.
AWSCodeStarNotificationsServiceRolePolicy	Allows AWS CodeStar Notifications to access Amazon CloudWatch Events on your behalf
AmazonKendraFullAccess	Provides full access to Amazon Kendra via the AWS Management Console.
AmazonEMRFullAccessPolicy_v2	Provides full access to Amazon EMR
AmazonS3OutpostsFullAccess	Provides full access to Amazon S3 on Outposts via the AWS Management Console.
AWSQuickSightElasticsearchPolicy	Provides access to Amazon Elasticsearch resources from Amazon QuickSight
AWSApplicationAutoscalingCassandraTablePolicy	Policy granting permissions to Application Auto Scaling to access Cassandra and CloudWatch.
AWSSystemsManagerAccountDiscoveryServicePolicy	Grants AWS Systems Manager (SSM) permission to discover AWS account information.
AmazonDevOpsGuruFullAccess	Provides full access to Amazon DevOps Guru.
AWSResourceAccessManagerReadOnlyAccess	Provides read only access to AWS Resource Access Manager.
AmazonEventBridgeFullAccess	Provides full access to Amazon EventBridge.
AWSThinkboxAWSPortalAdminPolicy	This policy grants AWS Thinkbox's Deadline software full access to multiple AWS services as required for AWS Portal administration. This includes access to create arbitrary tags on several EC2 resource types.
AWSElasticBeanstalkReadOnly	Grants read-only permissions. Explicitly allows operators to gain direct access to retrieve information about resources related to AWS Elastic Beanstalk applications.
EC2InstanceProfileForImageBuilderECRContainerBuilds	EC2 Instance profile for building container images with EC2 Image Builder. This policy grants the user broad permissions to upload ECR images.
AWSCodeDeployRoleForLambdaLimited	Provides CodeDeploy service limited access to perform a Lambda deployment on your behalf.
AWSAuditManagerServiceRolePolicy	Enables access to AWS Services and Resources used or managed by AWS Audit Manager
CloudWatchSyntheticsReadOnlyAccess	Provides read only access to CloudWatch Synthetics.
AmazonNimbleStudio-StudioUser	This policy grants access to Amazon Nimble Studio resources associated with the studio user and related studio resources in other services. Attach this policy to the User role associated with your studio.
AWSCloudTrail_FullAccess	Provides full access to AWS CloudTrail.
AccessAnalyzerServiceRolePolicy	Allow Access Analyzer to analyze resource metadata
AmazonRoute53ResolverReadOnlyAccess	Read only policy for Route 53 Resolver
AmazonEC2RolePolicyForLaunchWizard	Managed policy for the Amazon LaunchWizard service role for EC2
AmazonAppFlowReadOnlyAccess	Provides read only access to Amazon Appflow flows
AmazonLookoutVisionConsoleReadOnlyAccess	Provides read only access to Amazon Lookout for Vision and scoped access to required service and console dependencies.
AWSQuickSightTimestreamPolicy	AWS QuickSight access to AWS Timestream APIs. Customers can attach this policy to AWS QuickSight role to allow retrieval of data and metadata.
AmazonManagedBlockchainFullAccess	Provides full access to Amazon Managed Blockchain.
ServiceQuotasFullAccess	Provides full access to Service Quotas
AmazonTimestreamFullAccess	Provides full access to Amazon Timestream. Note that this policy also grants certain KMS operation access. If using Customer managed CMK, please refer to documentation for additional permissions needed.
ElementalAppliancesSoftwareReadOnlyAccess	Read-only access to view Elemental Appliances and Software quotes and orders
AmazonLookoutVisionFullAccess	Provides full access to Amazon Lookout for Vision and scoped access to required dependencies.
AWSCodeDeployRoleForCloudFormation	Provides CodeDeploy service access to invoke Lambda function on your behalf to perform blue/green deployment through CloudFormation.
BatchServiceRolePolicy	Provides access for the AWS Batch service to manage the required resources, including Amazon EC2 and Amazon ECS resources.
AmazonHoneycodeServiceRolePolicy	A service-linked role required for Amazon Honeycode to access your resources.
AmazonSageMakerEdgeDeviceFleetPolicy	Provides permissions necessary for SageMaker Edge to create and manage a device fleet for the customer using the default cloud connection.
AWSIoTSiteWiseMonitorServiceRolePolicy	This role grants AWS IoT SiteWise monitor permissions to access your AWS IoT SiteWise assets & asset properties, and create AWS IoT Sitewise projects, dashboards & access policies through AWS IoT SiteWise portals.
AmazonHoneycodeReadOnlyAccess	Provides read only access to Honeycode via the AWS Management Console and the SDK.
AWSCloudFormationFullAccess	Provides full access to AWS CloudFormation.
AWSPanoramaApplianceRolePolicy	Allows AWS IoT software on an AWS Panorama Appliance to upload logs to Amazon CloudWatch.
AmazonLookoutMetricsFullAccess	Gives access to all actions for Amazon Lookout for Metrics
AWSApplicationMigrationAgentPolicy	This policy allows installing and using the AWS Replication Agent, which is used with AWS Application Migration Service (MGN) to migrate external servers to AWS. Attach this policy to your IAM users or roles whose credentials you provide when installing the AWS Replication Agent.
AWSOpsWorks_FullAccess	Provides full access to AWS OpsWorks.
AWSNetworkFirewallServiceRolePolicy	Allow AWSNetworkFirewall to create and manage necessary resources for your Firewalls.
ElementalAppliancesSoftwareFullAccess	Full access to view and take action on Elemental Appliances and Software quotes and orders
AmazonMachineLearningRoleforRedshiftDataSourceV3	Allows Machine Learning to configure and use your Redshift Clusters and S3 Staging Locations for Redshift Data Source.
AmazonAugmentedAIHumanLoopFullAccess	Provides access to perform all operations on HumanLoops.
AmazonLookoutEquipmentReadOnlyAccess	Provides read only access to Amazon Lookout for Equipments
AWSDataExchangeReadOnly	Grants read-only access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK.
AWSMarketplaceSellerProductsFullAccess	Provides sellers full access to AWS Marketplace Management Products page and other AWS services such as AMI management.
AWSMarketplaceLicenseManagementServiceRolePolicy	Enables access to AWS Services and Resources used or managed by AWS Marketplace for license management.
AWSProtonReadOnlyAccess	Provides read only access to the AWS Proton APIs and Management Console.
AmazonLexV2BotPolicy	Provides Lex V2 bots access to call other AWS services on your behalf.
AWSIQContractServiceRolePolicy	Used by AWS IQ to execute payment requests on behalf of a customer
AWSStorageGatewayServiceRolePolicy	Service-linked role used by AWS Storage Gateway to enable integration of other AWS services with Storage Gateway.
AWSBackupOrganizationAdminAccess	This policy is for backup administators who use cross-account backup management to manage backups for the organization.
AWSIoTSiteWiseMonitorPortalAccess	This policy grants permissions to access AWS IoT SiteWise assets and asset data, create AWS IoT SiteWise Monitor resources, and list AWS SSO users.
AWSAuditManagerAdministratorAccess	Provides administrative access to enable or disable AWS Audit Manager, update settings, and manage assessments, controls, and frameworks
ElementalSupportCenterFullAccess	Full access to view and take action on Elemental Appliance and Software support cases and product support content
AmazonHoneycodeFullAccess	Provides full access to Honeycode via the AWS Management Console and the SDK.
AmazonWorkDocsReadOnlyAccess	Provides read only access to Amazon WorkDocs via the AWS Management Console
CloudWatchLambdaInsightsExecutionRolePolicy	Policy required for the Lambda Insights Extension
AWSGlobalAcceleratorSLRPolicy	Policy granting permissions to AWS Global Accelerator to manage EC2 Elastic Network Interfaces and Security Groups.
EC2InstanceProfileForImageBuilder	EC2 Instance profile for Image Builder service.
AWSServiceRoleForLogDeliveryPolicy	Allows Log Delivery service to deliver logs by calling log destination on your behalf.
AmazonCodeGuruReviewerFullAccess	Grants full access to Amazon CodeGuru Reviewer and scoped access to required dependencies.
AWSVPCS2SVpnServiceRolePolicy	Allow Site-to-Site VPN to create and manage resources related to your VPN Connections.
AWSImageBuilderFullAccess	Provides full access to all AWS Image Builder actions and resource scoped access to related AWS services.
AWSIncidentManagerResolverAccess	This policy grants permissions to start, view, and update incidents with full access to custom timeline events & related items. Assign this policy to users who will create and resolve incidents.
AWSCertificateManagerPrivateCAPrivilegedUser	Provides privileged certificate user access to AWS Certificate Manager Private Certificate Authority
AmazonSSMPatchAssociation	Provide access to child instances for patch association operation.
AWSBudgetsReadOnlyAccess	Provides read only access to AWS Budgets Console via the AWS Management Console.
AWSOpsWorksRegisterCLI_OnPremises	Policy to enable registration of On-Premises instances via the OpsWorks CLI
Health_OrganizationsServiceRolePolicy	AWS Health policy to enable Organizational View feature
AmazonElasticContainerRegistryPublicFullAccess	Provides administrative access to Amazon ECR Public resources
AmazonMCSReadOnlyAccess	Provide read only access to Amazon Managed Apache Cassandra Service
AWSRoboMaker_FullAccess	Provides full access to AWS RoboMaker via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, IAM).
AWSAppMeshPreviewServiceRolePolicy	Enables access to AWS Services and Resources used or managed by AWS App Mesh
ServiceQuotasServiceRolePolicy	Allows Service Quotas to create support cases on your behalf
AWSLambdaMSKExecutionRole	Provides permissions required to access MSK Cluster within a VPC, manage ENIs (create, describe, delete) in the VPC and write permissions to CloudWatch Logs.
ComputeOptimizerReadOnlyAccess	Provides read only access to ComputeOptimizer.
AlexaForBusinessPolyDelegatedAccessPolicy	Provide access to Poly AVS devices
AWSMarketplaceProcurementSystemAdminFullAccess	Provides full access to all administrative actions for an AWS Marketplace eProcurement integration.
AmazonEKSFargatePodExecutionRolePolicy	Provides access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate
AWSIoTWirelessReadOnlyAccess	Allows the associated identity read only access to AWS IoT wireless.
AppRunnerServiceRolePolicy	Allows AWS AppRunner to manage related AWS resources on your behalf.
AWSThinkboxDeadlineResourceTrackerAdminPolicy	Grants permissions required to create, destroy, and administer AWS Thinkbox's Deadline Resource Tracker.
IAMAccessAdvisorReadOnly	This policy grants access to read all access information provided by IAM access advisor such as service last accessed information.
AmazonSageMakerFeatureStoreAccess	Provides permissions required to enable the offline store for an Amazon SageMaker FeatureStore feature group.
AmazonCodeGuruReviewerReadOnlyAccess	Provides read only access to Amazon CodeGuru Reviewer.
AWSThinkboxAWSPortalGatewayPolicy	This policy grants the AWS Portal Gateway machine the necessary permissions required for normal operation.
AWSApplicationAutoscalingKafkaClusterPolicy	Policy granting permissions to Application Auto Scaling to access Managed Streaming for Apache Kafka and CloudWatch.
AWSSystemsManagerOpsDataSyncServiceRolePolicy	IAM role for SSM Explorer to manage OpsData related operations
AmazonCodeGuruProfilerFullAccess	Provides full access to Amazon CodeGuru Profiler.
AWSProtonDeveloperAccess	Provides access to the AWS Proton APIs and Management Console, but does not allow administration of Proton templates or environments.
AmazonElasticFileSystemServiceRolePolicy	Allows Amazon Elastic File System to manage AWS resources on your behalf
AmazonSageMakerGroundTruthExecution	Provides access to AWS services that are required to run SageMaker GroundTruth Labeling job
AWSResourceAccessManagerFullAccess	Provides full access to AWS Resource Access Manager
CertificateManagerServiceRolePolicy	Amazon Certificate Manager Service Role Policy
AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction	Provides access for enabling IoT logging for execution of ENABLE_IOT_LOGGING mitigation action
AWSGrafanaWorkspacePermissionManagement	Provides only the ability to update user and group permissions for AWS Grafana workspaces.
AmazonNimbleStudio-LaunchProfileWorker	This policy grants access to resources needed by Nimble Studio Launch Profile workers. Attach this policy to EC2 instances created by Nimble Studio Builder.
AWSElasticBeanstalkRoleCWL	(Elastic Beanstalk operations role) Allows an environment to manage Amazon CloudWatch Logs log groups.
DynamoDBCloudWatchContributorInsightsServiceRolePolicy	Permissions required to support Amazon CloudWatch Contributor Insights for Amazon DynamoDB.
AWSElasticBeanstalkRoleRDS	(Elastic Beanstalk operations role) Allows an environment to integrate an Amazon RDS instance.
AWSPanoramaServiceRolePolicy	Allows AWS Panorama to manage resources in Amazon S3, AWS IoT, AWS IoT GreenGrass, AWS Lambda, Amazon SageMaker, and Amazon CloudWatch Logs, and to pass service roles to AWS IoT, AWS IoT GreenGrass, and Amazon SageMaker.
AmazonEMRReadOnlyAccessPolicy_v2	Provides read only access to Amazon EMR and the associated CloudWatch Metrics.
AmazonEventBridgeApiDestinationsServiceRolePolicy	Allows EventBridge to access Secret Manager resources on your behalf.
AWSServiceRoleForCodeGuru-Profiler	A service-linked role required for Amazon CodeGuru Profiler to send notifications on your behalf.
AmazonChimeVoiceConnectorServiceLinkedRolePolicy	Managed policy for Service Linked Role for Amazon Chime VoiceConnector
AmazonPrometheusQueryAccess	Grants access to run queries against AWS Managed Prometheus resources
AmazonWorkDocsFullAccess	Provides full access to Amazon WorkDocs via the AWS Management Console
AmazonHoneycodeWorkbookReadOnlyAccess	Provides read only access to Honeycode Workbook via the AWS Management Console and the SDK.
MediaPackageServiceRolePolicy	Allows MediaPackage to publish logs to CloudWatch
IAMAccessAnalyzerReadOnlyAccess	Provides read only access to IAM Access Analyzer resources
AmazonEventBridgeSchemasServiceRolePolicy	Grants permissions to Managed Rules created by Amazon EventBridge schemas.
AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction	Provides messages publish access to SNS topic for execution of PUBLISH_FINDING_TO_SNS mitigation action
AmazonQLDBConsoleFullAccess	Provides full access to Amazon QLDB via the AWS Management Console.
AWSGlueSchemaRegistryFullAccess	Provides full access to the AWS Glue Schema Registry Service
AWSServiceCatalogAppRegistryServiceRolePolicy	Allows Service Catalog AppRegistry to manage Resource Groups on your behalf
AWSIoTFleetHubFederationAccess	Federation access for IoT Fleet Hub applications
AmazonElasticFileSystemClientReadWriteAccess	Provides read and write client access to an Amazon EFS file system
AWSApplicationAutoscalingComprehendEndpointPolicy	Policy granting permissions to Application Auto Scaling to access Comprehend and CloudWatch.
AWSCloudShellFullAccess	Grants using AWS CloudShell with all features
AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction	Provides write access to IoT thing groups and read access to IoT Certificates for execution of ADD_THINGS_TO_THING_GROUP mitigation action
AWSIoTWirelessDataAccess	Allows the associated identity data access to AWS IoT Wireless devices.
AmazonQLDBFullAccess	Provides full access to Amazon QLDB via the service API.
AmazonAugmentedAIFullAccess	Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Does not allow access for creating FlowDefinitions against the public-crowd Workteam.
AmazonKeyspacesFullAccess	Provide full access to Amazon Keyspaces
AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction	Provides write access to IoT policies for execution of REPLACE_DEFAULT_POLICY_VERSION mitigation action
AWSAppMeshReadOnly	Provides read-only access to the AWS App Mesh APIs and Management Console.
ComputeOptimizerServiceRolePolicy	Allows ComputeOptimizer to call AWS services and collect workload details on your behalf.
AWSApplicationMigrationFullAccess	This policy provides permissions to all public APIs of AWS Application Migration Service (MGN), as well as permissions to read KMS key information. Attach this policy to your IAM users or roles.
AWSLakeFormationCrossAccountManager	Provides cross account access to Glue resources via Lake Formation. Also grants read access to other required services such as organizations and resource access manager
AWSGlueDataBrewServiceRole	This policy grants permission to glue to perform action on user's glue data catalog, this policy also provides permission to ec2 actions to allow glue to create ENI to connect to resources in the VPC, also allow glue to access registered data in lakeformation and permission to access user's cloudwatch
AmazonBraketFullAccess	Provides full access to Amazon Braket via the AWS Management Console and SDK. Also provides access to related services (e.g., S3, logs).
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy	AWS Elastic Beanstalk Service Role policy that grants limited permissions to managed updates.
AmazonLexChannelsAccess	This policy allows customers to call Lex runtime from channels
AlexaForBusinessLifesizeDelegatedAccessPolicy	Provide access to Lifesize AVS devices
AmazonTimestreamReadOnlyAccess	Provides read only access to Amazon Timestream. Policy also provides permission to cancel any running query. If using Customer managed CMK, please refer to documentation for additional permissions needed.
AWSPanoramaFullAccess	Provides full access to AWS Panorama
AmazonQLDBReadOnly	Provides read only access to Amazon QLDB.
AWSChatbotServiceLinkedRolePolicy	The Service Linked Role used by AWS Chatbot.
AWSLambda_ReadOnlyAccess	Grants read-only access to AWS Lambda service, AWS Lambda console features, and other related AWS services.
AWSCodePipeline_ReadOnlyAccess	Provides read only access to AWS CodePipeline via the AWS Management Console.
S3StorageLensServiceRolePolicy	Enables access to AWS Services and Resources used or managed by S3 Storage Lens
ServerMigrationServiceConsoleFullAccess	Required permissions to use all features of the Server Migration Service Console
AWSAppSyncServiceRolePolicy	Enables access to AWS services and resources used or managed by AppSync
AWSAppMeshFullAccess	Provides full access to the AWS App Mesh APIs and Management Console.
AWSIncidentManagerServiceRolePolicy	This policy grants Incident Manager permission to manage incident records and related resources on your behalf.
AWSProtonFullAccess	Provides full access to the AWS Proton APIs and Management Console. In addition to these permissions, access to Amazon S3 is also needed to register template bundles from your S3 buckets, as well as access to Amazon IAM to create and manage the service roles for Proton.
AWSCloud9SSMInstanceProfile	This policy will be used to attach a role on a InstanceProfile which will allow Cloud9 to use the SSM Session Manager to connect to the instance
ElementalActivationsDownloadSoftwareAccess	Access to view purchased assets and download related software and kickstart files
AWSPanoramaGreengrassGroupRolePolicy	Allows an AWS Lambda function on an AWS Panorama Appliance to manage resources in Panorama, upload logs and metrics to Amazon CloudWatch, and to manage objects in buckets created for use with Panorama.
AmazonDetectiveFullAccess	Provides full access to Amazon Detective service and scoped access to the console UI dependencies
AWSTransferReadOnlyAccess	Provide readonly access to AWS Transfer services.
ServiceQuotasReadOnlyAccess	Provides read only access to Service Quotas
EC2FleetTimeShiftableServiceRolePolicy	Policy granting permissions to EC2 Fleet to launch instances in the future.
MigrationHubDMSAccessServiceRolePolicy	Policy for Database Migration Service to assume role in customer's account to call Migration Hub
AWSServiceCatalogEndUserReadOnlyAccess	Provides read-only access to Service Catalog end-user capabilities
ElementalActivationsFullAccess	Full access to view and take action on Elemental Appliances and Software purchased assets
AWSIQPermissionServiceRolePolicy	Allows AWS IQ to manage the role assumed by AWS IQ experts.
AmazonEKSForFargateServiceRolePolicy	This policy grants necessary permissions to Amazon EKS to run fargate tasks
ElementalActivationsReadOnlyAccess	Read-only access to the detailed list of purchased assets associated to the AWS account of the user
MigrationHubSMSAccessServiceRolePolicy	Policy for Server Migration Service to assume role in customer's account to call Migration Hub
CloudFormationStackSetsOrgAdminServiceRolePolicy	Service Role for CloudFormation StackSets (Organization Master Account)
AmazonEventBridgeSchemasFullAccess	Provides full access to Amazon EventBridge Schemas.
AWSMarketplaceSellerFullAccess	Provides full access to all seller operations on the AWS Marketplace and other AWS services such as AMI management.
CloudWatchAutomaticDashboardsAccess	Provides access to the non-CloudWatch APIs used to display CloudWatch Automatic Dashboards, including the contents of objects such as Lambda functions
AWSDeepRacerFullAccess	Provides full access to AWS DeepRacer. Also provides select access to related services (e.g., S3).
AmazonWorkMailEventsServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Amazon WorkMail Events
AmazonHoneycodeTeamAssociationFullAccess	Provides full access to Honeycode Team Association via the AWS Management Console and the SDK.
AmazonPrometheusRemoteWriteAccess	Grants write only access to AWS Managed Prometheus workspaces
AmazonDevOpsGuruReadOnlyAccess	Provides read only access to Amazon DevOps Guru Console.
AmazonEventBridgeSchemasReadOnlyAccess	Provides read only access to Amazon EventBridge Schemas.
AmazonFISServiceRolePolicy	Policy to enable AWS FIS to manage monitoring and resource selection for experiments.
AWSThinkboxDeadlineSpotEventPluginWorkerPolicy	Grant permissions required for an EC2 instance running AWS Thinkbox Deadline Spot Event Plugin Worker software.
AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy	This policy is used by the service-linked role named AWSServiceRoleForCloudWatchAlarms_ActionSSMIncidents. CloudWatch uses this service-linked role to perform AWS System Manager Incident Manager actions when a CloudWatch alarm goes in to ALARM state. This policy grants permission to start incidents on your behalf.
AWSIoTWirelessFullPublishAccess	Provides IoT Wireless full access to publish to IoT Rules Engine on your behalf.
GameLiftGameServerGroupPolicy	Policy to allow Gamelift GameServerGroups to manage customer resources
AmazonMWAAServiceRolePolicy	The Service Linked Role used by Amazon Managed Workflows for Apache Airflow.
AmazonConnect_FullAccess	The purpose of this policy is to grant permissions to AWS Connect users required to use Connect resources. This policy provides full access to AWS Connect resources via the Connect Console and public APIs
AWSElementalMediaLiveFullAccess	Provides full access to AWS Elemental MediaLive resources
AWSMarketplaceSellerProductsReadOnly	Provide sellers read-only access to AWS Marketplace Management Products page.
AmazonMCSFullAccess	Provide full access to Amazon Managed Apache Cassandra Service
AWSIoTSiteWiseConsoleFullAccess	Provides full access to manage AWS IoT SiteWise using the AWS Management Console. Note this policy also grants access to create and list data stores used with AWS IoT SiteWise (e.g. AWS IoT Analytics), access to list and view AWS IoT Greengrass resources, list and modify AWS Secrets Manager secrets, retrieve AWS IoT thing shadows, list resources with specific tags, and create and use a service-linked role for AWS IoT SiteWise.
AmazonElasticFileSystemClientFullAccess	Provides root client access to an Amazon EFS file system
AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction	Provides write access to IoT certificates for execution of UPDATE_DEVICE_CERTIFICATE mitigation action
AWSThinkboxAssetServerPolicy	This policy grants the AWS Portal Asset Server the necessary permissions required for normal operation.
AWSForWordPressPluginPolicy	Managed policy for AWS For Wordpress Plugin
AWSTransferFullAccess	Provides full access to AWS Transfer Service.
AWSServiceRoleForAmazonEKSNodegroup	Permissions required for managing nodegroups in the customer's account. These policies related to management of the following resources: AutoscalingGroups, SecurityGroups, LaunchTemplates and InstanceProfiles.
AWSGrafanaAccountAdministrator	Provides access within Amazon Grafana to create and manage workspaces for the entire organization.
AWSBackupOperatorAccess	This policy grants users permissions to assign AWS resources to backup plans, create on-demand backups, and restore backups. This policy does not allow the user to create or edit backup plans or to delete scheduled backups after they are created.
AWSApplicationAutoscalingLambdaConcurrencyPolicy	Policy granting permissions to Application Auto Scaling to access Lambda and CloudWatch.
AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM	This policy gives AWS Budgets broad permission to control AWS resources. For example, to start and stop EC2 or RDS instances by executing AWS Systems Manager (SSM) scripts.
AWSIoTDeviceDefenderUpdateCACertMitigationAction	Provides write access to IoT CA certificates for execution of UPDATE_CA_CERTIFICATE mitigation action
AWSBackupServiceLinkedRolePolicyForBackupTest	Provides AWS Backup permission to create backups on your behalf across AWS services
AWSApplicationMigrationMGHAccess	This policy allows AWS Application Migration Service (MGN) to send meta-data about the progress of servers being migrated using MGN to AWS Migration Hub (MGH). MGN automatically creates an IAM role with this policy attached, and assumes this role. We do not recommend that you attach this policy to your IAM users or roles.
AWSDeviceFarmTestGridServiceRolePolicy	Grant permissions to AWS Device Farm to call EC2 APIs on your behalf.
AmazonLookoutEquipmentFullAccess	Provides full access to Amazon Lookout for Equipment operations
AWSPurchaseOrdersServiceRolePolicy	Grants permissions to view and modify purchase orders on billing console
AmazonHoneycodeTeamAssociationReadOnlyAccess	Provides read only access to Honeycode Team Association via the AWS Management Console and the SDK.
AmazonWorkSpacesServiceAccess	Provides customer account access to AWS WorkSpaces service for launching a Workspace.
AWSSecurityHubOrganizationsAccess	Grants permission to enable and manage AWS Security Hub within an organization. Includes enabling the service across the organization, and determining the delegated administrator account for the service.
AmazonElasticFileSystemsUtils	Allows customers to use AWS Systems Manager to automatically manage Amazon EFS utilities (amazon-efs-utils) package on their EC2 instances, and use CloudWatchLog to get EFS file system mount success/failure notifications.
AWSTransferConsoleFullAccess	Provides full access to AWS Transfer via the AWS Management Console
AmazonEKSServiceRolePolicy	A Service-Linked Role required for Amazon EKS to call AWS services on your behalf.
AWSIoTWirelessLogging	Allows the associated identity to create Amazon CloudWatch Logs groups and stream logs to the groups.
AWSConfigMultiAccountSetupPolicy	Allows Config to call AWS services and deploy config resources across organization
AWSIoTWirelessFullAccess	Allows the associated identity full access to all AWS IoT Wireless operations.
AWSElementalMediaLiveReadOnly	Provides read only access to AWS Elemental MediaLive resources
AmazonElasticFileSystemClientReadOnlyAccess	Provides read only client access to an Amazon EFS file system
AmazonElasticMapReducePlacementGroupPolicy	Policy to allow EMR to create, describe and delete EC2 placement groups.
AmazonCognitoIdpServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Amazon Cognito User Pools
AmazonMQServiceRolePolicy	Service Linked Role Policy for AWS Amazon MQ
AWSApplicationMigrationServiceRolePolicy	Allows AWS application Migration Service to create and manage AWS resources on your behalf.
AmazonKeyspacesReadOnlyAccess	Provide read only access to Amazon Keyspaces
CloudFormationStackSetsOrgMemberServiceRolePolicy	Service Role for CloudFormation StackSets (Organization Member Account)
AWSResourceAccessManagerResourceShareParticipantAccess	Provides access to AWS Resource Access Manager APIs needed by a resource share participant.
AWSBillingReadOnlyAccess	Allows users to view bills on the Billing Console.
ServerMigrationServiceRoleForInstanceValidation	Permissions to allow the AWS SMS to run used data validation script and send script success/failure back to SMS
AWSBackupFullAccess	This policy is for backup administrators, granting full access to AWS Backup operations, including creating or editing backup plans, assigning AWS resources to backup plans, deleting backups, and restoring backups.
AmazonDevOpsGuruServiceRolePolicy	A service-linked role required for Amazon DevOpsGuru to access your resources.
AWSElasticBeanstalkRoleWorkerTier	(Elastic Beanstalk operations role) Allows a worker environment tier to create an Amazon DynamoDB table and an Amazon SQS queue.
AmazonCodeGuruProfilerReadOnlyAccess	Provides read only access to Amazon CodeGuru Profiler.
ElementalActivationsGenerateLicenses	Access to view purchased assets and generate software licenses for pending activations
AWSAppRunnerServicePolicyForECRAccess	AWS App Runner service policy that grants read permissions to Amazon ECR resources in the customer's account. Use it in a role that is passed to App Runner when creating or updating an App Runner service.
AWSNetworkManagerReadOnlyAccess	Provides read only access to Amazon NetworkManager via the AWS Management Console.
AmazonEMRServicePolicy_v2	This policy is used for the Amazon EMR Service Role and should NOT be used for any other IAM users or roles in your account. The policy grants permissions to create and manage resources associated with EMR and related services necessary for the operation of your EMR cluster.
AWSApplicationMigrationReadOnlyAccess	This policy provides permissions to all read-only public APIs of Application Migration Service (MGN), as well as some read-only APIs of other AWS services that are required in order to make full read-only use of the MGN console. Attach this policy to your IAM users or roles.
AWSServiceCatalogAppRegistryReadOnlyAccess	Provides read-only access to Service Catalog App Registry capabilites
AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy	Provides access to Systems Manager resources used by CloudWatch Alarms
IVSRecordToS3	Service Linked Role to perform S3 PutObject to recording IVS live streams
AmazonWorkMailMessageFlowReadOnlyAccess	Read only access to WorkMail messages for the GetRawMessageContent API
CloudWatchSyntheticsFullAccess	Provides full access to CloudWatch Synthetics.
AWSDataExchangeSubscriberFullAccess	Grants data subscriber access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange.
IAMAccessAnalyzerFullAccess	Provides full access to IAM Access Analyzer
AWSCodeArtifactAdminAccess	Provides full access to AWS CodeArtifact via the AWS Management Console.
AWSServiceCatalogAdminReadOnlyAccess	Provides read-only access to Service Catalog admin capabilities
AWSQuickSightSageMakerPolicy	Provides access to Amazon SageMaker resources from Amazon QuickSight
AWSDataLifecycleManagerServiceRoleForAMIManagement	Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources for AMI Management
AmazonMonitronFullAccess	Provides full access to manage Amazon Monitron
AmazonHealthLakeReadOnlyAccess	Provides read only access to Amazon HealthLake service.
AmazonWorkSpacesSelfServiceAccess	Provides access to Amazon WorkSpaces backend service to perform Workspace Self Service actions
AmazonManagedBlockchainServiceRolePolicy	Enables access to AWS Services and Resources used or managed by Amazon Managed Blockchain
AmazonSageMakerCoreServiceRolePolicy	Managed policy for Service Linked Role for Amazon SageMaker Core Services
AWSThinkboxDeadlineSpotEventPluginAdminPolicy	Grants permissions required for AWS Thinkbox's Deadline Spot Event Plugin. This includes permission to request, modify, and cancel a spot fleet, as well as limited PassRole permission.
AmazonLookoutMetricsReadOnlyAccess	Gives access to all read-only actions for Amazon Lookout for Metrics
AWSDataExchangeFullAccess	Grants full access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange.
AWSDataExchangeProviderFullAccess	Grants data provider access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange.
CloudWatchApplicationInsightsFullAccess	Provides full access to CloudWatch Application Insights and required dependencies.
AWSControlTowerServiceRolePolicy	Provides access to AWS Resources managed or used by AWS Control Tower
AmazonSageMakerNotebooksServiceRolePolicy	Managed policy for Service Linked Role for Amazon SageMaker Notebooks
AmazonRoute53ResolverFullAccess	Full access policy for Route 53 Resolver
AWSSystemsManagerChangeManagementServicePolicy	Provides access to AWS resources managed or used by the AWS Systems Manager change management framework.
AWSServiceCatalogAppRegistryFullAccess	Provides full access to Service Catalog App Registry capabilities
LakeFormationDataAccessServiceRolePolicy	Policy to grant temporary data access to Lake Formation resources
AmazonChimeServiceRolePolicy	Enables access to AWS Resources used or managed by Amazon Chime
AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy	Service role policy used by the AWS Service Catalog service to provision products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including CodePipeline, CodeBuild, CodeCommit, Glue, CloudFormation, etc,.
AWSTrustedAdvisorReportingServiceRolePolicy	Service Policy for Trusted Advisor Multi-account Reporting
AWSOpsWorksRegisterCLI_EC2	Policy to enable registration of EC2 instances via the OpsWorks CLI
AWSWAFConsoleReadOnlyAccess	Provides read-only access to AWS WAF via the AWS Management Console. Note that this policy also grants permissions to list Amazon CloudFront distributions, permissions to view load balancers on AWS Elastic Load Balancing, permissions to view Amazon API Gateway REST APIs and stages, permissions to list and view Amazon CloudWatch metrics, and permissions to view regions enabled within the account.
AWSSavingsPlansFullAccess	Provides full access to Savings Plans service
AWSServiceRoleForImageBuilder	Allows EC2ImageBuilder to call AWS services on your behalf.
AmazonBraketServiceRolePolicy	Allows Amazon Braket to create and manage AWS resources on your behalf
AmazonCodeGuruProfilerAgentAccess	Provides access required by Amazon CodeGuru Profiler agent.
AmazonLookoutVisionConsoleFullAccess	Provides full access to Amazon Lookout for Vision and scoped access to required service and console dependencies.
AmazonCodeGuruReviewerServiceRolePolicy	A service-linked role required for Amazon CodeGuru Reviewer to access resources on your behalf.
ServerMigration_ServiceRole	Permissions to allow the AWS Server Migration Service to migrate VMs to EC2: allows the Server Migration Service to place the migrated resources into the customer's EC2 account.
AWSAppMeshPreviewEnvoyAccess	App Mesh Preview Envoy policy for accessing Virtual Node configuration.
AWSOutpostsServiceRolePolicy	Service Linked Role policy to enable access to AWS resources managed by AWS Outposts
AmazonLambdaRolePolicyForLaunchWizardSAP	Managed policy to support SAP provisioning using Amazon LaunchWizard service role for Lambda
AmazonEC2RoleforAWSCodeDeployLimited	Provides EC2 limited access to S3 bucket to download revision. This role is needed by the CodeDeploy agent on EC2 instances.
ECRReplicationServiceRolePolicy	Enables access to AWS Services and Resources used or managed by ECR Replication
MigrationHubServiceRolePolicy	Allows Migration Hub to call Application Discovery Service on your behalf
AWSServiceRoleForMonitronPolicy	Grants Amazon Monitron permissions to manage AWS resources, including AWS SSO user assignment on your behalf.
AWSPanoramaSageMakerRolePolicy	Allows Amazon SageMaker to manage objects in buckets created for use with AWS Panorama.
AWSIoTWirelessGatewayCertManager	Allows the associated identity access to create, list and describe IoT Certificates
AWSDirectConnectServiceRolePolicy	Provides AWS Direct Connect permission to create and manage AWS resources on your behalf.
AWSApplicationMigrationEC2Access	This policy provides Amazon EC2 operations required to use Application Migration Service (MGN) to launch the migrated servers as EC2 instances. Attach this policy to your IAM users or roles.
AWSImageBuilderReadOnlyAccess	Provides read only access to all AWS Image Builder actions.
AWSGrafanaConsoleReadOnlyAccess	Access to read only operations in Amazon Grafana.
AWSMarketplaceMeteringRegisterUsage	Provides permissions to register a resource and track usage through AWS Marketplace Metering Service.
AmazonManagedBlockchainReadOnlyAccess	Provides read-only access to Amazon Managed Blockchain.
AmazonLookoutVisionReadOnlyAccess	Provides read only access to Amazon Lookout for Vision and scoped access to required dependencies.
AmazonRekognitionCustomLabelsFullAccess	This policy specifies rekognition and s3 permissions required by Amazon Rekognition Custom Labels feature.
AmazonHealthLakeFullAccess	Provides full access to Amazon HealthLake service.
AWSBackupServiceLinkedRolePolicyForBackup	Provides AWS Backup permission to create backups on your behalf across AWS services
AmazonManagedBlockchainConsoleFullAccess	Provides full access to Amazon Managed Blockchain via the AWS Management Console
AWSApplicationMigrationConversionServerPolicy	his policy allows the Application Migration Service (MGN) Conversion Server, which are EC2 instances launched by Application Migration Service, to communicate with the MGN service. An IAM role with this policy is attached (as an EC2 Instance Profile) by MGN to the MGN Conversion Servers, which are automatically launched and terminated by MGN, when needed. We do not recommend that you attach this policy to your IAM users or roles. MGN Conversion Servers are used by Application Migration Service when users choose to launch Test or Cutover instances using the MGN console, CLI, or API.
AWSSavingsPlansReadOnlyAccess	Provides read only access to Savings Plans service
AmazonHoneycodeWorkbookFullAccess	Provides full access to Honeycode Workbook via the AWS Management Console and the SDK.
AWSIoTDeviceTesterForGreengrassFullAccess	Allows AWS IoT Device Tester to run the AWS Greengrass qualification suite by allowing access to related services including Lambda, IoT, API Gateway, IAM
AWSElasticBeanstalkRoleECS	(Elastic Beanstalk operations role) Allows a multicontainer Docker environment to manage Amazon ECS clusters.
AmazonWorkMailMessageFlowFullAccess	Full access to the WorkMail Message Flow APIs
AWSServiceRoleForSMS	Provides access to AWS services and resources necessary to migrate service instances into AWS including EC2, S3 and Cloudformation.
AWSThinkboxDeadlineResourceTrackerAccessPolicy	Grants permissions required for the operation of AWS Thinkbox's Deadline Resource Tracker. This includes full access to some EC2 actions, including DeleteFleets and CancelSpotFleetRequests.
CloudWatch-CrossAccountAccess	Allows CloudWatch to assume CloudWatch-CrossAccountSharing roles in remote accounts on behalf of the current account in order to display data cross-account, cross-region
AWSLakeFormationDataAdmin	Grants administrative access to AWS Lake Formation and related services, such as AWS Glue, to manage data lakes
AWSElasticBeanstalkRoleCore	AWSElasticBeanstalkRoleCore (Elastic Beanstalk operations role) Allows core operation of a web service environment.
AWSLambda_FullAccess	Grants full access to AWS Lambda service, AWS Lambda console features, and other related AWS services.
AmazonEMRContainersServiceRolePolicy	Allows access to other AWS service resources that are required to run Amazon EMR
AWSDenyAll	Deny all access.
AWSIQFullAccess	Provides full access to AWS IQ
AmazonElasticContainerRegistryPublicPowerUser	Provides full access to Amazon ECR Public repositories, but does not allow repository deletion or policy changes.
AmazonPrometheusConsoleFullAccess	Grants full access to AWS Managed Prometheus resources in the AWS console
AWSElasticBeanstalkRoleSNS	(Elastic Beanstalk operations role) Allows an environment to enable Amazon SNS topic integration.
AmazonEKSVPCResourceController	Policy used by VPC Resource Controller to manage ENI and IPs for worker nodes.
EC2InstanceConnect	Allows customers to call EC2 Instance Connect to publish ephemeral keys to their EC2 instances and connect via ssh or the EC2 Instance Connect CLI.
AWSCompromisedKeyQuarantineV2	Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event.
ClientVPNServiceConnectionsRolePolicy	Policy to enable AWS Client VPN to manage your Client VPN endpoint connections.
AmazonAppFlowFullAccess	Provides full access to Amazon AppFlow and access to AWS services supported as flow source or destination (S3 and Redshift). Also provides access to KMS for encryption
Ec2ImageBuilderCrossAccountDistributionAccess	Permissions need by EC2 Image Builder to perform a cross account distribution.
AWSThinkboxAWSPortalWorkerPolicy	This policy grants the Deadline Workers in AWS Portal the necessary permissions required for normal operation.
AmazonS3OutpostsReadOnlyAccess	Provides read only access to Amazon S3 on Outposts via the AWS Management Console.
AWSCompromisedKeyQuarantine	Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the email sent to you regarding this event.
AWSAppMeshEnvoyAccess	App Mesh Envoy policy for accessing Virtual Node configuration.
AmazonKendraReadOnlyAccess	Provides read only access to Amazon Kendra via the AWS Management Console.
AmazonPrometheusFullAccess	Grants full access to AWS Managed Prometheus resources
AWS_ConfigRole	Default policy for AWS Config service role. Provides permissions required for AWS Config to track changes to your AWS resources.
AmazonNimbleStudio-StudioAdmin	This policy grants access to Amazon Nimble Studio resources associated with the studio admin and related studio resources in other services. Attach this policy to the Admin role associated with your studio.
AWSCodeArtifactReadOnlyAccess	Provides read only access to AWS CodeArtifact via the AWS Management Console.
AmazonRedshiftDataFullAccess	This policy provides full access to Amazon Redshift Data APIs. This policy also grants scoped access to other required services.
AWSApplicationMigrationReplicationServerPolicy	This policy allows the Application Migration Service (MGN) Replication Servers, which are EC2 instances launched by Application Migration Service - to communicate with the MGN service, and to create EBS snapshots in your AWS account. An IAM role with this policy is attached (as an EC2 Instance Profile) by Application Migration Service to the MGN Replication Servers which are automatically launched and terminated by MGN, as needed. MGN Replication Servers are used to facilitate data replication from your external servers to AWS, as part of the migration process managed using MGN. We do not recommend that you attach this policy to your IAM users or roles.

cloudy-native / aws-managed-policies Goto Github PK

aws-managed-policies's Introduction

A List of AWS Managed Policies

How to Build it

aws-managed-policies's People

Contributors

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent