AWS
Cloud integrations are installed from the **Data Sources** page. To configure a cloud integration, go to Settings > Data Sources and click "Add Data Source", select AWS, then in Advanced Settings > Security Capabilities, enable "Automation".
Cloud Services · AWS
Configuration parameters
credentials— Access Keyrole_arn— Role ARNrole_session_name— Role Session Namesession_duration— Role Session Durationregion— Default AWS region.timeout— Timeoutretries— Retriesendpoint_url— PrivateLink service URL.sts_endpoint_url— STS PrivateLink URL.sts_regional_endpoint— AWS STS Regional Endpointssts_region— STS Regionaccess_role_name— Role name for cross-organization account accessaccounts_to_access— AWS organization accountsmax_workers— Max concurrent command callsproxy— Use system proxy settingsinsecure— Trust any certificate (not secure)
Commands (174)
-
aws-acm-certificate-options-updateUpdates Certificate Transparency (CT) logging for an AWS Certificate Manager (ACM) certificate (ENABLED or DISABLED). Required IAM permission: acm:UpdateCertificateOptions.
-
aws-billing-budget-notification-listLists the notifications associated with a budget. Required IAM permission: budgets:DescribeNotificationsForBudget.
-
aws-billing-budgets-listLists configured budgets for a given AWS account. Required IAM permission: budgets:DescribeBudgets.
-
aws-billing-cost-usage-listRetrieves actual cost and usage data for a given time range and optional service filter. Required IAM permission: ce:GetCostAndUsage.
-
aws-billing-forecast-listForecasts AWS spending over a given future time period using historical trends. Required IAM permission: ce:GetCostForecast.
-
aws-cloudtrail-logging-startStarts recording AWS API calls and log file delivery for a trail. For trails enabled in all regions, this must be executed from the region where the trail was created. Cannot be executed on shadow trails (replicated trails in other regions). Required IAM permission: cloudtrail:StartLogging.
-
aws-cloudtrail-logging-start-enable-logging-quick-actionEnables CloudTrail logging. Required IAM permission: cloudtrail:StartLogging.
-
aws-cloudtrail-trail-enable-log-validation-quick-actionEnables log file validation for the reported CloudTrail. Required IAM permission: cloudtrail:UpdateTrail.
-
aws-cloudtrail-trail-updateUpdates trail settings for event logging and log file handling. Designates an existing bucket for log delivery without requiring a service restart. Note: This must be executed from the region where the trail was created. Required IAM permission: cloudtrail:UpdateTrail.
-
aws-cloudtrail-trails-describeRetrieves settings for a specific trail or returns information about all trails in the current AWS account. Required IAM permission: cloudtrail:DescribeTrails.
-
aws-ec2-address-allocateAllocates an Elastic IP address to your AWS account. After you allocate the Elastic IP address you can associate it with an instance or network interface. Required IAM Permission: ec2:AllocateAddress.
-
aws-ec2-address-associateAssociates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Required IAM Permission: ec2:AssociateAddress.
-
aws-ec2-address-disassociateDisassociates an Elastic IP address from the instance or network interface it's associated with. Required IAM Permission: ec2:DisassociateAddress.
-
aws-ec2-address-releaseReleases the specified Elastic IP address. After releasing an Elastic IP address, it is released to the IP address pool and might be unavailable to you. Required IAM Permission: ec2:ReleaseAddress.
-
aws-ec2-addresses-describeDescribes one or more of your Elastic IP addresses. Required IAM Permission: ec2:DescribeAddresses.
-
aws-ec2-enable-imdsv2-quick-actionEnables instance metadata services v2.0 for the EC2 instance. Required IAM permission: ec2:ModifyInstanceMetadataOptions.
-
aws-ec2-fleet-createLaunches an EC2 Fleet. Required IAM Permission: ec2:CreateFleet.
-
aws-ec2-fleet-deleteDeletes the specified EC2 Fleet. Required IAM Permission: ec2:DeleteFleets.
-
aws-ec2-fleet-instances-describeDescribes the running instances for the specified EC2 Fleet. Required IAM Permission: ec2:DescribeFleetInstances.
-
aws-ec2-fleet-modifyModifies the specified EC2 Fleet. Required IAM Permission: ec2:ModifyFleet.
-
aws-ec2-fleets-describeDescribes one or more of your EC2 Fleets. Required IAM Permission: ec2:DescribeFleets.
-
aws-ec2-hosts-allocateAllocates Dedicated Hosts to your account. Requires the instance type or family, the Availability Zone, and the quantity of hosts to allocate. Required IAM Permission: ec2:AllocateHosts.
-
aws-ec2-hosts-releaseReleases the specified Dedicated Hosts. Required IAM Permission: ec2:ReleaseHosts.
-
aws-ec2-iam-instance-profile-associations-describeDescribes IAM instance profile associations. Required IAM Permission: ec2:DescribeIamInstanceProfileAssociations.
-
aws-ec2-image-attribute-modifyModifies a specific attribute of the specified AMI. Required IAM permission: ec2:ModifyImageAttribute.
-
aws-ec2-image-attribute-set-ami-to-private-quick-actionRevokes public launch permissions for the EC2 AMI. Required IAM permission: ec2:ModifyImageAttribute.
-
aws-ec2-image-available-waiterWaits until an AMI is in the 'available' state. This command polls the AMI status until it becomes available or the maximum wait time is reached. Required IAM Permission: ec2:DescribeImages.
-
aws-ec2-image-copyInitiates the copy of an AMI from the specified source region to the current region. You can copy an AMI across regions to enable consistent global deployment. Required IAM Permission: ec2:CopyImage.
-
aws-ec2-image-createCreates an Amazon Machine Image (AMI) from an Amazon EBS-backed instance. The instance must be in the running or stopped state. Required IAM Permission: ec2:CreateImage.
-
aws-ec2-image-deregisterDeregisters the specified Amazon Machine Image (AMI). After you deregister an AMI, it can't be used to launch new instances. However, it doesn't affect any instances that you've already launched from the AMI. Required IAM Permission: ec2:DeregisterImage.
-
aws-ec2-images-describeDescribes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you. Required IAM Permission: ec2:DescribeImages.
-
aws-ec2-instance-attribute-modifyModifies a specific attribute for a specific instance. You can define only one attribute at a time. Required IAM permission: ec2:ModifyInstanceAttribute.
-
aws-ec2-instance-attribute-modify-quick-actionRemoves the associated security group from the EC2 instance profile. Required IAM permission: ec2:ModifyInstanceAttribute.
-
aws-ec2-instance-metadata-options-modifyModifes the EC2 instance metadata parameters on a running or stopped instance. Required IAM permission: ec2:ModifyInstanceMetadataOptions.
-
aws-ec2-instance-running-waiterWaits until the specified EC2 instances reach the 'running' state. Checks the status every `waiter_delay` seconds until successful or until `waiter_max_attempts` is reached (default maximum attempts: `waiter_max_attempts`). Required IAM Permission: ec2:DescribeInstances.
-
aws-ec2-instance-status-ok-waiterWaits until EC2 instance status checks pass. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstanceStatus.
-
aws-ec2-instance-stopped-waiterWaits until EC2 instances are in the 'stopped' state. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstances.
-
aws-ec2-instance-terminated-waiterWaits until the specified EC2 instances reach the 'terminated' state. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstances.
-
aws-ec2-instances-describeReturns details for specific instances or all instances. Required IAM permission: ec2:DescribeInstances.
-
aws-ec2-instances-monitorEnables detailed monitoring on one or more running Amazon EC2 instances. Required IAM Permission: ec2:MonitorInstances.
-
aws-ec2-instances-rebootRequests a reboot of one or more instances. This operation is asynchronous; it only queues a request to reboot the specified instances. Required IAM Permission: ec2:RebootInstances.
-
aws-ec2-instances-runLaunches a defined number of instances using an authorized AMI. Supports using a launch template to automate parameter entry. Check instance status using the aws-ec2-instances-describe command. Required IAM permission: ec2:RunInstances.
-
aws-ec2-instances-startStarts an Amazon EBS-backed instance that was previously stopped. Required IAM permission: ec2:StartInstances.
-
aws-ec2-instances-stopStops an Amazon EBS-backed instance. Required IAM permission: ec2:StopInstances.
-
aws-ec2-instances-terminateShuts down specific instances. This operation is idempotent; you can terminate an instance multiple times without causing an error. Required IAM permission: ec2:TerminateInstances.
-
aws-ec2-instances-unmonitorDisables detailed monitoring for one or more running Amazon EC2 instances. Required IAM Permission: ec2:UnmonitorInstances.
-
aws-ec2-internet-gateway-deleteDeletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. Required IAM Permission: ec2:DeleteInternetGateway.
-
aws-ec2-internet-gateway-describeA description of one or more of your internet gateways. Required IAM Permission: ec2:DescribeInternetGateways.
-
aws-ec2-internet-gateway-detachDetaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. Required IAM Permission: ec2:DetachInternetGateway.
-
aws-ec2-ipam-discovered-public-addresses-getRetrieves the public IP addresses that have been discovered by IPAM, the Amazon VPC IP Address Manager. Required IAM permission: ec2:GetIpamDiscoveredPublicAddresses.
-
aws-ec2-ipam-resource-discoveries-describeReturns details for IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources owned by the account. Required IAM permission: ec2:DescribeIpamResourceDiscoveries.
-
aws-ec2-ipam-resource-discovery-associations-describeReturns details for a resource discovery associated with an Amazon VPC IPAM. Required IAM permission: ec2:DescribeIpamResourceDiscoveryAssociations.
-
aws-ec2-key-pairs-describeDescribes the specified key pairs or all of your key pairs. Required IAM Permission: ec2:DescribeKeyPairs.
-
aws-ec2-latest-ami-getRetrieves the latest AMI. Required IAM permission: ec2:DescribeImages.
-
aws-ec2-launch-template-createCreates a launch template. A launch template contains the parameters to launch an instance. Required IAM Permission: ec2:CreateLaunchTemplate.
-
aws-ec2-launch-template-deleteDeletes a launch template. Deleting a launch template deletes all of its versions. Required IAM Permission: ec2:DeleteLaunchTemplate.
-
aws-ec2-launch-templates-describeDescribes one or more launch templates. Required IAM Permission: ec2:DescribeLaunchTemplates.
-
aws-ec2-network-acl-createCreates a network ACL in the defined VPC, providing an optional layer of security (in addition to security groups) for the instances in your VPC. Required IAM permission: ec2:CreateNetworkAcl.
-
aws-ec2-network-acl-entry-createCreates an entry (a rule) in a network ACL with the specified rule number. Required IAM Permission: ec2:CreateNetworkAclEntry.
-
aws-ec2-network-interface-attribute-modifyModifies a specific network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. Required IAM permission: ec2:ModifyNetworkInterfaceAttribute.
-
aws-ec2-password-data-getRetrieves the encrypted administrator password for a running Windows instance. Required IAM Permission: ec2:GetPasswordData.
-
aws-ec2-regions-describeReturns details for the regions enabled for your account, or for all regions. Required IAM permission: ec2:DescribeRegions.
-
aws-ec2-reserved-instances-describeDescribes one or more of the Reserved Instances that you purchased. Required IAM Permission: ec2:DescribeReservedInstances.
-
aws-ec2-security-group-createCreates a security group. Required IAM permission: ec2:CreateSecurityGroup.
-
aws-ec2-security-group-deleteDeletes a security group. Required IAM permission: ec2:DeleteSecurityGroup.
-
aws-ec2-security-group-egress-authorizeAdds the specified inbound (egress) rules to a security group. Required IAM Permission: ec2:AuthorizeSecurityGroupEgress.
-
aws-ec2-security-group-egress-revokeRemoves specified outbound (egress) rules from a security group. Required IAM permission: ec2:RevokeSecurityGroupEgress.
-
aws-ec2-security-group-ingress-authorizeAdds specified inbound (ingress) rules to a security group. Required IAM permission: ec2:AuthorizeSecurityGroupIngress.
-
aws-ec2-security-group-ingress-revokeRevokes ingress rules in a security group. Required IAM permission: ec2:RevokeSecurityGroupIngress.
-
aws-ec2-security-groups-describeReturns details for a specific security group or all of your security groups, including their rules, tags, and associated VPC information. Required IAM permission: ec2:DescribeSecurityGroups.
-
aws-ec2-set-snapshot-to-private-quick-actionRevokes public access to the EC2 snapshot. Required IAM permission: ec2:ModifySnapshotAttribute.
-
aws-ec2-snapshot-attribute-modifyAdds or removes permission settings for a specified snapshot. Note: snapshots encrypted with the AWS-managed default key (alias/aws/ebs) cannot be shared. Use unencrypted snapshots or those encrypted with a customer-managed KMS key to allow permission modifications. Required IAM permission: ec2:ModifySnapshotAttribute.
-
aws-ec2-snapshot-completed-waiterA waiter function that waits until the snapshot is complete. Required IAM Permission: ec2:DescribeSnapshots.
-
aws-ec2-snapshot-copyCopies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. Required IAM Permission: ec2:CopySnapshot.
-
aws-ec2-snapshot-createCreates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance. Required IAM permission: ec2:CreateSnapshot.
-
aws-ec2-snapshot-deleteDeletes the specified snapshot. Required IAM Permission: ec2:DeleteSnapshot.
-
aws-ec2-snapshot-permission-modifyAdds or removes permission settings for a specific snapshot. Required IAM permission: ec2:ModifySnapshotAttribute.
-
aws-ec2-snapshots-describeDescribes the EBS snapshots available to you or all snapshots accessible in your environment. Required IAM Permission: ec2:DescribeSnapshots.
-
aws-ec2-subnet-attribute-modifyModifies a subnet attribute. Required IAM permission: ec2:ModifySubnetAttribute.
-
aws-ec2-subnet-deleteDeletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. Required IAM Permission: ec2:DeleteSubnet.
-
aws-ec2-subnets-describeReturns details for one or more provided subnets. Required IAM permission: ec2:DescribeSubnets.
-
aws-ec2-tags-createAdds or overwrites one or more tags for specific Amazon EC2 resources. When you specify an existing tag key, the value is overwritten with the new value. Required IAM permission: ec2:CreateTags.
-
aws-ec2-traffic-mirror-session-createCreates a Traffic Mirror session. A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Required IAM Permission: ec2:CreateTrafficMirrorSession.
-
aws-ec2-volume-attachAttaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name. Required IAM Permission: ec2:AttachVolume.
-
aws-ec2-volume-createCreates an EBS volume that can be attached to an instance in the same Availability Zone. Required IAM Permission: ec2:CreateVolume.
-
aws-ec2-volume-deleteDeletes the specified EBS volume. The volume must be in the available state (not attached to an instance). Required IAM Permission: ec2:DeleteVolume.
-
aws-ec2-volume-detachDetaches an EBS volume from an instance. Required IAM Permission: ec2:DetachVolume.
-
aws-ec2-volume-modifyYou can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. Required IAM Permission: ec2:ModifyVolume.
-
aws-ec2-volumes-describeDescribes the specified EBS volumes or all of your EBS volumes. Required IAM Permission: ec2:DescribeVolumes.
-
aws-ec2-vpc-deleteDeletes a specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. Required IAM Permission: ec2:DeleteVpc.
-
aws-ec2-vpc-endpoint-createCreates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. Required IAM Permission: ec2:CreateVpcEndpoint.
-
aws-ec2-vpcs-describeReturns details for one or more provided VPCs. Required IAM permission: ec2:DescribeVpcs.
-
aws-ecs-cluster-settings-updateUpdates the containerInsights setting of an ECS cluster. Required IAM permission: ecs:UpdateClusterSettings.
-
aws-eks-access-entry-createCreates a new Access Entry for an Amazon EKS cluster. Required IAM Permission: eks:CreateAccessEntry.
-
aws-eks-access-entry-updateUpdates an existing Access Entry for an Amazon EKS cluster. Required IAM Permission: eks:UpdateAccessEntry.
-
aws-eks-access-policy-associateAssociates an access policy and its scope to an access entry. Required IAM permission: eks:AssociateAccessPolicy.
-
aws-eks-cluster-config-updateUpdates an Amazon EKS cluster configuration. Only one type of update is allowed per call (logging or resources_vpc_config). Required IAM permission: eks:UpdateClusterConfig.
-
aws-eks-cluster-describeReturns details for an Amazon EKS cluster. Required IAM permission: eks:DescribeCluster.
-
aws-eks-clusters-listReturns a list of EKS clusters. Required IAM Permission: eks:ListClusters.
-
aws-eks-disable-public-access-quick-actionDisables public access to the EKS cluster's API endpoint, making it only accessible from within the cluster's VPC. Required IAM permission: eks:UpdateClusterConfig.
-
aws-eks-enable-control-plane-logging-quick-actionEnables control plane logging for an EKS cluster. Required IAM permission: eks:UpdateClusterConfig.
-
aws-elb-load-balancer-attributes-modifyModifies attributes for a Classic Elastic Load Balancer. Required IAM permission: elasticloadbalancing:ModifyLoadBalancerAttributes.
-
aws-iam-access-key-updateChanges the status of the specified access key from Active to Inactive, or vice versa. Can be used to disable a user's access key as part of a key rotation workflow. Required IAM permission: iam:UpdateAccessKey.
-
aws-iam-account-password-policy-getRetrieves the AWS account password policy. Required IAM permission: iam:GetAccountPasswordPolicy.
-
aws-iam-account-password-policy-updateCreates or updates AWS account password policy. Required IAM permission: iam:UpdateAccountPasswordPolicy.
-
aws-iam-login-profile-deleteDeletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console. Required IAM permission: iam:DeleteLoginProfile.
-
aws-iam-role-from-instance-profile-removeRemoves the specified IAM role from the specified EC2 instance profile. Required IAM permission: iam:RemoveRoleFromInstanceProfile.
-
aws-iam-role-policy-putAdds or updates an inline policy document that is embedded in the specified IAM role. Required IAM permission: iam:PutRolePolicy.
-
aws-iam-user-policy-putAdds or updates an inline policy document that is embedded in the specified IAM user. Required IAM permission: iam:PutUserPolicy.
-
aws-kms-key-rotation-enableEnables automatic rotation for a symmetric customer-managed KMS key. Not supported for asymmetric/HMAC keys, keys with imported material, or custom key stores. Default is us-east-1. Required IAM permission: kms:EnableKeyRotation.
-
aws-lambda-account-settings-getRetrieves details about the account's limits and usage in an AWS Region. Required IAM Permission: lambda:GetAccountSettings.
-
aws-lambda-aliases-listReturns a list of aliases created for a Lambda function. Required IAM Permission: lambda:ListAliases.
-
aws-lambda-function-configuration-getRetrieves configuration information about a Lambda function. Required IAM permission: lambda:GetFunctionConfiguration.
-
aws-lambda-function-configuration-updateUpdates the configuration for a Lambda function. Required IAM Permission: lambda:UpdateFunctionConfiguration.
-
aws-lambda-function-createCreates a Lambda function. To create a function, you need a deployment package and an execution role. Required IAM Permission: lambda:CreateFunction.
-
aws-lambda-function-deleteDeletes a Lambda function. Required IAM Permission: lambda:DeleteFunction.
-
aws-lambda-function-getReturns information about the function or the specified version, including a link to download the deployment package (valid for 10 minutes). If a version is specified, only version-specific details are returned. Required IAM Permission: lambda:GetFunction.
-
aws-lambda-function-url-config-deleteDeletes a Lambda function URL. When you delete a function URL, you can't recover it. Creating a new function URL results in a different URL address. Required IAM Permission: lambda:DeleteFunctionUrlConfig.
-
aws-lambda-function-url-config-getReturns the configuration for a Lambda function URL. Required IAM permission: lambda:GetFunctionUrlConfig.
-
aws-lambda-function-url-config-updateUpdates the configuration for a Lambda function URL. Required IAM permission: lambda:UpdateFunctionUrlConfig.
-
aws-lambda-function-versions-listReturns a list of versions, with the version-specific configuration of each. Required IAM Permission: lambda:ListVersionsByFunction.
-
aws-lambda-functions-listReturns a list of your Lambda functions. For each function, the response includes the function configuration information. Required IAM Permission: lambda:ListFunctions.
-
aws-lambda-invokeInvokes a Lambda function. Define only the function name to invoke the latest version, or use the Qualifier parameter for a specific version or alias. Note: Synchronous calls may retry on timeout, potentially causing client disconnection. Asynchronous calls require idempotent functions to handle multiple possible invocations. Required IAM permission: lambda:InvokeFunction.
-
aws-lambda-layer-version-deleteDeletes a version of a Lambda layer. Required IAM Permission: lambda:DeleteLayerVersion.
-
aws-lambda-layer-version-listLists the versions of an Lambda layer. Required IAM Permission: lambda:ListLayerVersions.
-
aws-lambda-layer-version-publishCreates a Lambda layer from a ZIP archive. Required IAM Permission: lambda:PublishLayerVersion.
-
aws-lambda-policy-getReturns the resource-based IAM policy for a Lambda function. Required IAM permission: lambda:GetPolicy.
-
aws-rds-db-cluster-enable-deletion-protection-quick-actionEnables deletion protection for the RDS DB cluster to prevent accidental deletion. Required IAM permission: rds:ModifyDBCluster.
-
aws-rds-db-cluster-enable-iam-auth-quick-actionEnables 'iam database authentication' for the RDS cluster. Required IAM permission: rds:ModifyDBCluster.
-
aws-rds-db-cluster-modifyModifies settings for an Amazon RDS DB cluster. Allows you to update cluster settings such as port, master credentials, VPC security groups, deletion protection, and other configuration options. Required IAM Permission: rds:ModifyDBCluster.
-
aws-rds-db-cluster-snapshot-attribute-modifyModifies the attributes associated with a DB cluster snapshot. Required IAM permission: rds:ModifyDBClusterSnapshotAttribute.
-
aws-rds-db-cluster-snapshot-set-to-private-quick-actionRevokes public access to the RDS DB cluster snapshot, making it private. Required IAM permission: rds:ModifyDBClusterSnapshotAttribute.
-
aws-rds-db-instance-enable-auto-upgrade-quick-actionEnables automatic minor version upgrades for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-enable-deletion-protection-quick-actionEnables deletion protection for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-enable-iam-auth-quick-actionEnables IAM database authentication for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-enable-multi-az-quick-actionEnables Multi-AZ deployment for the RDS database instance to enhance availability and durability. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-modifyModifies an existing Amazon RDS DB instance. Enables updating the instance class, storage capacity, security groups, and other configuration parameters without the need to create a new instance. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-modify-copy-tags-on-rds-snapshot-quick-actionEnables 'copy tags to snapshots' for the RDS instance. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-modify-enable-automatic-backup-quick-actionEnables automatic backup settings for the RDS DB instance with a default retention period of 30 days. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instance-modify-publicly-accessible-quick-actionDisables public access for AWS RDS database instance by modifying the instance settings. Required IAM permission: rds:ModifyDBInstance.
-
aws-rds-db-instances-describeReturns information about provisioned RDS instances. Required IAM Permission: rds:DescribeDBInstances.
-
aws-rds-db-snapshot-attribute-modifyAdds or removes permission for the specified AWS account ID to restore the specified DB snapshot. Required IAM permission: rds:ModifyDBSnapshotAttribute.
-
aws-rds-db-snapshot-attribute-set-snapshot-to-private-quick-actionRevokes public access to the RDS DB snapshot, making it private. Required IAM permission: rds:ModifyDBSnapshotAttribute.
-
aws-rds-event-subscription-modifyModifies an existing RDS event notification subscription. Required IAM permission: rds:ModifyEventSubscription.
-
aws-rds-event-subscription-modify-quick-actionActivates an existing RDS event subscription. Required IAM permission: rds:ModifyEventSubscription.
-
aws-redshift-cluster-modifyModifies the settings of a cluster. Required IAM Permission: redshift:ModifyCluster.
-
aws-s3-bucket-acl-getRetrieves the access control list (ACL) of a bucket. Required IAM permission: s3:GetBucketAcl.
-
aws-s3-bucket-acl-putSets the access control list (ACL) permissions for an existing Amazon S3 bucket. This command allows you to define who can access the bucket and what actions they can perform, using predefined ACLs. Since 2023, all new S3 buckets block ACLs by default for better security. Required IAM permission: s3:PutBucketAcl.
-
aws-s3-bucket-acl-set-to-private-quick-actionSets the Access Control List (ACL) for the S3 bucket to private. Required IAM permission: s3:PutBucketAcl.
-
aws-s3-bucket-createCreates a new S3 bucket. Required IAM permission: s3:CreateBucket.
-
aws-s3-bucket-deleteDelete AWS S3 bucket, the bucket must be empty from files. Required IAM Permission: s3:DeleteBucket.
-
aws-s3-bucket-enable-bucket-access-logging-quick-actionEnables server access logging for the S3 bucket, delivering logs to a target bucket and prefix. Required IAM permission: s3:PutBucketLogging.
-
aws-s3-bucket-encryption-getRetrieves the default encryption configuration for an Amazon S3 bucket. Shows the server-side encryption settings that are applied to new objects stored in the bucket. Required IAM permission: s3:GetEncryptionConfiguration.
-
aws-s3-bucket-logging-putConfigures logging settings for an AWS S3 bucket, enabling monitoring bucket access via logs delivered to a designated target bucket. Required IAM permission: s3:PutBucketLogging.
-
aws-s3-bucket-objects-listReturns some or all (up to 1,000) of the objects in a bucket. Required IAM Permission: s3:ListBucket.
-
aws-s3-bucket-ownership-controls-putCreates or modifies ownership controls for an Amazon S3 bucket. Required IAM permission: s3:PutBucketOwnershipControls.
-
aws-s3-bucket-ownership-controls-put-quick-actionSwitches the bucket to "Bucket Owner Enforced" mode, placing all access control under your account policies. Required IAM permission: s3:PutBucketOwnershipControls.
-
aws-s3-bucket-policy-deleteDeletes the bucket policy from an Amazon S3 bucket, removing all policy-based access controls from the bucket and potentially changing access permissions. Required IAM permission: s3:DeleteBucketPolicy.
-
aws-s3-bucket-policy-getRetrieves the bucket policy for an Amazon S3 bucket. Returns the policy document in JSON format if one exists. Required IAM permission: s3:GetBucketPolicy.
-
aws-s3-bucket-policy-putApplies an Amazon S3 bucket policy to an Outposts bucket. Required IAM permission: s3:PutBucketPolicy.
-
aws-s3-bucket-policy-put-quick-actionEnforces SSL-only access on the S3 bucket by applying a bucket policy that denies all non-HTTPS requests. Required IAM permission: s3:PutBucketPolicy.
-
aws-s3-bucket-versioning-enable-quick-actionEnables versioning on the S3 bucket to retain multiple versions of objects. Required IAM permission: s3:PutBucketVersioning.
-
aws-s3-bucket-versioning-putSets the versioning state of an existing bucket. Required IAM permission: s3:PutBucketVersioning.
-
aws-s3-bucket-website-deleteRemoves the website configuration for a bucket. Required IAM permission: s3:DeleteBucketWebsite.
-
aws-s3-bucket-website-disable-hosting-quick-actionRemoves the static website hosting configuration from an S3 bucket. Required IAM permission: s3:DeleteBucketWebsite.
-
aws-s3-bucket-website-getRetrieves the website configuration for a bucket. Required IAM permission: s3:GetBucketWebsite.
-
aws-s3-buckets-listReturns a list of all buckets owned by the authenticated sender of the request. Required IAM permission: s3:ListAllMyBuckets.
-
aws-s3-file-downloadDownloads a file from the S3 bucket to the War Room. Required IAM permission: s3:GetObject.
-
aws-s3-file-uploadUploads a file to the S3 bucket. Required IAM permission: s3:PutObject.
-
aws-s3-public-access-block-getRetrieves the public access block configuration for an Amazon S3 bucket. Shows the current settings that control public access to the bucket and its objects. Required IAM permission: s3:GetBucketPublicAccessBlock.
-
aws-s3-public-access-block-quick-actionBlocks all public access to the S3 bucket. Required IAM permission: s3:PutBucketPublicAccessBlock.
-
aws-s3-public-access-block-updateCreates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. Required IAM permission: s3:PutBucketPublicAccessBlock.
-
aws-ssm-command-runRuns commands on one or more managed nodes. Required IAM permission: ssm:SendCommand, ssm:ListCommands.
-
aws-ssm-inventory-entries-listReturns a list of inventory items. Required IAM permission: ssm:ListInventoryEntries.