AWS

Cloud integrations are installed from the **Data Sources** page. To configure a cloud integration, go to Settings > Data Sources and click "Add Data Source", select AWS, then in Advanced Settings > Security Capabilities, enable "Automation".

Cloud Services · AWS

Configuration parameters

  • credentials — Access Key
  • role_arn — Role ARN
  • role_session_name — Role Session Name
  • session_duration — Role Session Duration
  • region — Default AWS region.
  • timeout — Timeout
  • retries — Retries
  • endpoint_url — PrivateLink service URL.
  • sts_endpoint_url — STS PrivateLink URL.
  • sts_regional_endpoint — AWS STS Regional Endpoints
  • sts_region — STS Region
  • access_role_name — Role name for cross-organization account access
  • accounts_to_access — AWS organization accounts
  • max_workers — Max concurrent command calls
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)

Commands (174)

  • aws-acm-certificate-options-update

    Updates Certificate Transparency (CT) logging for an AWS Certificate Manager (ACM) certificate (ENABLED or DISABLED). Required IAM permission: acm:UpdateCertificateOptions.

  • aws-billing-budget-notification-list

    Lists the notifications associated with a budget. Required IAM permission: budgets:DescribeNotificationsForBudget.

  • aws-billing-budgets-list

    Lists configured budgets for a given AWS account. Required IAM permission: budgets:DescribeBudgets.

  • aws-billing-cost-usage-list

    Retrieves actual cost and usage data for a given time range and optional service filter. Required IAM permission: ce:GetCostAndUsage.

  • aws-billing-forecast-list

    Forecasts AWS spending over a given future time period using historical trends. Required IAM permission: ce:GetCostForecast.

  • aws-cloudtrail-logging-start

    Starts recording AWS API calls and log file delivery for a trail. For trails enabled in all regions, this must be executed from the region where the trail was created. Cannot be executed on shadow trails (replicated trails in other regions). Required IAM permission: cloudtrail:StartLogging.

  • aws-cloudtrail-logging-start-enable-logging-quick-action

    Enables CloudTrail logging. Required IAM permission: cloudtrail:StartLogging.

  • aws-cloudtrail-trail-enable-log-validation-quick-action

    Enables log file validation for the reported CloudTrail. Required IAM permission: cloudtrail:UpdateTrail.

  • aws-cloudtrail-trail-update

    Updates trail settings for event logging and log file handling. Designates an existing bucket for log delivery without requiring a service restart. Note: This must be executed from the region where the trail was created. Required IAM permission: cloudtrail:UpdateTrail.

  • aws-cloudtrail-trails-describe

    Retrieves settings for a specific trail or returns information about all trails in the current AWS account. Required IAM permission: cloudtrail:DescribeTrails.

  • aws-ec2-address-allocate

    Allocates an Elastic IP address to your AWS account. After you allocate the Elastic IP address you can associate it with an instance or network interface. Required IAM Permission: ec2:AllocateAddress.

  • aws-ec2-address-associate

    Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Required IAM Permission: ec2:AssociateAddress.

  • aws-ec2-address-disassociate

    Disassociates an Elastic IP address from the instance or network interface it's associated with. Required IAM Permission: ec2:DisassociateAddress.

  • aws-ec2-address-release

    Releases the specified Elastic IP address. After releasing an Elastic IP address, it is released to the IP address pool and might be unavailable to you. Required IAM Permission: ec2:ReleaseAddress.

  • aws-ec2-addresses-describe

    Describes one or more of your Elastic IP addresses. Required IAM Permission: ec2:DescribeAddresses.

  • aws-ec2-enable-imdsv2-quick-action

    Enables instance metadata services v2.0 for the EC2 instance. Required IAM permission: ec2:ModifyInstanceMetadataOptions.

  • aws-ec2-fleet-create

    Launches an EC2 Fleet. Required IAM Permission: ec2:CreateFleet.

  • aws-ec2-fleet-delete

    Deletes the specified EC2 Fleet. Required IAM Permission: ec2:DeleteFleets.

  • aws-ec2-fleet-instances-describe

    Describes the running instances for the specified EC2 Fleet. Required IAM Permission: ec2:DescribeFleetInstances.

  • aws-ec2-fleet-modify

    Modifies the specified EC2 Fleet. Required IAM Permission: ec2:ModifyFleet.

  • aws-ec2-fleets-describe

    Describes one or more of your EC2 Fleets. Required IAM Permission: ec2:DescribeFleets.

  • aws-ec2-hosts-allocate

    Allocates Dedicated Hosts to your account. Requires the instance type or family, the Availability Zone, and the quantity of hosts to allocate. Required IAM Permission: ec2:AllocateHosts.

  • aws-ec2-hosts-release

    Releases the specified Dedicated Hosts. Required IAM Permission: ec2:ReleaseHosts.

  • aws-ec2-iam-instance-profile-associations-describe

    Describes IAM instance profile associations. Required IAM Permission: ec2:DescribeIamInstanceProfileAssociations.

  • aws-ec2-image-attribute-modify

    Modifies a specific attribute of the specified AMI. Required IAM permission: ec2:ModifyImageAttribute.

  • aws-ec2-image-attribute-set-ami-to-private-quick-action

    Revokes public launch permissions for the EC2 AMI. Required IAM permission: ec2:ModifyImageAttribute.

  • aws-ec2-image-available-waiter

    Waits until an AMI is in the 'available' state. This command polls the AMI status until it becomes available or the maximum wait time is reached. Required IAM Permission: ec2:DescribeImages.

  • aws-ec2-image-copy

    Initiates the copy of an AMI from the specified source region to the current region. You can copy an AMI across regions to enable consistent global deployment. Required IAM Permission: ec2:CopyImage.

  • aws-ec2-image-create

    Creates an Amazon Machine Image (AMI) from an Amazon EBS-backed instance. The instance must be in the running or stopped state. Required IAM Permission: ec2:CreateImage.

  • aws-ec2-image-deregister

    Deregisters the specified Amazon Machine Image (AMI). After you deregister an AMI, it can't be used to launch new instances. However, it doesn't affect any instances that you've already launched from the AMI. Required IAM Permission: ec2:DeregisterImage.

  • aws-ec2-images-describe

    Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you. Required IAM Permission: ec2:DescribeImages.

  • aws-ec2-instance-attribute-modify

    Modifies a specific attribute for a specific instance. You can define only one attribute at a time. Required IAM permission: ec2:ModifyInstanceAttribute.

  • aws-ec2-instance-attribute-modify-quick-action

    Removes the associated security group from the EC2 instance profile. Required IAM permission: ec2:ModifyInstanceAttribute.

  • aws-ec2-instance-metadata-options-modify

    Modifes the EC2 instance metadata parameters on a running or stopped instance. Required IAM permission: ec2:ModifyInstanceMetadataOptions.

  • aws-ec2-instance-running-waiter

    Waits until the specified EC2 instances reach the 'running' state. Checks the status every `waiter_delay` seconds until successful or until `waiter_max_attempts` is reached (default maximum attempts: `waiter_max_attempts`). Required IAM Permission: ec2:DescribeInstances.

  • aws-ec2-instance-status-ok-waiter

    Waits until EC2 instance status checks pass. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstanceStatus.

  • aws-ec2-instance-stopped-waiter

    Waits until EC2 instances are in the 'stopped' state. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstances.

  • aws-ec2-instance-terminated-waiter

    Waits until the specified EC2 instances reach the 'terminated' state. Checks every `waiter_delay` seconds until successful or until the maximum number of attempts (`waiter_max_attempts`) is reached. Required IAM Permission: ec2:DescribeInstances.

  • aws-ec2-instances-describe

    Returns details for specific instances or all instances. Required IAM permission: ec2:DescribeInstances.

  • aws-ec2-instances-monitor

    Enables detailed monitoring on one or more running Amazon EC2 instances. Required IAM Permission: ec2:MonitorInstances.

  • aws-ec2-instances-reboot

    Requests a reboot of one or more instances. This operation is asynchronous; it only queues a request to reboot the specified instances. Required IAM Permission: ec2:RebootInstances.

  • aws-ec2-instances-run

    Launches a defined number of instances using an authorized AMI. Supports using a launch template to automate parameter entry. Check instance status using the aws-ec2-instances-describe command. Required IAM permission: ec2:RunInstances.

  • aws-ec2-instances-start

    Starts an Amazon EBS-backed instance that was previously stopped. Required IAM permission: ec2:StartInstances.

  • aws-ec2-instances-stop

    Stops an Amazon EBS-backed instance. Required IAM permission: ec2:StopInstances.

  • aws-ec2-instances-terminate

    Shuts down specific instances. This operation is idempotent; you can terminate an instance multiple times without causing an error. Required IAM permission: ec2:TerminateInstances.

  • aws-ec2-instances-unmonitor

    Disables detailed monitoring for one or more running Amazon EC2 instances. Required IAM Permission: ec2:UnmonitorInstances.

  • aws-ec2-internet-gateway-delete

    Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. Required IAM Permission: ec2:DeleteInternetGateway.

  • aws-ec2-internet-gateway-describe

    A description of one or more of your internet gateways. Required IAM Permission: ec2:DescribeInternetGateways.

  • aws-ec2-internet-gateway-detach

    Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. Required IAM Permission: ec2:DetachInternetGateway.

  • aws-ec2-ipam-discovered-public-addresses-get

    Retrieves the public IP addresses that have been discovered by IPAM, the Amazon VPC IP Address Manager. Required IAM permission: ec2:GetIpamDiscoveredPublicAddresses.

  • aws-ec2-ipam-resource-discoveries-describe

    Returns details for IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources owned by the account. Required IAM permission: ec2:DescribeIpamResourceDiscoveries.

  • aws-ec2-ipam-resource-discovery-associations-describe

    Returns details for a resource discovery associated with an Amazon VPC IPAM. Required IAM permission: ec2:DescribeIpamResourceDiscoveryAssociations.

  • aws-ec2-key-pairs-describe

    Describes the specified key pairs or all of your key pairs. Required IAM Permission: ec2:DescribeKeyPairs.

  • aws-ec2-latest-ami-get

    Retrieves the latest AMI. Required IAM permission: ec2:DescribeImages.

  • aws-ec2-launch-template-create

    Creates a launch template. A launch template contains the parameters to launch an instance. Required IAM Permission: ec2:CreateLaunchTemplate.

  • aws-ec2-launch-template-delete

    Deletes a launch template. Deleting a launch template deletes all of its versions. Required IAM Permission: ec2:DeleteLaunchTemplate.

  • aws-ec2-launch-templates-describe

    Describes one or more launch templates. Required IAM Permission: ec2:DescribeLaunchTemplates.

  • aws-ec2-network-acl-create

    Creates a network ACL in the defined VPC, providing an optional layer of security (in addition to security groups) for the instances in your VPC. Required IAM permission: ec2:CreateNetworkAcl.

  • aws-ec2-network-acl-entry-create

    Creates an entry (a rule) in a network ACL with the specified rule number. Required IAM Permission: ec2:CreateNetworkAclEntry.

  • aws-ec2-network-interface-attribute-modify

    Modifies a specific network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. Required IAM permission: ec2:ModifyNetworkInterfaceAttribute.

  • aws-ec2-password-data-get

    Retrieves the encrypted administrator password for a running Windows instance. Required IAM Permission: ec2:GetPasswordData.

  • aws-ec2-regions-describe

    Returns details for the regions enabled for your account, or for all regions. Required IAM permission: ec2:DescribeRegions.

  • aws-ec2-reserved-instances-describe

    Describes one or more of the Reserved Instances that you purchased. Required IAM Permission: ec2:DescribeReservedInstances.

  • aws-ec2-security-group-create

    Creates a security group. Required IAM permission: ec2:CreateSecurityGroup.

  • aws-ec2-security-group-delete

    Deletes a security group. Required IAM permission: ec2:DeleteSecurityGroup.

  • aws-ec2-security-group-egress-authorize

    Adds the specified inbound (egress) rules to a security group. Required IAM Permission: ec2:AuthorizeSecurityGroupEgress.

  • aws-ec2-security-group-egress-revoke

    Removes specified outbound (egress) rules from a security group. Required IAM permission: ec2:RevokeSecurityGroupEgress.

  • aws-ec2-security-group-ingress-authorize

    Adds specified inbound (ingress) rules to a security group. Required IAM permission: ec2:AuthorizeSecurityGroupIngress.

  • aws-ec2-security-group-ingress-revoke

    Revokes ingress rules in a security group. Required IAM permission: ec2:RevokeSecurityGroupIngress.

  • aws-ec2-security-groups-describe

    Returns details for a specific security group or all of your security groups, including their rules, tags, and associated VPC information. Required IAM permission: ec2:DescribeSecurityGroups.

  • aws-ec2-set-snapshot-to-private-quick-action

    Revokes public access to the EC2 snapshot. Required IAM permission: ec2:ModifySnapshotAttribute.

  • aws-ec2-snapshot-attribute-modify

    Adds or removes permission settings for a specified snapshot. Note: snapshots encrypted with the AWS-managed default key (alias/aws/ebs) cannot be shared. Use unencrypted snapshots or those encrypted with a customer-managed KMS key to allow permission modifications. Required IAM permission: ec2:ModifySnapshotAttribute.

  • aws-ec2-snapshot-completed-waiter

    A waiter function that waits until the snapshot is complete. Required IAM Permission: ec2:DescribeSnapshots.

  • aws-ec2-snapshot-copy

    Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. Required IAM Permission: ec2:CopySnapshot.

  • aws-ec2-snapshot-create

    Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance. Required IAM permission: ec2:CreateSnapshot.

  • aws-ec2-snapshot-delete

    Deletes the specified snapshot. Required IAM Permission: ec2:DeleteSnapshot.

  • aws-ec2-snapshot-permission-modify

    Adds or removes permission settings for a specific snapshot. Required IAM permission: ec2:ModifySnapshotAttribute.

  • aws-ec2-snapshots-describe

    Describes the EBS snapshots available to you or all snapshots accessible in your environment. Required IAM Permission: ec2:DescribeSnapshots.

  • aws-ec2-subnet-attribute-modify

    Modifies a subnet attribute. Required IAM permission: ec2:ModifySubnetAttribute.

  • aws-ec2-subnet-delete

    Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. Required IAM Permission: ec2:DeleteSubnet.

  • aws-ec2-subnets-describe

    Returns details for one or more provided subnets. Required IAM permission: ec2:DescribeSubnets.

  • aws-ec2-tags-create

    Adds or overwrites one or more tags for specific Amazon EC2 resources. When you specify an existing tag key, the value is overwritten with the new value. Required IAM permission: ec2:CreateTags.

  • aws-ec2-traffic-mirror-session-create

    Creates a Traffic Mirror session. A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Required IAM Permission: ec2:CreateTrafficMirrorSession.

  • aws-ec2-volume-attach

    Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name. Required IAM Permission: ec2:AttachVolume.

  • aws-ec2-volume-create

    Creates an EBS volume that can be attached to an instance in the same Availability Zone. Required IAM Permission: ec2:CreateVolume.

  • aws-ec2-volume-delete

    Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance). Required IAM Permission: ec2:DeleteVolume.

  • aws-ec2-volume-detach

    Detaches an EBS volume from an instance. Required IAM Permission: ec2:DetachVolume.

  • aws-ec2-volume-modify

    You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. Required IAM Permission: ec2:ModifyVolume.

  • aws-ec2-volumes-describe

    Describes the specified EBS volumes or all of your EBS volumes. Required IAM Permission: ec2:DescribeVolumes.

  • aws-ec2-vpc-delete

    Deletes a specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. Required IAM Permission: ec2:DeleteVpc.

  • aws-ec2-vpc-endpoint-create

    Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. Required IAM Permission: ec2:CreateVpcEndpoint.

  • aws-ec2-vpcs-describe

    Returns details for one or more provided VPCs. Required IAM permission: ec2:DescribeVpcs.

  • aws-ecs-cluster-settings-update

    Updates the containerInsights setting of an ECS cluster. Required IAM permission: ecs:UpdateClusterSettings.

  • aws-eks-access-entry-create

    Creates a new Access Entry for an Amazon EKS cluster. Required IAM Permission: eks:CreateAccessEntry.

  • aws-eks-access-entry-update

    Updates an existing Access Entry for an Amazon EKS cluster. Required IAM Permission: eks:UpdateAccessEntry.

  • aws-eks-access-policy-associate

    Associates an access policy and its scope to an access entry. Required IAM permission: eks:AssociateAccessPolicy.

  • aws-eks-cluster-config-update

    Updates an Amazon EKS cluster configuration. Only one type of update is allowed per call (logging or resources_vpc_config). Required IAM permission: eks:UpdateClusterConfig.

  • aws-eks-cluster-describe

    Returns details for an Amazon EKS cluster. Required IAM permission: eks:DescribeCluster.

  • aws-eks-clusters-list

    Returns a list of EKS clusters. Required IAM Permission: eks:ListClusters.

  • aws-eks-disable-public-access-quick-action

    Disables public access to the EKS cluster's API endpoint, making it only accessible from within the cluster's VPC. Required IAM permission: eks:UpdateClusterConfig.

  • aws-eks-enable-control-plane-logging-quick-action

    Enables control plane logging for an EKS cluster. Required IAM permission: eks:UpdateClusterConfig.

  • aws-elb-load-balancer-attributes-modify

    Modifies attributes for a Classic Elastic Load Balancer. Required IAM permission: elasticloadbalancing:ModifyLoadBalancerAttributes.

  • aws-iam-access-key-update

    Changes the status of the specified access key from Active to Inactive, or vice versa. Can be used to disable a user's access key as part of a key rotation workflow. Required IAM permission: iam:UpdateAccessKey.

  • aws-iam-account-password-policy-get

    Retrieves the AWS account password policy. Required IAM permission: iam:GetAccountPasswordPolicy.

  • aws-iam-account-password-policy-update

    Creates or updates AWS account password policy. Required IAM permission: iam:UpdateAccountPasswordPolicy.

  • aws-iam-login-profile-delete

    Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console. Required IAM permission: iam:DeleteLoginProfile.

  • aws-iam-role-from-instance-profile-remove

    Removes the specified IAM role from the specified EC2 instance profile. Required IAM permission: iam:RemoveRoleFromInstanceProfile.

  • aws-iam-role-policy-put

    Adds or updates an inline policy document that is embedded in the specified IAM role. Required IAM permission: iam:PutRolePolicy.

  • aws-iam-user-policy-put

    Adds or updates an inline policy document that is embedded in the specified IAM user. Required IAM permission: iam:PutUserPolicy.

  • aws-kms-key-rotation-enable

    Enables automatic rotation for a symmetric customer-managed KMS key. Not supported for asymmetric/HMAC keys, keys with imported material, or custom key stores. Default is us-east-1. Required IAM permission: kms:EnableKeyRotation.

  • aws-lambda-account-settings-get

    Retrieves details about the account's limits and usage in an AWS Region. Required IAM Permission: lambda:GetAccountSettings.

  • aws-lambda-aliases-list

    Returns a list of aliases created for a Lambda function. Required IAM Permission: lambda:ListAliases.

  • aws-lambda-function-configuration-get

    Retrieves configuration information about a Lambda function. Required IAM permission: lambda:GetFunctionConfiguration.

  • aws-lambda-function-configuration-update

    Updates the configuration for a Lambda function. Required IAM Permission: lambda:UpdateFunctionConfiguration.

  • aws-lambda-function-create

    Creates a Lambda function. To create a function, you need a deployment package and an execution role. Required IAM Permission: lambda:CreateFunction.

  • aws-lambda-function-delete

    Deletes a Lambda function. Required IAM Permission: lambda:DeleteFunction.

  • aws-lambda-function-get

    Returns information about the function or the specified version, including a link to download the deployment package (valid for 10 minutes). If a version is specified, only version-specific details are returned. Required IAM Permission: lambda:GetFunction.

  • aws-lambda-function-url-config-delete

    Deletes a Lambda function URL. When you delete a function URL, you can't recover it. Creating a new function URL results in a different URL address. Required IAM Permission: lambda:DeleteFunctionUrlConfig.

  • aws-lambda-function-url-config-get

    Returns the configuration for a Lambda function URL. Required IAM permission: lambda:GetFunctionUrlConfig.

  • aws-lambda-function-url-config-update

    Updates the configuration for a Lambda function URL. Required IAM permission: lambda:UpdateFunctionUrlConfig.

  • aws-lambda-function-versions-list

    Returns a list of versions, with the version-specific configuration of each. Required IAM Permission: lambda:ListVersionsByFunction.

  • aws-lambda-functions-list

    Returns a list of your Lambda functions. For each function, the response includes the function configuration information. Required IAM Permission: lambda:ListFunctions.

  • aws-lambda-invoke

    Invokes a Lambda function. Define only the function name to invoke the latest version, or use the Qualifier parameter for a specific version or alias. Note: Synchronous calls may retry on timeout, potentially causing client disconnection. Asynchronous calls require idempotent functions to handle multiple possible invocations. Required IAM permission: lambda:InvokeFunction.

  • aws-lambda-layer-version-delete

    Deletes a version of a Lambda layer. Required IAM Permission: lambda:DeleteLayerVersion.

  • aws-lambda-layer-version-list

    Lists the versions of an Lambda layer. Required IAM Permission: lambda:ListLayerVersions.

  • aws-lambda-layer-version-publish

    Creates a Lambda layer from a ZIP archive. Required IAM Permission: lambda:PublishLayerVersion.

  • aws-lambda-policy-get

    Returns the resource-based IAM policy for a Lambda function. Required IAM permission: lambda:GetPolicy.

  • aws-rds-db-cluster-enable-deletion-protection-quick-action

    Enables deletion protection for the RDS DB cluster to prevent accidental deletion. Required IAM permission: rds:ModifyDBCluster.

  • aws-rds-db-cluster-enable-iam-auth-quick-action

    Enables 'iam database authentication' for the RDS cluster. Required IAM permission: rds:ModifyDBCluster.

  • aws-rds-db-cluster-modify

    Modifies settings for an Amazon RDS DB cluster. Allows you to update cluster settings such as port, master credentials, VPC security groups, deletion protection, and other configuration options. Required IAM Permission: rds:ModifyDBCluster.

  • aws-rds-db-cluster-snapshot-attribute-modify

    Modifies the attributes associated with a DB cluster snapshot. Required IAM permission: rds:ModifyDBClusterSnapshotAttribute.

  • aws-rds-db-cluster-snapshot-set-to-private-quick-action

    Revokes public access to the RDS DB cluster snapshot, making it private. Required IAM permission: rds:ModifyDBClusterSnapshotAttribute.

  • aws-rds-db-instance-enable-auto-upgrade-quick-action

    Enables automatic minor version upgrades for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-enable-deletion-protection-quick-action

    Enables deletion protection for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-enable-iam-auth-quick-action

    Enables IAM database authentication for the RDS DB instance. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-enable-multi-az-quick-action

    Enables Multi-AZ deployment for the RDS database instance to enhance availability and durability. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-modify

    Modifies an existing Amazon RDS DB instance. Enables updating the instance class, storage capacity, security groups, and other configuration parameters without the need to create a new instance. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-modify-copy-tags-on-rds-snapshot-quick-action

    Enables 'copy tags to snapshots' for the RDS instance. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-modify-enable-automatic-backup-quick-action

    Enables automatic backup settings for the RDS DB instance with a default retention period of 30 days. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instance-modify-publicly-accessible-quick-action

    Disables public access for AWS RDS database instance by modifying the instance settings. Required IAM permission: rds:ModifyDBInstance.

  • aws-rds-db-instances-describe

    Returns information about provisioned RDS instances. Required IAM Permission: rds:DescribeDBInstances.

  • aws-rds-db-snapshot-attribute-modify

    Adds or removes permission for the specified AWS account ID to restore the specified DB snapshot. Required IAM permission: rds:ModifyDBSnapshotAttribute.

  • aws-rds-db-snapshot-attribute-set-snapshot-to-private-quick-action

    Revokes public access to the RDS DB snapshot, making it private. Required IAM permission: rds:ModifyDBSnapshotAttribute.

  • aws-rds-event-subscription-modify

    Modifies an existing RDS event notification subscription. Required IAM permission: rds:ModifyEventSubscription.

  • aws-rds-event-subscription-modify-quick-action

    Activates an existing RDS event subscription. Required IAM permission: rds:ModifyEventSubscription.

  • aws-redshift-cluster-modify

    Modifies the settings of a cluster. Required IAM Permission: redshift:ModifyCluster.

  • aws-s3-bucket-acl-get

    Retrieves the access control list (ACL) of a bucket. Required IAM permission: s3:GetBucketAcl.

  • aws-s3-bucket-acl-put

    Sets the access control list (ACL) permissions for an existing Amazon S3 bucket. This command allows you to define who can access the bucket and what actions they can perform, using predefined ACLs. Since 2023, all new S3 buckets block ACLs by default for better security. Required IAM permission: s3:PutBucketAcl.

  • aws-s3-bucket-acl-set-to-private-quick-action

    Sets the Access Control List (ACL) for the S3 bucket to private. Required IAM permission: s3:PutBucketAcl.

  • aws-s3-bucket-create

    Creates a new S3 bucket. Required IAM permission: s3:CreateBucket.

  • aws-s3-bucket-delete

    Delete AWS S3 bucket, the bucket must be empty from files. Required IAM Permission: s3:DeleteBucket.

  • aws-s3-bucket-enable-bucket-access-logging-quick-action

    Enables server access logging for the S3 bucket, delivering logs to a target bucket and prefix. Required IAM permission: s3:PutBucketLogging.

  • aws-s3-bucket-encryption-get

    Retrieves the default encryption configuration for an Amazon S3 bucket. Shows the server-side encryption settings that are applied to new objects stored in the bucket. Required IAM permission: s3:GetEncryptionConfiguration.

  • aws-s3-bucket-logging-put

    Configures logging settings for an AWS S3 bucket, enabling monitoring bucket access via logs delivered to a designated target bucket. Required IAM permission: s3:PutBucketLogging.

  • aws-s3-bucket-objects-list

    Returns some or all (up to 1,000) of the objects in a bucket. Required IAM Permission: s3:ListBucket.

  • aws-s3-bucket-ownership-controls-put

    Creates or modifies ownership controls for an Amazon S3 bucket. Required IAM permission: s3:PutBucketOwnershipControls.

  • aws-s3-bucket-ownership-controls-put-quick-action

    Switches the bucket to "Bucket Owner Enforced" mode, placing all access control under your account policies. Required IAM permission: s3:PutBucketOwnershipControls.

  • aws-s3-bucket-policy-delete

    Deletes the bucket policy from an Amazon S3 bucket, removing all policy-based access controls from the bucket and potentially changing access permissions. Required IAM permission: s3:DeleteBucketPolicy.

  • aws-s3-bucket-policy-get

    Retrieves the bucket policy for an Amazon S3 bucket. Returns the policy document in JSON format if one exists. Required IAM permission: s3:GetBucketPolicy.

  • aws-s3-bucket-policy-put

    Applies an Amazon S3 bucket policy to an Outposts bucket. Required IAM permission: s3:PutBucketPolicy.

  • aws-s3-bucket-policy-put-quick-action

    Enforces SSL-only access on the S3 bucket by applying a bucket policy that denies all non-HTTPS requests. Required IAM permission: s3:PutBucketPolicy.

  • aws-s3-bucket-versioning-enable-quick-action

    Enables versioning on the S3 bucket to retain multiple versions of objects. Required IAM permission: s3:PutBucketVersioning.

  • aws-s3-bucket-versioning-put

    Sets the versioning state of an existing bucket. Required IAM permission: s3:PutBucketVersioning.

  • aws-s3-bucket-website-delete

    Removes the website configuration for a bucket. Required IAM permission: s3:DeleteBucketWebsite.

  • aws-s3-bucket-website-disable-hosting-quick-action

    Removes the static website hosting configuration from an S3 bucket. Required IAM permission: s3:DeleteBucketWebsite.

  • aws-s3-bucket-website-get

    Retrieves the website configuration for a bucket. Required IAM permission: s3:GetBucketWebsite.

  • aws-s3-buckets-list

    Returns a list of all buckets owned by the authenticated sender of the request. Required IAM permission: s3:ListAllMyBuckets.

  • aws-s3-file-download

    Downloads a file from the S3 bucket to the War Room. Required IAM permission: s3:GetObject.

  • aws-s3-file-upload

    Uploads a file to the S3 bucket. Required IAM permission: s3:PutObject.

  • aws-s3-public-access-block-get

    Retrieves the public access block configuration for an Amazon S3 bucket. Shows the current settings that control public access to the bucket and its objects. Required IAM permission: s3:GetBucketPublicAccessBlock.

  • aws-s3-public-access-block-quick-action

    Blocks all public access to the S3 bucket. Required IAM permission: s3:PutBucketPublicAccessBlock.

  • aws-s3-public-access-block-update

    Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. Required IAM permission: s3:PutBucketPublicAccessBlock.

  • aws-ssm-command-run

    Runs commands on one or more managed nodes. Required IAM permission: ssm:SendCommand, ssm:ListCommands.

  • aws-ssm-inventory-entries-list

    Returns a list of inventory items. Required IAM permission: ssm:ListInventoryEntries.