完全無欠な ReadOnlyAccess を目指して… 2/n

全てのアクションが網羅されているわけではない ReadOnlyAccess を完全無欠なものとすべく計画したシリーズ第二弾の投稿です。

今回は ReadOnlyAccess の解析を中心に実行しています。

前回の記事はこちら

完全無欠な ReadOnlyAccess を目指して… 2/n

マネージドポリシー ReadOnlyAccess の取得

まず、対象としている AWS 管理ポリシー ReadOnlyAccess にどのようなアクションが含まれているのかを把握するところから始めます。

AWS CLI では iam get-policy-version サブコマンドが用意されていて IAM ポリシーの定義内容を出力できますが、この際にポリシー ARN とバージョン ID の指定をする必要があります。

マネージドポリシー ReadOnlyAccess の ARN とデフォルトバージョン ID の取得

iam list-policies サブコマンドを実行し、ポリシー名が ReadOnlyAccess であるものを --query オプションで抽出し、得られた結果から Arn と、DefaultVersionId を取得します。

POLICY_INFO=$(aws iam list-policies \
  --query 'Policies[?PolicyName==`ReadOnlyAccess`].[Arn, DefaultVersionId]' \
  --output text)

ARN の取得

前工程で得られた結果が格納されている POLICY_ARN 変数から Arn 部分を変数 POLICY_ARN に代入します。

POLICY_ARN=$(awk '{print $1}' <<< ${POLICY_INFO})

デフォルトバージョン ID の取得

前工程で得られた結果が格納されている POLICY_ARN 変数から DefaultVersionId 部分を変数 DEFAULT_VERSION_ID に代入します。

DEFAULT_VERSION_ID=$(awk '{print $2}' <<< ${POLICY_INFO})

現行の ReadOnlyAccess の取得

前工程までで得られた変数 POLICY_ARN および DEFAULT_VERSION_ID を利用して、最新（デフォルト）の ReadOnlyAccess の中身を取得し、ReadOnlyAccess.json として保存します。

aws iam get-policy-version \
  --policy-arn ${POLICY_ARN} \
  --version-id ${DEFAULT_VERSION_ID} \
  --query 'PolicyVersion.Document' > ReadOnlyAccess.json

現行の ReadOnlyAccess から Action 部分のみ抽出

ReadOnlyAccess.json として保存したポリシー全文から、Action として定義されている箇所を抽出し、アクションリストとして保存します。

cat ReadOnlyAccess.json \
  | jq -r '.Statement[].Action[]' > ReadOnlyAccess_ActionList.txt

おまけ

執筆日時点で定義されている ReadOnlyAccess のアクションは以下の通りです。

a4b:Get*
a4b:List*
a4b:Search*
access-analyzer:GetAccessPreview
access-analyzer:GetAnalyzedResource
access-analyzer:GetAnalyzer
access-analyzer:GetArchiveRule
access-analyzer:GetFinding
access-analyzer:GetGeneratedPolicy
access-analyzer:ListAccessPreviewFindings
access-analyzer:ListAccessPreviews
access-analyzer:ListAnalyzedResources
access-analyzer:ListAnalyzers
access-analyzer:ListArchiveRules
access-analyzer:ListFindings
access-analyzer:ListPolicyGenerations
access-analyzer:ListTagsForResource
access-analyzer:ValidatePolicy
account:GetAccountInformation
account:GetAlternateContact
account:GetChallengeQuestions
account:GetContactInformation
account:GetRegionOptStatus
account:ListRegions
acm-pca:Describe*
acm-pca:Get*
acm-pca:List*
acm:Describe*
acm:Get*
acm:List*
airflow:ListEnvironments
airflow:ListTagsForResource
amplify:GetApp
amplify:GetBranch
amplify:GetDomainAssociation
amplify:GetJob
amplify:ListApps
amplify:ListBranches
amplify:ListDomainAssociations
amplify:ListJobs
aoss:BatchGetCollection
aoss:BatchGetLifecyclePolicy
aoss:BatchGetVpcEndpoint
aoss:GetAccessPolicy
aoss:GetAccountSettings
aoss:GetPoliciesStats
aoss:GetSecurityConfig
aoss:GetSecurityPolicy
aoss:ListAccessPolicies
aoss:ListCollections
aoss:ListLifecyclePolicies
aoss:ListSecurityConfigs
aoss:ListSecurityPolicies
aoss:ListTagsForResource
aoss:ListVpcEndpoints
apigateway:GET
appconfig:GetApplication
appconfig:GetConfiguration
appconfig:GetConfigurationProfile
appconfig:GetDeployment
appconfig:GetDeploymentStrategy
appconfig:GetEnvironment
appconfig:GetHostedConfigurationVersion
appconfig:ListApplications
appconfig:ListConfigurationProfiles
appconfig:ListDeployments
appconfig:ListDeploymentStrategies
appconfig:ListEnvironments
appconfig:ListHostedConfigurationVersions
appconfig:ListTagsForResource
appfabric:GetAppAuthorization
appfabric:GetAppBundle
appfabric:GetIngestion
appfabric:GetIngestionDestination
appfabric:ListAppAuthorizations
appfabric:ListAppBundles
appfabric:ListIngestionDestinations
appfabric:ListIngestions
appfabric:ListTagsForResource
appflow:DescribeConnector
appflow:DescribeConnectorEntity
appflow:DescribeConnectorFields
appflow:DescribeConnectorProfiles
appflow:DescribeConnectors
appflow:DescribeFlow
appflow:DescribeFlowExecution
appflow:DescribeFlowExecutionRecords
appflow:DescribeFlows
appflow:ListConnectorEntities
appflow:ListConnectorFields
appflow:ListConnectors
appflow:ListFlows
appflow:ListTagsForResource
application-autoscaling:Describe*
application-autoscaling:ListTagsForResource
applicationinsights:Describe*
applicationinsights:List*
appmesh:Describe*
appmesh:List*
apprunner:DescribeAutoScalingConfiguration
apprunner:DescribeCustomDomains
apprunner:DescribeObservabilityConfiguration
apprunner:DescribeService
apprunner:DescribeVpcConnector
apprunner:DescribeVpcIngressConnection
apprunner:DescribeWebAclForService
apprunner:ListAssociatedServicesForWebAcl
apprunner:ListAutoScalingConfigurations
apprunner:ListConnections
apprunner:ListObservabilityConfigurations
apprunner:ListOperations
apprunner:ListServices
apprunner:ListServicesForAutoScalingConfiguration
apprunner:ListTagsForResource
apprunner:ListVpcConnectors
apprunner:ListVpcIngressConnections
appstream:Describe*
appstream:List*
appsync:Get*
appsync:List*
aps:DescribeAlertManagerDefinition
aps:DescribeLoggingConfiguration
aps:DescribeRuleGroupsNamespace
aps:DescribeScraper
aps:DescribeWorkspace
aps:GetAlertManagerSilence
aps:GetAlertManagerStatus
aps:GetDefaultScraperConfiguration
aps:GetLabels
aps:GetMetricMetadata
aps:GetSeries
aps:ListAlertManagerAlertGroups
aps:ListAlertManagerAlerts
aps:ListAlertManagerReceivers
aps:ListAlertManagerSilences
aps:ListAlerts
aps:ListRuleGroupsNamespaces
aps:ListRules
aps:ListScrapers
aps:ListTagsForResource
aps:ListWorkspaces
aps:QueryMetrics
arc-zonal-shift:GetManagedResource
arc-zonal-shift:ListAutoshifts
arc-zonal-shift:ListManagedResources
arc-zonal-shift:ListZonalShifts
artifact:GetReport
artifact:GetReportMetadata
artifact:GetTermForReport
artifact:ListReports
athena:Batch*
athena:Get*
athena:List*
auditmanager:GetAccountStatus
auditmanager:GetAssessment
auditmanager:GetAssessmentFramework
auditmanager:GetAssessmentReportUrl
auditmanager:GetChangeLogs
auditmanager:GetControl
auditmanager:GetDelegations
auditmanager:GetEvidence
auditmanager:GetEvidenceByEvidenceFolder
auditmanager:GetEvidenceFolder
auditmanager:GetEvidenceFoldersByAssessment
auditmanager:GetEvidenceFoldersByAssessmentControl
auditmanager:GetOrganizationAdminAccount
auditmanager:GetServicesInScope
auditmanager:GetSettings
auditmanager:ListAssessmentFrameworks
auditmanager:ListAssessmentReports
auditmanager:ListAssessments
auditmanager:ListControls
auditmanager:ListKeywordsForDataSource
auditmanager:ListNotifications
auditmanager:ListTagsForResource
auditmanager:ValidateAssessmentReportIntegrity
autoscaling-plans:Describe*
autoscaling-plans:GetScalingPlanResourceForecastData
autoscaling:Describe*
autoscaling:GetPredictiveScalingForecast
aws-portal:View*
backup-gateway:GetBandwidthRateLimitSchedule
backup-gateway:GetGateway
backup-gateway:GetHypervisor
backup-gateway:GetHypervisorPropertyMappings
backup-gateway:GetVirtualMachine
backup-gateway:ListGateways
backup-gateway:ListHypervisors
backup-gateway:ListTagsForResource
backup-gateway:ListVirtualMachines
backup:Describe*
backup:Get*
backup:List*
batch:Describe*
batch:List*
bedrock:GetAgent
bedrock:GetAgentActionGroup
bedrock:GetAgentAlias
bedrock:GetAgentKnowledgeBase
bedrock:GetAgentVersion
bedrock:GetCustomModel
bedrock:GetDataSource
bedrock:GetFoundationModel
bedrock:GetFoundationModelAvailability
bedrock:GetIngestionJob
bedrock:GetKnowledgeBase
bedrock:GetModelCustomizationJob
bedrock:GetModelInvocationLoggingConfiguration
bedrock:GetProvisionedModelThroughput
bedrock:GetUseCaseForModelAccess
bedrock:ListAgentActionGroups
bedrock:ListAgentAliases
bedrock:ListAgentKnowledgeBases
bedrock:ListAgents
bedrock:ListAgentVersions
bedrock:ListCustomModels
bedrock:ListDataSources
bedrock:ListFoundationModelAgreementOffers
bedrock:ListFoundationModels
bedrock:ListIngestionJobs
bedrock:ListKnowledgeBases
bedrock:ListModelCustomizationJobs
bedrock:ListProvisionedModelThroughputs
billing:GetBillingData
billing:GetBillingDetails
billing:GetBillingNotifications
billing:GetBillingPreferences
billing:GetContractInformation
billing:GetCredits
billing:GetIAMAccessPreference
billing:GetSellerOfRecord
billing:ListBillingViews
billingconductor:GetBillingGroupCostReport
billingconductor:ListAccountAssociations
billingconductor:ListBillingGroupCostReports
billingconductor:ListBillingGroups
billingconductor:ListCustomLineItems
billingconductor:ListCustomLineItemVersions
billingconductor:ListPricingPlans
billingconductor:ListPricingPlansAssociatedWithPricingRule
billingconductor:ListPricingRules
billingconductor:ListPricingRulesAssociatedToPricingPlan
billingconductor:ListResourcesAssociatedToCustomLineItem
billingconductor:ListTagsForResource
braket:GetDevice
braket:GetJob
braket:GetQuantumTask
braket:SearchDevices
braket:SearchJobs
braket:SearchQuantumTasks
budgets:Describe*
budgets:View*
cassandra:Select
ce:DescribeCostCategoryDefinition
ce:DescribeNotificationSubscription
ce:DescribeReport
ce:GetAnomalies
ce:GetAnomalyMonitors
ce:GetAnomalySubscriptions
ce:GetApproximateUsageRecords
ce:GetCostAndUsage
ce:GetCostAndUsageWithResources
ce:GetCostCategories
ce:GetCostForecast
ce:GetDimensionValues
ce:GetPreferences
ce:GetReservationCoverage
ce:GetReservationPurchaseRecommendation
ce:GetReservationUtilization
ce:GetRightsizingRecommendation
ce:GetSavingsPlanPurchaseRecommendationDetails
ce:GetSavingsPlansCoverage
ce:GetSavingsPlansPurchaseRecommendation
ce:GetSavingsPlansUtilization
ce:GetSavingsPlansUtilizationDetails
ce:GetTags
ce:GetUsageForecast
ce:ListCostAllocationTags
ce:ListCostAllocationTagBackfillHistory
ce:ListCostCategoryDefinitions
ce:ListSavingsPlansPurchaseRecommendationGeneration
ce:ListTagsForResource
chatbot:Describe*
chatbot:Get*
chatbot:ListMicrosoftTeamsChannelConfigurations
chatbot:ListMicrosoftTeamsConfiguredTeams
chatbot:ListMicrosoftTeamsUserIdentities
chime:Get*
chime:List*
chime:Retrieve*
chime:Search*
chime:Validate*
cleanrooms:BatchGetCollaborationAnalysisTemplate
cleanrooms:BatchGetSchema
cleanrooms:GetAnalysisTemplate
cleanrooms:GetCollaboration
cleanrooms:GetCollaborationAnalysisTemplate
cleanrooms:GetConfiguredAudienceModelAssociation
cleanrooms:GetConfiguredTable
cleanrooms:GetConfiguredTableAnalysisRule
cleanrooms:GetConfiguredTableAssociation
cleanrooms:GetMembership
cleanrooms:GetProtectedQuery
cleanrooms:GetSchema
cleanrooms:GetSchemaAnalysisRule
cleanrooms:ListAnalysisTemplates
cleanrooms:ListCollaborationAnalysisTemplates
cleanrooms:ListCollaborationConfiguredAudienceModelAssociations
cleanrooms:ListCollaborations
cleanrooms:ListConfiguredTableAssociations
cleanrooms:ListConfiguredTables
cleanrooms:ListMembers
cleanrooms:ListMemberships
cleanrooms:ListProtectedQueries
cleanrooms:ListSchemas
cleanrooms:ListTagsForResource
cleanrooms-ml:GetTrainingDataset
cleanrooms-ml:GetAudienceGenerationJob
cleanrooms-ml:GetAudienceModel
cleanrooms-ml:GetConfiguredAudienceModel
cleanrooms-ml:GetConfiguredAudienceModelPolicy
cleanrooms-ml:ListAudienceExportJobs
cleanrooms-ml:ListAudienceGenerationJobs
cleanrooms-ml:ListAudienceModels
cleanrooms-ml:ListConfiguredAudienceModels
cleanrooms-ml:ListTrainingDatasets
cleanrooms-ml:ListTagsForResource
cloud9:Describe*
cloud9:List*
clouddirectory:BatchRead
clouddirectory:Get*
clouddirectory:List*
clouddirectory:LookupPolicy
cloudformation:Describe*
cloudformation:Detect*
cloudformation:Estimate*
cloudformation:Get*
cloudformation:List*
cloudformation:ValidateTemplate
cloudfront-keyvaluestore:Describe*
cloudfront-keyvaluestore:Get*
cloudfront-keyvaluestore:List*
cloudfront:Describe*
cloudfront:Get*
cloudfront:List*
cloudhsm:Describe*
cloudhsm:List*
cloudsearch:Describe*
cloudsearch:List*
cloudtrail:Describe*
cloudtrail:Get*
cloudtrail:List*
cloudtrail:LookupEvents
cloudwatch:Describe*
cloudwatch:GenerateQuery
cloudwatch:Get*
cloudwatch:List*
codeartifact:DescribeDomain
codeartifact:DescribePackage
codeartifact:DescribePackageVersion
codeartifact:DescribeRepository
codeartifact:GetAuthorizationToken
codeartifact:GetDomainPermissionsPolicy
codeartifact:GetPackageVersionAsset
codeartifact:GetPackageVersionReadme
codeartifact:GetRepositoryEndpoint
codeartifact:GetRepositoryPermissionsPolicy
codeartifact:ListDomains
codeartifact:ListPackages
codeartifact:ListPackageVersionAssets
codeartifact:ListPackageVersionDependencies
codeartifact:ListPackageVersions
codeartifact:ListRepositories
codeartifact:ListRepositoriesInDomain
codeartifact:ListTagsForResource
codeartifact:ReadFromRepository
codebuild:BatchGet*
codebuild:DescribeCodeCoverages
codebuild:DescribeTestCases
codebuild:List*
codecatalyst:GetBillingAuthorization
codecatalyst:GetConnection
codecatalyst:GetPendingConnection
codecatalyst:ListConnections
codecatalyst:ListIamRolesForConnection
codecatalyst:ListTagsForResource
codecommit:BatchGet*
codecommit:Describe*
codecommit:Get*
codecommit:GitPull
codecommit:List*
codedeploy:BatchGet*
codedeploy:Get*
codedeploy:List*
codeguru-profiler:Describe*
codeguru-profiler:Get*
codeguru-profiler:List*
codeguru-reviewer:Describe*
codeguru-reviewer:Get*
codeguru-reviewer:List*
codepipeline:Get*
codepipeline:List*
codestar-connections:GetConnection
codestar-connections:GetHost
codestar-connections:GetRepositoryLink
codestar-connections:GetRepositorySyncStatus
codestar-connections:GetResourceSyncStatus
codestar-connections:GetSyncConfiguration
codestar-connections:ListConnections
codestar-connections:ListHosts
codestar-connections:ListRepositoryLinks
codestar-connections:ListRepositorySyncDefinitions
codestar-connections:ListSyncConfigurations
codestar-connections:ListTagsForResource
codestar-notifications:describeNotificationRule
codestar-notifications:listEventTypes
codestar-notifications:listNotificationRules
codestar-notifications:listTagsForResource
codestar-notifications:ListTargets
codestar:Describe*
codestar:Get*
codestar:List*
codestar:Verify*
cognito-identity:Describe*
cognito-identity:GetCredentialsForIdentity
cognito-identity:GetIdentityPoolAnalytics
cognito-identity:GetIdentityPoolDailyAnalytics
cognito-identity:GetIdentityPoolRoles
cognito-identity:GetIdentityProviderDailyAnalytics
cognito-identity:GetOpenIdToken
cognito-identity:GetOpenIdTokenForDeveloperIdentity
cognito-identity:List*
cognito-identity:Lookup*
cognito-idp:AdminGet*
cognito-idp:AdminList*
cognito-idp:Describe*
cognito-idp:Get*
cognito-idp:List*
cognito-sync:Describe*
cognito-sync:Get*
cognito-sync:List*
cognito-sync:QueryRecords
comprehend:BatchDetect*
comprehend:Classify*
comprehend:Contains*
comprehend:Describe*
comprehend:Detect*
comprehend:List*
compute-optimizer:DescribeRecommendationExportJobs
compute-optimizer:GetAutoScalingGroupRecommendations
compute-optimizer:GetEBSVolumeRecommendations
compute-optimizer:GetEC2InstanceRecommendations
compute-optimizer:GetEC2RecommendationProjectedMetrics
compute-optimizer:GetECSServiceRecommendationProjectedMetrics
compute-optimizer:GetECSServiceRecommendations
compute-optimizer:GetEffectiveRecommendationPreferences
compute-optimizer:GetEnrollmentStatus
compute-optimizer:GetEnrollmentStatusesForOrganization
compute-optimizer:GetLambdaFunctionRecommendations
compute-optimizer:GetLicenseRecommendations
compute-optimizer:GetRecommendationPreferences
compute-optimizer:GetRecommendationSummaries
config:BatchGetAggregateResourceConfig
config:BatchGetResourceConfig
config:Deliver*
config:Describe*
config:Get*
config:List*
config:SelectAggregateResourceConfig
config:SelectResourceConfig
connect:Describe*
connect:GetContactAttributes
connect:GetCurrentMetricData
connect:GetCurrentUserData
connect:GetFederationToken
connect:GetMetricData
connect:GetMetricDataV2
connect:GetTaskTemplate
connect:GetTrafficDistribution
connect:List*
consoleapp:GetDeviceIdentity
consoleapp:ListDeviceIdentities
consolidatedbilling:GetAccountBillingRole
consolidatedbilling:ListLinkedAccounts
cost-optimization-hub:GetPreferences
cost-optimization-hub:GetRecommendation
cost-optimization-hub:ListEnrollmentStatuses
cost-optimization-hub:ListRecommendations
cost-optimization-hub:ListRecommendationSummaries
cur:GetClassicReport
cur:GetClassicReportPreferences
cur:GetUsageReport
customer-verification:GetCustomerVerificationDetails
customer-verification:GetCustomerVerificationEligibility
databrew:DescribeDataset
databrew:DescribeJob
databrew:DescribeJobRun
databrew:DescribeProject
databrew:DescribeRecipe
databrew:DescribeRuleset
databrew:DescribeSchedule
databrew:ListDatasets
databrew:ListJobRuns
databrew:ListJobs
databrew:ListProjects
databrew:ListRecipes
databrew:ListRecipeVersions
databrew:ListRulesets
databrew:ListSchedules
databrew:ListTagsForResource
dataexchange:Get*
dataexchange:List*
datapipeline:Describe*
datapipeline:EvaluateExpression
datapipeline:Get*
datapipeline:List*
datapipeline:QueryObjects
datapipeline:Validate*
datasync:Describe*
datasync:List*
dax:BatchGetItem
dax:Describe*
dax:GetItem
dax:ListTags
dax:Query
dax:Scan
deepcomposer:GetComposition
deepcomposer:GetModel
deepcomposer:GetSampleModel
deepcomposer:ListCompositions
deepcomposer:ListModels
deepcomposer:ListSampleModels
deepcomposer:ListTrainingTopics
detective:BatchGetGraphMemberDatasources
detective:BatchGetMembershipDatasources
detective:Get*
detective:List*
detective:SearchGraph
devicefarm:Get*
devicefarm:List*
devops-guru:DescribeAccountHealth
devops-guru:DescribeAccountOverview
devops-guru:DescribeAnomaly
devops-guru:DescribeEventSourcesConfig
devops-guru:DescribeFeedback
devops-guru:DescribeInsight
devops-guru:DescribeOrganizationHealth
devops-guru:DescribeOrganizationOverview
devops-guru:DescribeOrganizationResourceCollectionHealth
devops-guru:DescribeResourceCollectionHealth
devops-guru:DescribeServiceIntegration
devops-guru:GetCostEstimation
devops-guru:GetResourceCollection
devops-guru:ListAnomaliesForInsight
devops-guru:ListAnomalousLogGroups
devops-guru:ListEvents
devops-guru:ListInsights
devops-guru:ListMonitoredResources
devops-guru:ListNotificationChannels
devops-guru:ListOrganizationInsights
devops-guru:ListRecommendations
devops-guru:SearchInsights
devops-guru:StartCostEstimation
directconnect:Describe*
discovery:Describe*
discovery:Get*
discovery:List*
dlm:Get*
dms:Describe*
dms:List*
dms:Test*
drs:DescribeJobLogItems
drs:DescribeJobs
drs:DescribeLaunchConfigurationTemplates
drs:DescribeRecoveryInstances
drs:DescribeRecoverySnapshots
drs:DescribeReplicationConfigurationTemplates
drs:DescribeSourceNetworks
drs:DescribeSourceServers
drs:GetFailbackReplicationConfiguration
drs:GetLaunchConfiguration
drs:GetReplicationConfiguration
drs:ListExtensibleSourceServers
drs:ListLaunchActions
drs:ListStagingAccounts
drs:ListTagsForResource
ds:Check*
ds:Describe*
ds:Get*
ds:List*
ds:Verify*
dynamodb:BatchGet*
dynamodb:Describe*
dynamodb:Get*
dynamodb:List*
dynamodb:PartiQLSelect
dynamodb:Query
dynamodb:Scan
ec2:Describe*
ec2:Get*
ec2:ListImagesInRecycleBin
ec2:ListSnapshotsInRecycleBin
ec2:SearchLocalGatewayRoutes
ec2:SearchTransitGatewayRoutes
ec2messages:Get*
ecr-public:BatchCheckLayerAvailability
ecr-public:DescribeImages
ecr-public:DescribeImageTags
ecr-public:DescribeRegistries
ecr-public:DescribeRepositories
ecr-public:GetAuthorizationToken
ecr-public:GetRegistryCatalogData
ecr-public:GetRepositoryCatalogData
ecr-public:GetRepositoryPolicy
ecr-public:ListTagsForResource
ecr:BatchCheck*
ecr:BatchGet*
ecr:Describe*
ecr:Get*
ecr:List*
ecs:Describe*
ecs:List*
eks:Describe*
eks:List*
elastic-inference:DescribeAcceleratorOfferings
elastic-inference:DescribeAccelerators
elastic-inference:DescribeAcceleratorTypes
elastic-inference:ListTagsForResource
elasticache:Describe*
elasticache:List*
elasticbeanstalk:Check*
elasticbeanstalk:Describe*
elasticbeanstalk:List*
elasticbeanstalk:Request*
elasticbeanstalk:Retrieve*
elasticbeanstalk:Validate*
elasticfilesystem:Describe*
elasticfilesystem:ListTagsForResource
elasticloadbalancing:Describe*
elasticmapreduce:Describe*
elasticmapreduce:GetBlockPublicAccessConfiguration
elasticmapreduce:List*
elasticmapreduce:View*
elastictranscoder:List*
elastictranscoder:Read*
elemental-appliances-software:Get*
elemental-appliances-software:List*
emr-containers:DescribeJobRun
emr-containers:DescribeManagedEndpoint
emr-containers:DescribeVirtualCluster
emr-containers:ListJobRuns
emr-containers:ListManagedEndpoints
emr-containers:ListTagsForResource
emr-containers:ListVirtualClusters
emr-serverless:GetApplication
emr-serverless:GetDashboardForJobRun
emr-serverless:GetJobRun
emr-serverless:ListApplications
emr-serverless:ListJobRuns
emr-serverless:ListTagsForResource
es:Describe*
es:ESHttpGet
es:ESHttpHead
es:Get*
es:List*
events:Describe*
events:List*
events:Test*
evidently:GetExperiment
evidently:GetExperimentResults
evidently:GetFeature
evidently:GetLaunch
evidently:GetProject
evidently:GetSegment
evidently:ListExperiments
evidently:ListFeatures
evidently:ListLaunches
evidently:ListProjects
evidently:ListSegmentReferences
evidently:ListSegments
evidently:ListTagsForResource
evidently:TestSegmentPattern
firehose:Describe*
firehose:List*
fis:GetAction
fis:GetExperiment
fis:GetExperimentTargetAccountConfiguration
fis:GetExperimentTemplate
fis:GetTargetAccountConfiguration
fis:GetTargetResourceType
fis:ListActions
fis:ListExperimentResolvedTargets
fis:ListExperiments
fis:ListExperimentTargetAccountConfigurations
fis:ListExperimentTemplates
fis:ListTagsForResource
fis:ListTargetAccountConfigurations
fis:ListTargetResourceTypes
fms:GetAdminAccount
fms:GetAppsList
fms:GetComplianceDetail
fms:GetNotificationChannel
fms:GetPolicy
fms:GetProtectionStatus
fms:GetProtocolsList
fms:GetViolationDetails
fms:ListAppsLists
fms:ListComplianceStatus
fms:ListMemberAccounts
fms:ListPolicies
fms:ListProtocolsLists
fms:ListTagsForResource
forecast:DescribeAutoPredictor
forecast:DescribeDataset
forecast:DescribeDatasetGroup
forecast:DescribeDatasetImportJob
forecast:DescribeExplainability
forecast:DescribeExplainabilityExport
forecast:DescribeForecast
forecast:DescribeForecastExportJob
forecast:DescribeMonitor
forecast:DescribePredictor
forecast:DescribePredictorBacktestExportJob
forecast:DescribeWhatIfAnalysis
forecast:DescribeWhatIfForecast
forecast:DescribeWhatIfForecastExport
forecast:GetAccuracyMetrics
forecast:ListDatasetGroups
forecast:ListDatasetImportJobs
forecast:ListDatasets
forecast:ListExplainabilities
forecast:ListExplainabilityExports
forecast:ListForecastExportJobs
forecast:ListForecasts
forecast:ListMonitorEvaluations
forecast:ListMonitors
forecast:ListPredictorBacktestExportJobs
forecast:ListPredictors
forecast:ListWhatIfAnalyses
forecast:ListWhatIfForecastExports
forecast:ListWhatIfForecasts
forecast:QueryForecast
forecast:QueryWhatIfForecast
frauddetector:BatchGetVariable
frauddetector:DescribeDetector
frauddetector:DescribeModelVersions
frauddetector:GetBatchImportJobs
frauddetector:GetBatchPredictionJobs
frauddetector:GetDeleteEventsByEventTypeStatus
frauddetector:GetDetectors
frauddetector:GetDetectorVersion
frauddetector:GetEntityTypes
frauddetector:GetEvent
frauddetector:GetEventPredictionMetadata
frauddetector:GetEventTypes
frauddetector:GetExternalModels
frauddetector:GetKMSEncryptionKey
frauddetector:GetLabels
frauddetector:GetListElements
frauddetector:GetListsMetadata
frauddetector:GetModels
frauddetector:GetModelVersion
frauddetector:GetOutcomes
frauddetector:GetRules
frauddetector:GetVariables
frauddetector:ListEventPredictions
frauddetector:ListTagsForResource
freertos:Describe*
freertos:List*
freetier:GetFreeTierAlertPreference
freetier:GetFreeTierUsage
fsx:Describe*
fsx:List*
gamelift:Describe*
gamelift:Get*
gamelift:List*
gamelift:ResolveAlias
gamelift:Search*
glacier:Describe*
glacier:Get*
glacier:List*
globalaccelerator:Describe*
globalaccelerator:List*
glue:BatchGetCrawlers
glue:BatchGetDevEndpoints
glue:BatchGetJobs
glue:BatchGetPartition
glue:BatchGetTriggers
glue:BatchGetWorkflows
glue:CheckSchemaVersionValidity
glue:GetCatalogImportStatus
glue:GetClassifier
glue:GetClassifiers
glue:GetCrawler
glue:GetCrawlerMetrics
glue:GetCrawlers
glue:GetDatabase
glue:GetDatabases
glue:GetDataCatalogEncryptionSettings
glue:GetDataflowGraph
glue:GetDevEndpoint
glue:GetDevEndpoints
glue:GetJob
glue:GetJobBookmark
glue:GetJobRun
glue:GetJobRuns
glue:GetJobs
glue:GetMapping
glue:GetMLTaskRun
glue:GetMLTaskRuns
glue:GetMLTransform
glue:GetMLTransforms
glue:GetPartition
glue:GetPartitions
glue:GetPlan
glue:GetRegistry
glue:GetResourcePolicy
glue:GetSchema
glue:GetSchemaByDefinition
glue:GetSchemaVersion
glue:GetSchemaVersionsDiff
glue:GetSecurityConfiguration
glue:GetSecurityConfigurations
glue:GetTable
glue:GetTables
glue:GetTableVersion
glue:GetTableVersions
glue:GetTags
glue:GetTrigger
glue:GetTriggers
glue:GetUserDefinedFunction
glue:GetUserDefinedFunctions
glue:GetWorkflow
glue:GetWorkflowRun
glue:GetWorkflowRunProperties
glue:GetWorkflowRuns
glue:ListCrawlers
glue:ListCrawls
glue:ListDevEndpoints
glue:ListJobs
glue:ListMLTransforms
glue:ListRegistries
glue:ListSchemas
glue:ListSchemaVersions
glue:ListTriggers
glue:ListWorkflows
glue:QuerySchemaVersionMetadata
glue:SearchTables
grafana:DescribeWorkspace
grafana:DescribeWorkspaceAuthentication
grafana:DescribeWorkspaceConfiguration
grafana:ListPermissions
grafana:ListTagsForResource
grafana:ListVersions
grafana:ListWorkspaces
greengrass:DescribeComponent
greengrass:Get*
greengrass:List*
groundstation:DescribeContact
groundstation:GetConfig
groundstation:GetDataflowEndpointGroup
groundstation:GetMinuteUsage
groundstation:GetMissionProfile
groundstation:GetSatellite
groundstation:ListConfigs
groundstation:ListContacts
groundstation:ListDataflowEndpointGroups
groundstation:ListGroundStations
groundstation:ListMissionProfiles
groundstation:ListSatellites
groundstation:ListTagsForResource
guardduty:Describe*
guardduty:Get*
guardduty:List*
health:Describe*
healthlake:DescribeFHIRDatastore
healthlake:DescribeFHIRExportJob
healthlake:DescribeFHIRImportJob
healthlake:GetCapabilities
healthlake:ListFHIRDatastores
healthlake:ListFHIRExportJobs
healthlake:ListFHIRImportJobs
healthlake:ListTagsForResource
healthlake:ReadResource
healthlake:SearchWithGet
healthlake:SearchWithPost
iam:Generate*
iam:Get*
iam:List*
iam:Simulate*
identity-sync:GetSyncProfile
identity-sync:GetSyncTarget
identity-sync:ListSyncFilters
identitystore-auth:BatchGetSession
identitystore-auth:ListSessions
identitystore:DescribeGroup
identitystore:DescribeGroupMembership
identitystore:DescribeUser
identitystore:GetGroupId
identitystore:GetGroupMembershipId
identitystore:GetUserId
identitystore:IsMemberInGroups
identitystore:ListGroupMemberships
identitystore:ListGroupMembershipsForMember
identitystore:ListGroups
identitystore:ListUsers
imagebuilder:Get*
imagebuilder:List*
importexport:Get*
importexport:List*
inspector:Describe*
inspector:Get*
inspector:List*
inspector:Preview*
inspector2:BatchGetAccountStatus
inspector2:BatchGetFreeTrialInfo
inspector2:DescribeOrganizationConfiguration
inspector2:GetDelegatedAdminAccount
inspector2:GetFindingsReportStatus
inspector2:GetMember
inspector2:ListAccountPermissions
inspector2:ListCisScans
inspector2:ListCoverage
inspector2:ListCoverageStatistics
inspector2:ListDelegatedAdminAccounts
inspector2:ListFilters
inspector2:ListFindingAggregations
inspector2:ListFindings
inspector2:ListMembers
inspector2:ListTagsForResource
inspector2:ListUsageTotals
internetmonitor:GetHealthEvent
internetmonitor:GetInternetEvent
internetmonitor:GetMonitor
internetmonitor:ListHealthEvents
internetmonitor:ListInternetEvents
internetmonitor:ListMonitors
internetmonitor:ListTagsForResource
invoicing:GetInvoiceEmailDeliveryPreferences
invoicing:GetInvoicePDF
invoicing:ListInvoiceSummaries
iot:Describe*
iot:Get*
iot:List*
iot1click:DescribeDevice
iot1click:DescribePlacement
iot1click:DescribeProject
iot1click:GetDeviceMethods
iot1click:GetDevicesInPlacement
iot1click:ListDeviceEvents
iot1click:ListDevices
iot1click:ListPlacements
iot1click:ListProjects
iot1click:ListTagsForResource
iotanalytics:Describe*
iotanalytics:Get*
iotanalytics:List*
iotanalytics:SampleChannelData
iotevents:DescribeAlarm
iotevents:DescribeAlarmModel
iotevents:DescribeDetector
iotevents:DescribeDetectorModel
iotevents:DescribeInput
iotevents:DescribeLoggingOptions
iotevents:ListAlarmModels
iotevents:ListAlarmModelVersions
iotevents:ListAlarms
iotevents:ListDetectorModels
iotevents:ListDetectorModelVersions
iotevents:ListDetectors
iotevents:ListInputs
iotevents:ListTagsForResource
iotfleethub:DescribeApplication
iotfleethub:ListApplications
iotfleetwise:GetCampaign
iotfleetwise:GetDecoderManifest
iotfleetwise:GetFleet
iotfleetwise:GetLoggingOptions
iotfleetwise:GetModelManifest
iotfleetwise:GetRegisterAccountStatus
iotfleetwise:GetSignalCatalog
iotfleetwise:GetVehicle
iotfleetwise:GetVehicleStatus
iotfleetwise:ListCampaigns
iotfleetwise:ListDecoderManifestNetworkInterfaces
iotfleetwise:ListDecoderManifests
iotfleetwise:ListDecoderManifestSignals
iotfleetwise:ListFleets
iotfleetwise:ListFleetsForVehicle
iotfleetwise:ListModelManifestNodes
iotfleetwise:ListModelManifests
iotfleetwise:ListSignalCatalogNodes
iotfleetwise:ListSignalCatalogs
iotfleetwise:ListTagsForResource
iotfleetwise:ListVehicles
iotfleetwise:ListVehiclesInFleet
iotroborunner:GetDestination
iotroborunner:GetSite
iotroborunner:GetWorker
iotroborunner:GetWorkerFleet
iotroborunner:ListDestinations
iotroborunner:ListSites
iotroborunner:ListWorkerFleets
iotroborunner:ListWorkers
iotsitewise:Describe*
iotsitewise:Get*
iotsitewise:List*
iotwireless:GetDestination
iotwireless:GetDeviceProfile
iotwireless:GetEventConfigurationByResourceTypes
iotwireless:GetFuotaTask
iotwireless:GetLogLevelsByResourceTypes
iotwireless:GetMetrics
iotwireless:GetMetricConfiguration
iotwireless:GetMulticastGroup
iotwireless:GetMulticastGroupSession
iotwireless:GetNetworkAnalyzerConfiguration
iotwireless:GetPartnerAccount
iotwireless:GetPosition
iotwireless:GetPositionConfiguration
iotwireless:GetPositionEstimate
iotwireless:GetResourceEventConfiguration
iotwireless:GetResourceLogLevel
iotwireless:GetResourcePosition
iotwireless:GetServiceEndpoint
iotwireless:GetServiceProfile
iotwireless:GetWirelessDevice
iotwireless:GetWirelessDeviceImportTask
iotwireless:GetWirelessDeviceStatistics
iotwireless:GetWirelessGateway
iotwireless:GetWirelessGatewayCertificate
iotwireless:GetWirelessGatewayFirmwareInformation
iotwireless:GetWirelessGatewayStatistics
iotwireless:GetWirelessGatewayTask
iotwireless:GetWirelessGatewayTaskDefinition
iotwireless:ListDestinations
iotwireless:ListDeviceProfiles
iotwireless:ListDevicesForWirelessDeviceImportTask
iotwireless:ListEventConfigurations
iotwireless:ListFuotaTasks
iotwireless:ListMulticastGroups
iotwireless:ListMulticastGroupsByFuotaTask
iotwireless:ListNetworkAnalyzerConfigurations
iotwireless:ListPartnerAccounts
iotwireless:ListPositionConfigurations
iotwireless:ListQueuedMessages
iotwireless:ListServiceProfiles
iotwireless:ListTagsForResource
iotwireless:ListWirelessDeviceImportTasks
iotwireless:ListWirelessDevices
iotwireless:ListWirelessGateways
iotwireless:ListWirelessGatewayTaskDefinitions
ivs:BatchGetChannel
ivs:GetChannel
ivs:GetComposition
ivs:GetEncoderConfiguration
ivs:GetStage
ivs:GetStageSession
ivs:GetParticipant
ivs:GetPlaybackKeyPair
ivs:GetPlaybackRestrictionPolicy
ivs:GetRecordingConfiguration
ivs:GetStreamSession
ivs:ListChannels
ivs:ListCompositions
ivs:ListEncoderConfigurations
ivs:ListParticipants
ivs:ListParticipantEvents
ivs:ListPlaybackKeyPairs
ivs:ListPlaybackRestrictionPolicies
ivs:ListRecordingConfigurations
ivs:ListStages
ivs:ListStageSessions
ivs:ListStreams
ivs:ListStreamKeys
ivs:ListStreamSessions
ivs:ListTagsForResource
ivschat:GetLoggingConfiguration
ivschat:GetRoom
ivschat:ListLoggingConfigurations
ivschat:ListRooms
ivschat:ListTagsForResource
kafka:Describe*
kafka:DescribeCluster
kafka:DescribeClusterOperation
kafka:DescribeClusterV2
kafka:DescribeConfiguration
kafka:DescribeConfigurationRevision
kafka:Get*
kafka:GetBootstrapBrokers
kafka:GetCompatibleKafkaVersions
kafka:List*
kafka:ListClusterOperations
kafka:ListClusters
kafka:ListClustersV2
kafka:ListConfigurationRevisions
kafka:ListConfigurations
kafka:ListKafkaVersions
kafka:ListNodes
kafka:ListTagsForResource
kafkaconnect:DescribeConnector
kafkaconnect:DescribeCustomPlugin
kafkaconnect:DescribeWorkerConfiguration
kafkaconnect:ListConnectors
kafkaconnect:ListCustomPlugins
kafkaconnect:ListWorkerConfigurations
kendra:BatchGetDocumentStatus
kendra:DescribeDataSource
kendra:DescribeExperience
kendra:DescribeFaq
kendra:DescribeIndex
kendra:DescribePrincipalMapping
kendra:DescribeQuerySuggestionsBlockList
kendra:DescribeQuerySuggestionsConfig
kendra:DescribeThesaurus
kendra:GetQuerySuggestions
kendra:GetSnapshots
kendra:ListDataSources
kendra:ListDataSourceSyncJobs
kendra:ListEntityPersonas
kendra:ListExperienceEntities
kendra:ListExperiences
kendra:ListFaqs
kendra:ListGroupsOlderThanOrderingId
kendra:ListIndices
kendra:ListQuerySuggestionsBlockLists
kendra:ListTagsForResource
kendra:ListThesauri
kendra:Query
kinesis:Describe*
kinesis:Get*
kinesis:List*
kinesisanalytics:Describe*
kinesisanalytics:Discover*
kinesisanalytics:Get*
kinesisanalytics:List*
kinesisvideo:Describe*
kinesisvideo:Get*
kinesisvideo:List*
kms:Describe*
kms:Get*
kms:List*
lakeformation:DescribeResource
lakeformation:GetDataCellsFilter
lakeformation:GetDataLakeSettings
lakeformation:GetEffectivePermissionsForPath
lakeformation:GetLfTag
lakeformation:GetResourceLfTags
lakeformation:ListDataCellsFilter
lakeformation:ListLfTags
lakeformation:ListPermissions
lakeformation:ListResources
lakeformation:ListTableStorageOptimizers
lakeformation:SearchDatabasesByLfTags
lakeformation:SearchTablesByLfTags
lambda:Get*
lambda:List*
launchwizard:DescribeAdditionalNode
launchwizard:DescribeProvisionedApp
launchwizard:DescribeProvisioningEvents
launchwizard:DescribeSettingsSet
launchwizard:GetDeployment
launchwizard:GetInfrastructureSuggestion
launchwizard:GetIpAddress
launchwizard:GetResourceCostEstimate
launchwizard:GetResourceRecommendation
launchwizard:GetSettingsSet
launchwizard:GetWorkload
launchwizard:GetWorkloadAsset
launchwizard:GetWorkloadAssets
launchwizard:ListAdditionalNodes
launchwizard:ListAllowedResources
launchwizard:ListDeploymentEvents
launchwizard:ListDeployments
launchwizard:ListProvisionedApps
launchwizard:ListResourceCostEstimates
launchwizard:ListSettingsSets
launchwizard:ListWorkloadDeploymentOptions
launchwizard:ListWorkloadDeploymentPatterns
launchwizard:ListWorkloads
lex:DescribeBot
lex:DescribeBotAlias
lex:DescribeBotChannel
lex:DescribeBotLocale
lex:DescribeBotVersion
lex:DescribeExport
lex:DescribeImport
lex:DescribeIntent
lex:DescribeResourcePolicy
lex:DescribeSlot
lex:DescribeSlotType
lex:Get*
lex:ListBotAliases
lex:ListBotChannels
lex:ListBotLocales
lex:ListBots
lex:ListBotVersions
lex:ListBuiltInIntents
lex:ListBuiltInSlotTypes
lex:ListExports
lex:ListImports
lex:ListIntents
lex:ListSlots
lex:ListSlotTypes
lex:ListTagsForResource
license-manager:Get*
license-manager:List*
lightsail:GetActiveNames
lightsail:GetAlarms
lightsail:GetAutoSnapshots
lightsail:GetBlueprints
lightsail:GetBucketAccessKeys
lightsail:GetBucketBundles
lightsail:GetBucketMetricData
lightsail:GetBuckets
lightsail:GetBundles
lightsail:GetCertificates
lightsail:GetCloudFormationStackRecords
lightsail:GetContainerAPIMetadata
lightsail:GetContainerImages
lightsail:GetContainerServiceDeployments
lightsail:GetContainerServiceMetricData
lightsail:GetContainerServicePowers
lightsail:GetContainerServices
lightsail:GetDisk
lightsail:GetDisks
lightsail:GetDiskSnapshot
lightsail:GetDiskSnapshots
lightsail:GetDistributionBundles
lightsail:GetDistributionLatestCacheReset
lightsail:GetDistributionMetricData
lightsail:GetDistributions
lightsail:GetDomain
lightsail:GetDomains
lightsail:GetExportSnapshotRecords
lightsail:GetInstance
lightsail:GetInstanceMetricData
lightsail:GetInstancePortStates
lightsail:GetInstances
lightsail:GetInstanceSnapshot
lightsail:GetInstanceSnapshots
lightsail:GetInstanceState
lightsail:GetKeyPair
lightsail:GetKeyPairs
lightsail:GetLoadBalancer
lightsail:GetLoadBalancerMetricData
lightsail:GetLoadBalancers
lightsail:GetLoadBalancerTlsCertificates
lightsail:GetOperation
lightsail:GetOperations
lightsail:GetOperationsForResource
lightsail:GetRegions
lightsail:GetRelationalDatabase
lightsail:GetRelationalDatabaseBlueprints
lightsail:GetRelationalDatabaseBundles
lightsail:GetRelationalDatabaseEvents
lightsail:GetRelationalDatabaseLogEvents
lightsail:GetRelationalDatabaseLogStreams
lightsail:GetRelationalDatabaseMetricData
lightsail:GetRelationalDatabaseParameters
lightsail:GetRelationalDatabases
lightsail:GetRelationalDatabaseSnapshot
lightsail:GetRelationalDatabaseSnapshots
lightsail:GetStaticIp
lightsail:GetStaticIps
lightsail:Is*
logs:Describe*
logs:FilterLogEvents
logs:Get*
logs:ListAnomalies
logs:ListLogAnomalyDetectors
logs:ListLogDeliveries
logs:ListTagsForResource
logs:ListTagsLogGroup
logs:StartLiveTail
logs:StartQuery
logs:StopLiveTail
logs:StopQuery
logs:TestMetricFilter
lookoutequipment:DescribeDataIngestionJob
lookoutequipment:DescribeDataset
lookoutequipment:DescribeInferenceScheduler
lookoutequipment:DescribeLabel
lookoutequipment:DescribeLabelGroup
lookoutequipment:DescribeModel
lookoutequipment:DescribeModelVersion
lookoutequipment:DescribeResourcePolicy
lookoutequipment:DescribeRetrainingScheduler
lookoutequipment:ListDataIngestionJobs
lookoutequipment:ListDatasets
lookoutequipment:ListInferenceEvents
lookoutequipment:ListInferenceExecutions
lookoutequipment:ListInferenceSchedulers
lookoutequipment:ListLabelGroups
lookoutequipment:ListLabels
lookoutequipment:ListModels
lookoutequipment:ListModelVersions
lookoutequipment:ListRetrainingSchedulers
lookoutequipment:ListSensorStatistics
lookoutequipment:ListTagsForResource
lookoutmetrics:Describe*
lookoutmetrics:Get*
lookoutmetrics:List*
lookoutvision:DescribeDataset
lookoutvision:DescribeModel
lookoutvision:DescribeModelPackagingJob
lookoutvision:DescribeProject
lookoutvision:ListDatasetEntries
lookoutvision:ListModelPackagingJobs
lookoutvision:ListModels
lookoutvision:ListProjects
lookoutvision:ListTagsForResource
m2:GetApplication
m2:GetApplicationVersion
m2:GetBatchJobExecution
m2:GetDataSetDetails
m2:GetDataSetImportTask
m2:GetDeployment
m2:GetEnvironment
m2:ListApplications
m2:ListApplicationVersions
m2:ListBatchJobDefinitions
m2:ListBatchJobExecutions
m2:ListDataSetImportHistory
m2:ListDataSets
m2:ListDeployments
m2:ListEngineVersions
m2:ListEnvironments
m2:ListTagsForResource
machinelearning:Describe*
machinelearning:Get*
macie2:BatchGetCustomDataIdentifiers
macie2:DescribeBuckets
macie2:DescribeClassificationJob
macie2:DescribeOrganizationConfiguration
macie2:GetAdministratorAccount
macie2:GetAllowList
macie2:GetAutomatedDiscoveryConfiguration
macie2:GetBucketStatistics
macie2:GetClassificationExportConfiguration
macie2:GetClassificationScope
macie2:GetCustomDataIdentifier
macie2:GetFindings
macie2:GetFindingsFilter
macie2:GetFindingsPublicationConfiguration
macie2:GetFindingStatistics
macie2:GetInvitationsCount
macie2:GetMacieSession
macie2:GetMember
macie2:GetResourceProfile
macie2:GetRevealConfiguration
macie2:GetSensitiveDataOccurrencesAvailability
macie2:GetSensitivityInspectionTemplate
macie2:GetUsageStatistics
macie2:GetUsageTotals
macie2:ListAllowLists
macie2:ListClassificationJobs
macie2:ListClassificationScopes
macie2:ListCustomDataIdentifiers
macie2:ListFindings
macie2:ListFindingsFilters
macie2:ListInvitations
macie2:ListMembers
macie2:ListOrganizationAdminAccounts
macie2:ListResourceProfileArtifacts
macie2:ListResourceProfileDetections
macie2:ListSensitivityInspectionTemplates
macie2:ListTagsForResource
macie2:SearchResources
managedblockchain:GetMember
managedblockchain:GetNetwork
managedblockchain:GetNode
managedblockchain:GetProposal
managedblockchain:ListInvitations
managedblockchain:ListMembers
managedblockchain:ListNetworks
managedblockchain:ListNodes
managedblockchain:ListProposals
managedblockchain:ListProposalVotes
managedblockchain:ListTagsForResource
mediaconnect:DescribeFlow
mediaconnect:DescribeOffering
mediaconnect:DescribeReservation
mediaconnect:ListEntitlements
mediaconnect:ListFlows
mediaconnect:ListOfferings
mediaconnect:ListReservations
mediaconnect:ListTagsForResource
mediaconvert:DescribeEndpoints
mediaconvert:Get*
mediaconvert:List*
medialive:DescribeChannel
medialive:DescribeInput
medialive:DescribeInputDevice
medialive:DescribeInputDeviceThumbnail
medialive:DescribeInputSecurityGroup
medialive:DescribeMultiplex
medialive:DescribeMultiplexProgram
medialive:DescribeOffering
medialive:DescribeReservation
medialive:DescribeSchedule
medialive:GetCloudWatchAlarmTemplate
medialive:GetCloudWatchAlarmTemplateGroup
medialive:GetEventBridgeRuleTemplate
medialive:GetEventBridgeRuleTemplateGroup
medialive:GetSignalMap
medialive:ListChannels
medialive:ListCloudWatchAlarmTemplateGroups
medialive:ListCloudWatchAlarmTemplates
medialive:ListEventBridgeRuleTemplateGroups
medialive:ListEventBridgeRuleTemplates
medialive:ListInputDevices
medialive:ListInputDeviceTransfers
medialive:ListInputs
medialive:ListInputSecurityGroups
medialive:ListMultiplexes
medialive:ListMultiplexPrograms
medialive:ListOfferings
medialive:ListReservations
medialive:ListSignalMaps
medialive:ListTagsForResource
mediapackage-vod:Describe*
mediapackage-vod:List*
mediapackage:Describe*
mediapackage:List*
mediapackagev2:GetChannel
mediapackagev2:GetChannelGroup
mediapackagev2:GetChannelPolicy
mediapackagev2:GetHeadObject
mediapackagev2:GetObject
mediapackagev2:GetOriginEndpoint
mediapackagev2:GetOriginEndpointPolicy
mediapackagev2:ListChannelGroups
mediapackagev2:ListChannels
mediapackagev2:ListOriginEndpoints
mediapackagev2:ListTagsForResource
mediastore:DescribeContainer
mediastore:DescribeObject
mediastore:GetContainerPolicy
mediastore:GetCorsPolicy
mediastore:GetLifecyclePolicy
mediastore:GetMetricPolicy
mediastore:GetObject
mediastore:ListContainers
mediastore:ListItems
mediastore:ListTagsForResource
memorydb:DescribeClusters
memorydb:DescribeParameterGroups
memorydb:DescribeParameters
memorydb:ListTags
mgh:Describe*
mgh:GetHomeRegion
mgh:List*
mgn:DescribeJobLogItems
mgn:DescribeJobs
mgn:DescribeLaunchConfigurationTemplates
mgn:DescribeReplicationConfigurationTemplates
mgn:DescribeSourceServers
mgn:DescribeVcenterClients
mgn:GetLaunchConfiguration
mgn:GetReplicationConfiguration
mgn:ListApplications
mgn:ListSourceServerActions
mgn:ListTemplateActions
mgn:ListWaves
mobileanalytics:Get*
mobiletargeting:Get*
mobiletargeting:List*
monitron:GetProject
monitron:GetProjectAdminUser
monitron:ListProjects
monitron:ListTagsForResource
mq:Describe*
mq:List*
network-firewall:DescribeFirewall
network-firewall:DescribeFirewallPolicy
network-firewall:DescribeLoggingConfiguration
network-firewall:DescribeResourcePolicy
network-firewall:DescribeRuleGroup
network-firewall:DescribeRuleGroupMetadata
network-firewall:DescribeTLSInspectionConfiguration
network-firewall:ListFirewallPolicies
network-firewall:ListFirewalls
network-firewall:ListRuleGroups
network-firewall:ListTagsForResource
network-firewall:ListTLSInspectionConfigurations
networkmanager:DescribeGlobalNetworks
networkmanager:GetConnectAttachment
networkmanager:GetConnections
networkmanager:GetConnectPeer
networkmanager:GetConnectPeerAssociations
networkmanager:GetCoreNetwork
networkmanager:GetCoreNetworkChangeEvents
networkmanager:GetCoreNetworkChangeSet
networkmanager:GetCoreNetworkPolicy
networkmanager:GetCustomerGatewayAssociations
networkmanager:GetDevices
networkmanager:GetLinkAssociations
networkmanager:GetLinks
networkmanager:GetNetworkResourceCounts
networkmanager:GetNetworkResourceRelationships
networkmanager:GetNetworkResources
networkmanager:GetNetworkRoutes
networkmanager:GetNetworkTelemetry
networkmanager:GetResourcePolicy
networkmanager:GetRouteAnalysis
networkmanager:GetSites
networkmanager:GetSiteToSiteVpnAttachment
networkmanager:GetTransitGatewayConnectPeerAssociations
networkmanager:GetTransitGatewayPeering
networkmanager:GetTransitGatewayRegistrations
networkmanager:GetTransitGatewayRouteTableAttachment
networkmanager:GetVpcAttachment
networkmanager:ListAttachments
networkmanager:ListConnectPeers
networkmanager:ListCoreNetworkPolicyVersions
networkmanager:ListCoreNetworks
networkmanager:ListPeerings
networkmanager:ListTagsForResource
nimble:GetEula
nimble:GetFeatureMap
nimble:GetLaunchProfile
nimble:GetLaunchProfileDetails
nimble:GetLaunchProfileInitialization
nimble:GetLaunchProfileMember
nimble:GetStreamingImage
nimble:GetStreamingSession
nimble:GetStudio
nimble:GetStudioComponent
nimble:GetStudioMember
nimble:ListEulaAcceptances
nimble:ListEulas
nimble:ListLaunchProfileMembers
nimble:ListLaunchProfiles
nimble:ListStreamingImages
nimble:ListStreamingSessions
nimble:ListStudioComponents
nimble:ListStudioMembers
nimble:ListStudios
nimble:ListTagsForResource
notifications-contacts:GetEmailContact
notifications-contacts:ListEmailContacts
notifications-contacts:ListTagsForResource
notifications:GetEventRule
notifications:GetNotificationConfiguration
notifications:GetNotificationEvent
notifications:ListChannels
notifications:ListEventRules
notifications:ListNotificationConfigurations
notifications:ListNotificationEvents
notifications:ListNotificationHubs
notifications:ListTagsForResource
oam:GetLink
oam:GetSink
oam:GetSinkPolicy
oam:ListAttachedLinks
oam:ListLinks
oam:ListSinks
omics:Get*
omics:List*
one:GetDeviceConfigurationTemplate
one:GetDeviceInstance
one:GetDeviceInstanceConfiguration
one:GetSite
one:GetSiteAddress
one:ListDeviceConfigurationTemplates
one:ListDeviceInstances
one:ListSites
one:ListUsers
opsworks-cm:Describe*
opsworks-cm:List*
opsworks:Describe*
opsworks:Get*
organizations:Describe*
organizations:List*
osis:GetPipeline
osis:GetPipelineBlueprint
osis:GetPipelineChangeProgress
osis:ListPipelineBlueprints
osis:ListPipelines
osis:ListTagsForResource
outposts:Get*
outposts:List*
payment-cryptography:GetAlias
payment-cryptography:GetKey
payment-cryptography:GetPublicKeyCertificate
payment-cryptography:ListAliases
payment-cryptography:ListKeys
payment-cryptography:ListTagsForResource
payments:GetPaymentInstrument
payments:GetPaymentStatus
payments:ListPaymentPreferences
pca-connector-ad:GetConnector
pca-connector-ad:GetDirectoryRegistration
pca-connector-ad:GetServicePrincipalName
pca-connector-ad:GetTemplate
pca-connector-ad:GetTemplateGroupAccessControlEntry
pca-connector-ad:ListConnectors
pca-connector-ad:ListDirectoryRegistrations
pca-connector-ad:ListServicePrincipalNames
pca-connector-ad:ListTagsForResource
pca-connector-ad:ListTemplateGroupAccessControlEntries
pca-connector-ad:ListTemplates
personalize:Describe*
personalize:Get*
personalize:List*
pi:DescribeDimensionKeys
pi:GetDimensionKeyDetails
pi:GetResourceMetadata
pi:GetResourceMetrics
pi:ListAvailableResourceDimensions
pi:ListAvailableResourceMetrics
pipes:DescribePipe
pipes:ListPipes
pipes:ListTagsForResource
polly:Describe*
polly:Get*
polly:List*
polly:SynthesizeSpeech
pricing:DescribeServices
pricing:GetAttributeValues
pricing:GetPriceListFileUrl
pricing:GetProducts
pricing:ListPriceLists
proton:GetDeployment
proton:GetEnvironment
proton:GetEnvironmentTemplate
proton:GetEnvironmentTemplateVersion
proton:GetService
proton:GetServiceInstance
proton:GetServiceTemplate
proton:GetServiceTemplateVersion
proton:ListDeployments
proton:ListEnvironmentAccountConnections
proton:ListEnvironments
proton:ListEnvironmentTemplates
proton:ListServiceInstances
proton:ListServices
proton:ListServiceTemplates
proton:ListTagsForResource
purchase-orders:GetPurchaseOrder
purchase-orders:ListPurchaseOrderInvoices
purchase-orders:ListPurchaseOrders
purchase-orders:ViewPurchaseOrders
qldb:DescribeJournalKinesisStream
qldb:DescribeJournalS3Export
qldb:DescribeLedger
qldb:GetBlock
qldb:GetDigest
qldb:GetRevision
qldb:ListJournalKinesisStreamsForLedger
qldb:ListJournalS3Exports
qldb:ListJournalS3ExportsForLedger
qldb:ListLedgers
qldb:ListTagsForResource
ram:Get*
ram:List*
rbin:GetRule
rbin:ListRules
rbin:ListTagsForResource
rds:Describe*
rds:Download*
rds:List*
redshift:Describe*
redshift:GetReservedNodeExchangeOfferings
redshift:View*
refactor-spaces:GetApplication
refactor-spaces:GetEnvironment
refactor-spaces:GetResourcePolicy
refactor-spaces:GetRoute
refactor-spaces:GetService
refactor-spaces:ListApplications
refactor-spaces:ListEnvironments
refactor-spaces:ListEnvironmentVpcs
refactor-spaces:ListRoutes
refactor-spaces:ListServices
refactor-spaces:ListTagsForResource
rekognition:CompareFaces
rekognition:DescribeDataset
rekognition:DescribeProjects
rekognition:DescribeProjectVersions
rekognition:DescribeStreamProcessor
rekognition:Detect*
rekognition:GetCelebrityInfo
rekognition:GetCelebrityRecognition
rekognition:GetContentModeration
rekognition:GetFaceDetection
rekognition:GetFaceSearch
rekognition:GetLabelDetection
rekognition:GetPersonTracking
rekognition:GetSegmentDetection
rekognition:GetTextDetection
rekognition:List*
rekognition:RecognizeCelebrities
rekognition:Search*
resiliencehub:DescribeApp
resiliencehub:DescribeAppAssessment
resiliencehub:DescribeAppVersion
resiliencehub:DescribeAppVersionAppComponent
resiliencehub:DescribeAppVersionResource
resiliencehub:DescribeAppVersionResourcesResolutionStatus
resiliencehub:DescribeAppVersionTemplate
resiliencehub:DescribeDraftAppVersionResourcesImportStatus
resiliencehub:DescribeResiliencyPolicy
resiliencehub:ListAlarmRecommendations
resiliencehub:ListAppAssessmentComplianceDrifts
resiliencehub:ListAppAssessments
resiliencehub:ListAppComponentCompliances
resiliencehub:ListAppComponentRecommendations
resiliencehub:ListAppInputSources
resiliencehub:ListApps
resiliencehub:ListAppVersionAppComponents
resiliencehub:ListAppVersionResourceMappings
resiliencehub:ListAppVersionResources
resiliencehub:ListAppVersions
resiliencehub:ListRecommendationTemplates
resiliencehub:ListResiliencyPolicies
resiliencehub:ListSopRecommendations
resiliencehub:ListSuggestedResiliencyPolicies
resiliencehub:ListTagsForResource
resiliencehub:ListTestRecommendations
resiliencehub:ListUnsupportedAppVersionResources
resource-explorer-2:BatchGetView
resource-explorer-2:GetDefaultView
resource-explorer-2:GetIndex
resource-explorer-2:GetView
resource-explorer-2:ListIndexes
resource-explorer-2:ListSupportedResourceTypes
resource-explorer-2:ListTagsForResource
resource-explorer-2:ListViews
resource-explorer-2:Search
resource-groups:Get*
resource-groups:List*
resource-groups:Search*
robomaker:BatchDescribe*
robomaker:Describe*
robomaker:Get*
robomaker:List*
route53-recovery-cluster:Get*
route53-recovery-cluster:ListRoutingControls
route53-recovery-control-config:Describe*
route53-recovery-control-config:GetResourcePolicy
route53-recovery-control-config:List*
route53-recovery-readiness:Get*
route53-recovery-readiness:List*
route53:Get*
route53:List*
route53:Test*
route53domains:Check*
route53domains:Get*
route53domains:List*
route53domains:View*
route53resolver:Get*
route53resolver:List*
rum:GetAppMonitor
rum:GetAppMonitorData
rum:ListAppMonitors
s3-object-lambda:GetObject
s3-object-lambda:GetObjectAcl
s3-object-lambda:GetObjectLegalHold
s3-object-lambda:GetObjectRetention
s3-object-lambda:GetObjectTagging
s3-object-lambda:GetObjectVersion
s3-object-lambda:GetObjectVersionAcl
s3-object-lambda:GetObjectVersionTagging
s3-object-lambda:ListBucket
s3-object-lambda:ListBucketMultipartUploads
s3-object-lambda:ListBucketVersions
s3-object-lambda:ListMultipartUploadParts
s3:DescribeJob
s3:Get*
s3:List*
sagemaker-groundtruth-synthetic:GetAccountDetails
sagemaker-groundtruth-synthetic:GetBatch
sagemaker-groundtruth-synthetic:GetProject
sagemaker-groundtruth-synthetic:ListBatchDataTransfers
sagemaker-groundtruth-synthetic:ListBatchSummaries
sagemaker-groundtruth-synthetic:ListProjectDataTransfers
sagemaker-groundtruth-synthetic:ListProjectSummaries
sagemaker:Describe*
sagemaker:GetSearchSuggestions
sagemaker:List*
sagemaker:Search
savingsplans:DescribeSavingsPlanRates
savingsplans:DescribeSavingsPlans
savingsplans:DescribeSavingsPlansOfferingRates
savingsplans:DescribeSavingsPlansOfferings
savingsplans:ListTagsForResource
scheduler:GetSchedule
scheduler:GetScheduleGroup
scheduler:ListScheduleGroups
scheduler:ListSchedules
scheduler:ListTagsForResource
schemas:Describe*
schemas:Get*
schemas:List*
schemas:Search*
sdb:Get*
sdb:List*
sdb:Select*
secretsmanager:Describe*
secretsmanager:GetResourcePolicy
secretsmanager:List*
securityhub:BatchGetControlEvaluations
securityhub:BatchGetSecurityControls
securityhub:BatchGetStandardsControlAssociations
securityhub:Describe*
securityhub:Get*
securityhub:List*
securitylake:GetDataLakeExceptionSubscription
securitylake:GetDataLakeOrganizationConfiguration
securitylake:GetDataLakeSources
securitylake:GetSubscriber
securitylake:ListDataLakeExceptions
securitylake:ListDataLakes
securitylake:ListLogSources
securitylake:ListSubscribers
securitylake:ListTagsForResource
serverlessrepo:Get*
serverlessrepo:List*
serverlessrepo:SearchApplications
servicecatalog:Describe*
servicecatalog:GetApplication
servicecatalog:GetAttributeGroup
servicecatalog:List*
servicecatalog:Scan*
servicecatalog:Search*
servicediscovery:DiscoverInstances
servicediscovery:DiscoverInstancesRevision
servicediscovery:Get*
servicediscovery:List*
servicequotas:GetAssociationForServiceQuotaTemplate
servicequotas:GetAWSDefaultServiceQuota
servicequotas:GetRequestedServiceQuotaChange
servicequotas:GetServiceQuota
servicequotas:GetServiceQuotaIncreaseRequestFromTemplate
servicequotas:ListAWSDefaultServiceQuotas
servicequotas:ListRequestedServiceQuotaChangeHistory
servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota
servicequotas:ListServiceQuotaIncreaseRequestsInTemplate
servicequotas:ListServiceQuotas
servicequotas:ListServices
ses:BatchGetMetricData
ses:Describe*
ses:Get*
ses:List*
shield:Describe*
shield:Get*
shield:List*
signer:DescribeSigningJob
signer:GetSigningPlatform
signer:GetSigningProfile
signer:ListProfilePermissions
signer:ListSigningJobs
signer:ListSigningPlatforms
signer:ListSigningProfiles
signer:ListTagsForResource
sms-voice:DescribeAccountAttributes
sms-voice:DescribeAccountLimits
sms-voice:DescribeConfigurationSets
sms-voice:DescribeKeywords
sms-voice:DescribeOptedOutNumbers
sms-voice:DescribeOptOutLists
sms-voice:DescribePhoneNumbers
sms-voice:DescribePools
sms-voice:DescribeSenderIds
sms-voice:DescribeSpendLimits
sms-voice:ListPoolOriginationIdentities
sms-voice:ListTagsForResource
snowball:Describe*
snowball:Get*
snowball:List*
sns:Check*
sns:Get*
sns:List*
sqs:Get*
sqs:List*
sqs:Receive*
ssm-contacts:DescribeEngagement
ssm-contacts:DescribePage
ssm-contacts:GetContact
ssm-contacts:GetContactChannel
ssm-contacts:ListContactChannels
ssm-contacts:ListContacts
ssm-contacts:ListEngagements
ssm-contacts:ListPageReceipts
ssm-contacts:ListPagesByContact
ssm-contacts:ListPagesByEngagement
ssm-incidents:GetIncidentRecord
ssm-incidents:GetReplicationSet
ssm-incidents:GetResourcePolicies
ssm-incidents:GetResponsePlan
ssm-incidents:GetTimelineEvent
ssm-incidents:ListIncidentRecords
ssm-incidents:ListRelatedItems
ssm-incidents:ListReplicationSets
ssm-incidents:ListResponsePlans
ssm-incidents:ListTagsForResource
ssm-incidents:ListTimelineEvents
ssm:Describe*
ssm:Get*
ssm:List*
sso-directory:Describe*
sso-directory:List*
sso-directory:Search*
sso:Describe*
sso:Get*
sso:List*
sso:Search*
states:Describe*
states:GetExecutionHistory
states:List*
storagegateway:Describe*
storagegateway:List*
sts:GetAccessKeyInfo
sts:GetCallerIdentity
sts:GetSessionToken
support:DescribeAttachment
support:DescribeCases
support:DescribeCommunications
support:DescribeServices
support:DescribeSeverityLevels
support:DescribeTrustedAdvisorCheckRefreshStatuses
support:DescribeTrustedAdvisorCheckResult
support:DescribeTrustedAdvisorChecks
support:DescribeTrustedAdvisorCheckSummaries
supportplans:GetSupportPlan
supportplans:GetSupportPlanUpdateStatus
sustainability:GetCarbonFootprintSummary
swf:Count*
swf:Describe*
swf:Get*
swf:List*
synthetics:Describe*
synthetics:Get*
synthetics:List*
tag:DescribeReportCreation
tag:Get*
tax:GetExemptions
tax:GetTaxInheritance
tax:GetTaxInterview
tax:GetTaxRegistration
tax:GetTaxRegistrationDocument
tax:ListTaxRegistrations
timestream:DescribeBatchLoadTask
timestream:DescribeDatabase
timestream:DescribeEndpoints
timestream:DescribeTable
timestream:ListBatchLoadTasks
timestream:ListDatabases
timestream:ListMeasures
timestream:ListTables
timestream:ListTagsForResource
tnb:GetSolFunctionInstance
tnb:GetSolFunctionPackage
tnb:GetSolFunctionPackageContent
tnb:GetSolFunctionPackageDescriptor
tnb:GetSolNetworkInstance
tnb:GetSolNetworkOperation
tnb:GetSolNetworkPackage
tnb:GetSolNetworkPackageContent
tnb:GetSolNetworkPackageDescriptor
tnb:ListSolFunctionInstances
tnb:ListSolFunctionPackages
tnb:ListSolNetworkInstances
tnb:ListSolNetworkOperations
tnb:ListSolNetworkPackages
tnb:ListTagsForResource
transcribe:Get*
transcribe:List*
transfer:Describe*
transfer:List*
transfer:TestIdentityProvider
translate:DescribeTextTranslationJob
translate:GetParallelData
translate:GetTerminology
translate:ListParallelData
translate:ListTerminologies
translate:ListTextTranslationJobs
trustedadvisor:Describe*
verifiedpermissions:GetIdentitySource
verifiedpermissions:GetPolicy
verifiedpermissions:GetPolicyStore
verifiedpermissions:GetPolicyTemplate
verifiedpermissions:GetSchema
verifiedpermissions:IsAuthorized
verifiedpermissions:IsAuthorizedWithToken
verifiedpermissions:ListIdentitySources
verifiedpermissions:ListPolicies
verifiedpermissions:ListPolicyStores
verifiedpermissions:ListPolicyTemplates
vpc-lattice:GetAccessLogSubscription
vpc-lattice:GetAuthPolicy
vpc-lattice:GetListener
vpc-lattice:GetResourcePolicy
vpc-lattice:GetRule
vpc-lattice:GetService
vpc-lattice:GetServiceNetwork
vpc-lattice:GetServiceNetworkServiceAssociation
vpc-lattice:GetServiceNetworkVpcAssociation
vpc-lattice:GetTargetGroup
vpc-lattice:ListAccessLogSubscriptions
vpc-lattice:ListListeners
vpc-lattice:ListRules
vpc-lattice:ListServiceNetworks
vpc-lattice:ListServiceNetworkServiceAssociations
vpc-lattice:ListServiceNetworkVpcAssociations
vpc-lattice:ListServices
vpc-lattice:ListTagsForResource
vpc-lattice:ListTargetGroups
vpc-lattice:ListTargets
waf-regional:Get*
waf-regional:List*
waf:Get*
waf:List*
wafv2:CheckCapacity
wafv2:Describe*
wafv2:Get*
wafv2:List*
wellarchitected:ExportLens
wellarchitected:GetAnswer
wellarchitected:GetConsolidatedReport
wellarchitected:GetLens
wellarchitected:GetLensReview
wellarchitected:GetLensReviewReport
wellarchitected:GetLensVersionDifference
wellarchitected:GetMilestone
wellarchitected:GetProfile
wellarchitected:GetProfileTemplate
wellarchitected:GetReviewTemplate
wellarchitected:GetReviewTemplateAnswer
wellarchitected:GetReviewTemplateLensReview
wellarchitected:GetWorkload
wellarchitected:ListAnswers
wellarchitected:ListCheckDetails
wellarchitected:ListCheckSummaries
wellarchitected:ListLenses
wellarchitected:ListLensReviewImprovements
wellarchitected:ListLensReviews
wellarchitected:ListLensShares
wellarchitected:ListMilestones
wellarchitected:ListNotifications
wellarchitected:ListProfileNotifications
wellarchitected:ListProfiles
wellarchitected:ListProfileShares
wellarchitected:ListReviewTemplateAnswers
wellarchitected:ListReviewTemplates
wellarchitected:ListShareInvitations
wellarchitected:ListTagsForResource
wellarchitected:ListTemplateShares
wellarchitected:ListWorkloads
wellarchitected:ListWorkloadShares
workdocs:CheckAlias
workdocs:Describe*
workdocs:Get*
workmail:Describe*
workmail:Get*
workmail:List*
workmail:Search*
workspaces-web:GetBrowserSettings
workspaces-web:GetIdentityProvider
workspaces-web:GetNetworkSettings
workspaces-web:GetPortal
workspaces-web:GetPortalServiceProviderMetadata
workspaces-web:GetTrustStore
workspaces-web:GetUserAccessLoggingSettings
workspaces-web:GetUserSettings
workspaces-web:ListBrowserSettings
workspaces-web:ListIdentityProviders
workspaces-web:ListNetworkSettings
workspaces-web:ListPortals
workspaces-web:ListTagsForResource
workspaces-web:ListTrustStores
workspaces-web:ListUserAccessLoggingSettings
workspaces-web:ListUserSettings
workspaces:Describe*
xray:BatchGet*
xray:Get*

ReadOnlyAccess で指定されているアクションに含まれる単語の確認

一般的に Get〜、Describe〜のようなアクションが読み取りアクセスとして定義されているのではないかと推察していますが、前工程までで取得できた ReadOnlyAccess_ActionList.txt に含まれる動詞部分を取得してみることにします。
${ServicePrefix}:API アクション名 となっている API アクション名のパスカルケースの最初の動詞部分を取得するイメージです。

流れとしては ReadOnlyAccess_ActionList.txt を１行ずつ読み出して :（コロン）より後ろの文字列を変数 ACTION に代入、変数 ACTION 内に大文字が見つかるたびに _（アンダースコア）を入れたのちに、先頭部分を切り出してリストファイルに転記する処理をしています。
その後、転記したリストファイル内の重複を除去する流れです。

while read SERVICE; do
    ACTION=$(awk -F ':' '{print $2}' <<< ${SERVICE})
    echo ${ACTION} | sed -r -e 's/([a-zA-Z])([A-Z])/\1_\2/g' | sed 's/\*/_/g' | awk -F '_' '{print $1}' >> verb_list_in_policy_all.txt
done < ReadOnlyAccess_ActionList.txt

cat verb_list_in_policy_all.txt | sort | uniq > verb_list_in_policy.txt

出来上がった verb_list_in_policy.txt を見てみる

思っていた通り Get、Describe、List、View ももちろんですが、それら以外も含んでおり現時点では 47 分類となりました。

クリックで全体を見る

Admin
Batch
Check
Classify
Compare
Contains
Count
Deliver
Describe
Detect
Discover
Download
E
Estimate
Evaluate
Export
Filter
G
Generate
Get
Git
Is
List
Lookup
Parti
Preview
Query
Read
Receive
Recognize
Request
Resolve
Retrieve
Sample
Scan
Search
Select
Simulate
Start
Stop
Synthesize
Test
Validate
Verify
View
describe
list

Admin で始まるアクションを持つもの

cognito-idp の名前空間で利用されていましたが Get や List を含むもの を条件にすれば拾えそうです。

$ grep -E ":Admin" ReadOnlyAccess_ActionList.txt
cognito-idp:AdminGet*
cognito-idp:AdminList*

Batch で始まるアクションを持つもの

Batch からはじまるだけで、おおむね Get を含んでいるため、 Get を含むもの を条件にすれば拾えそうです。

$ grep -E ":Batch" ReadOnlyAccess_ActionList.txt
aoss:BatchGetCollection
aoss:BatchGetLifecyclePolicy
aoss:BatchGetVpcEndpoint
athena:Batch*
cleanrooms:BatchGetCollaborationAnalysisTemplate
cleanrooms:BatchGetSchema
clouddirectory:BatchRead
codebuild:BatchGet*
codecommit:BatchGet*
codedeploy:BatchGet*
comprehend:BatchDetect*
config:BatchGetAggregateResourceConfig
config:BatchGetResourceConfig
dax:BatchGetItem
detective:BatchGetGraphMemberDatasources
detective:BatchGetMembershipDatasources
dynamodb:BatchGet*
ecr-public:BatchCheckLayerAvailability
ecr:BatchCheck*
ecr:BatchGet*
frauddetector:BatchGetVariable
glue:BatchGetCrawlers
glue:BatchGetDevEndpoints
glue:BatchGetJobs
glue:BatchGetPartition
glue:BatchGetTriggers
glue:BatchGetWorkflows
identitystore-auth:BatchGetSession
inspector2:BatchGetAccountStatus
inspector2:BatchGetFreeTrialInfo
ivs:BatchGetChannel
kendra:BatchGetDocumentStatus
macie2:BatchGetCustomDataIdentifiers
resource-explorer-2:BatchGetView
robomaker:BatchDescribe*
securityhub:BatchGetControlEvaluations
securityhub:BatchGetSecurityControls
securityhub:BatchGetStandardsControlAssociations
ses:BatchGetMetricData
xray:BatchGet*

Check で始まるアクションを持つもの

$ grep -E ":Check" ReadOnlyAccess_ActionList.txt
ds:Check*
elasticbeanstalk:Check*
glue:CheckSchemaVersionValidity
route53domains:Check*
sns:Check*
wafv2:CheckCapacity
workdocs:CheckAlias

Classify で始まるアクションを持つもの

$ grep -E ":Classify" ReadOnlyAccess_ActionList.txt
comprehend:Classify*

Compare で始まるアクションを持つもの

$ grep -E ":Compare" ReadOnlyAccess_ActionList.txt
rekognition:CompareFaces

Contains で始まるアクションを持つもの

$ grep -E ":Contains" ReadOnlyAccess_ActionList.txt
comprehend:Contains*

Count で始まるアクションを持つもの

$ grep -E ":Count" ReadOnlyAccess_ActionList.txt
swf:Count*

Deliver で始まるアクションを持つもの

$ grep -E ":Deliver" ReadOnlyAccess_ActionList.txt
config:Deliver*

Describe で始まるアクションを持つもの

執筆時点で 341 アクションあり、思った通り読み取りアクションとしての王道の一つです。

$ grep -E ":Describe" ReadOnlyAccess_ActionList.txt
acm-pca:Describe*
acm:Describe*
appflow:DescribeConnector
appflow:DescribeConnectorEntity
appflow:DescribeConnectorFields
appflow:DescribeConnectorProfiles
appflow:DescribeConnectors
appflow:DescribeFlow
appflow:DescribeFlowExecution
appflow:DescribeFlowExecutionRecords
appflow:DescribeFlows
application-autoscaling:Describe*
applicationinsights:Describe*
appmesh:Describe*
apprunner:DescribeAutoScalingConfiguration
apprunner:DescribeCustomDomains
apprunner:DescribeObservabilityConfiguration
apprunner:DescribeService
apprunner:DescribeVpcConnector
apprunner:DescribeVpcIngressConnection
apprunner:DescribeWebAclForService
appstream:Describe*
aps:DescribeAlertManagerDefinition
aps:DescribeLoggingConfiguration
aps:DescribeRuleGroupsNamespace
aps:DescribeScraper
aps:DescribeWorkspace
autoscaling-plans:Describe*
autoscaling:Describe*
backup:Describe*
batch:Describe*
budgets:Describe*
ce:DescribeCostCategoryDefinition
ce:DescribeNotificationSubscription
ce:DescribeReport
chatbot:Describe*
cloud9:Describe*
cloudformation:Describe*
cloudfront-keyvaluestore:Describe*
cloudfront:Describe*
cloudhsm:Describe*
cloudsearch:Describe*
cloudtrail:Describe*
cloudwatch:Describe*
codeartifact:DescribeDomain
codeartifact:DescribePackage
codeartifact:DescribePackageVersion
codeartifact:DescribeRepository
codebuild:DescribeCodeCoverages
codebuild:DescribeTestCases
codecommit:Describe*
codeguru-profiler:Describe*
codeguru-reviewer:Describe*
codestar:Describe*
cognito-identity:Describe*
cognito-idp:Describe*
cognito-sync:Describe*
comprehend:Describe*
compute-optimizer:DescribeRecommendationExportJobs
config:Describe*
connect:Describe*
databrew:DescribeDataset
databrew:DescribeJob
databrew:DescribeJobRun
databrew:DescribeProject
databrew:DescribeRecipe
databrew:DescribeRuleset
databrew:DescribeSchedule
datapipeline:Describe*
datasync:Describe*
dax:Describe*
devops-guru:DescribeAccountHealth
devops-guru:DescribeAccountOverview
devops-guru:DescribeAnomaly
devops-guru:DescribeEventSourcesConfig
devops-guru:DescribeFeedback
devops-guru:DescribeInsight
devops-guru:DescribeOrganizationHealth
devops-guru:DescribeOrganizationOverview
devops-guru:DescribeOrganizationResourceCollectionHealth
devops-guru:DescribeResourceCollectionHealth
devops-guru:DescribeServiceIntegration
directconnect:Describe*
discovery:Describe*
dms:Describe*
drs:DescribeJobLogItems
drs:DescribeJobs
drs:DescribeLaunchConfigurationTemplates
drs:DescribeRecoveryInstances
drs:DescribeRecoverySnapshots
drs:DescribeReplicationConfigurationTemplates
drs:DescribeSourceNetworks
drs:DescribeSourceServers
ds:Describe*
dynamodb:Describe*
ec2:Describe*
ecr-public:DescribeImages
ecr-public:DescribeImageTags
ecr-public:DescribeRegistries
ecr-public:DescribeRepositories
ecr:Describe*
ecs:Describe*
eks:Describe*
elastic-inference:DescribeAcceleratorOfferings
elastic-inference:DescribeAccelerators
elastic-inference:DescribeAcceleratorTypes
elasticache:Describe*
elasticbeanstalk:Describe*
elasticfilesystem:Describe*
elasticloadbalancing:Describe*
elasticmapreduce:Describe*
emr-containers:DescribeJobRun
emr-containers:DescribeManagedEndpoint
emr-containers:DescribeVirtualCluster
es:Describe*
events:Describe*
firehose:Describe*
forecast:DescribeAutoPredictor
forecast:DescribeDataset
forecast:DescribeDatasetGroup
forecast:DescribeDatasetImportJob
forecast:DescribeExplainability
forecast:DescribeExplainabilityExport
forecast:DescribeForecast
forecast:DescribeForecastExportJob
forecast:DescribeMonitor
forecast:DescribePredictor
forecast:DescribePredictorBacktestExportJob
forecast:DescribeWhatIfAnalysis
forecast:DescribeWhatIfForecast
forecast:DescribeWhatIfForecastExport
frauddetector:DescribeDetector
frauddetector:DescribeModelVersions
freertos:Describe*
fsx:Describe*
gamelift:Describe*
glacier:Describe*
globalaccelerator:Describe*
grafana:DescribeWorkspace
grafana:DescribeWorkspaceAuthentication
grafana:DescribeWorkspaceConfiguration
greengrass:DescribeComponent
groundstation:DescribeContact
guardduty:Describe*
health:Describe*
healthlake:DescribeFHIRDatastore
healthlake:DescribeFHIRExportJob
healthlake:DescribeFHIRImportJob
identitystore:DescribeGroup
identitystore:DescribeGroupMembership
identitystore:DescribeUser
inspector:Describe*
inspector2:DescribeOrganizationConfiguration
iot:Describe*
iot1click:DescribeDevice
iot1click:DescribePlacement
iot1click:DescribeProject
iotanalytics:Describe*
iotevents:DescribeAlarm
iotevents:DescribeAlarmModel
iotevents:DescribeDetector
iotevents:DescribeDetectorModel
iotevents:DescribeInput
iotevents:DescribeLoggingOptions
iotfleethub:DescribeApplication
iotsitewise:Describe*
kafka:Describe*
kafka:DescribeCluster
kafka:DescribeClusterOperation
kafka:DescribeClusterV2
kafka:DescribeConfiguration
kafka:DescribeConfigurationRevision
kafkaconnect:DescribeConnector
kafkaconnect:DescribeCustomPlugin
kafkaconnect:DescribeWorkerConfiguration
kendra:DescribeDataSource
kendra:DescribeExperience
kendra:DescribeFaq
kendra:DescribeIndex
kendra:DescribePrincipalMapping
kendra:DescribeQuerySuggestionsBlockList
kendra:DescribeQuerySuggestionsConfig
kendra:DescribeThesaurus
kinesis:Describe*
kinesisanalytics:Describe*
kinesisvideo:Describe*
kms:Describe*
lakeformation:DescribeResource
launchwizard:DescribeAdditionalNode
launchwizard:DescribeProvisionedApp
launchwizard:DescribeProvisioningEvents
launchwizard:DescribeSettingsSet
lex:DescribeBot
lex:DescribeBotAlias
lex:DescribeBotChannel
lex:DescribeBotLocale
lex:DescribeBotVersion
lex:DescribeExport
lex:DescribeImport
lex:DescribeIntent
lex:DescribeResourcePolicy
lex:DescribeSlot
lex:DescribeSlotType
logs:Describe*
lookoutequipment:DescribeDataIngestionJob
lookoutequipment:DescribeDataset
lookoutequipment:DescribeInferenceScheduler
lookoutequipment:DescribeLabel
lookoutequipment:DescribeLabelGroup
lookoutequipment:DescribeModel
lookoutequipment:DescribeModelVersion
lookoutequipment:DescribeResourcePolicy
lookoutequipment:DescribeRetrainingScheduler
lookoutmetrics:Describe*
lookoutvision:DescribeDataset
lookoutvision:DescribeModel
lookoutvision:DescribeModelPackagingJob
lookoutvision:DescribeProject
machinelearning:Describe*
macie2:DescribeBuckets
macie2:DescribeClassificationJob
macie2:DescribeOrganizationConfiguration
mediaconnect:DescribeFlow
mediaconnect:DescribeOffering
mediaconnect:DescribeReservation
mediaconvert:DescribeEndpoints
medialive:DescribeChannel
medialive:DescribeInput
medialive:DescribeInputDevice
medialive:DescribeInputDeviceThumbnail
medialive:DescribeInputSecurityGroup
medialive:DescribeMultiplex
medialive:DescribeMultiplexProgram
medialive:DescribeOffering
medialive:DescribeReservation
medialive:DescribeSchedule
mediapackage-vod:Describe*
mediapackage:Describe*
mediastore:DescribeContainer
mediastore:DescribeObject
memorydb:DescribeClusters
memorydb:DescribeParameterGroups
memorydb:DescribeParameters
mgh:Describe*
mgn:DescribeJobLogItems
mgn:DescribeJobs
mgn:DescribeLaunchConfigurationTemplates
mgn:DescribeReplicationConfigurationTemplates
mgn:DescribeSourceServers
mgn:DescribeVcenterClients
mq:Describe*
network-firewall:DescribeFirewall
network-firewall:DescribeFirewallPolicy
network-firewall:DescribeLoggingConfiguration
network-firewall:DescribeResourcePolicy
network-firewall:DescribeRuleGroup
network-firewall:DescribeRuleGroupMetadata
network-firewall:DescribeTLSInspectionConfiguration
networkmanager:DescribeGlobalNetworks
opsworks-cm:Describe*
opsworks:Describe*
organizations:Describe*
personalize:Describe*
pi:DescribeDimensionKeys
pipes:DescribePipe
polly:Describe*
pricing:DescribeServices
qldb:DescribeJournalKinesisStream
qldb:DescribeJournalS3Export
qldb:DescribeLedger
rds:Describe*
redshift:Describe*
rekognition:DescribeDataset
rekognition:DescribeProjects
rekognition:DescribeProjectVersions
rekognition:DescribeStreamProcessor
resiliencehub:DescribeApp
resiliencehub:DescribeAppAssessment
resiliencehub:DescribeAppVersion
resiliencehub:DescribeAppVersionAppComponent
resiliencehub:DescribeAppVersionResource
resiliencehub:DescribeAppVersionResourcesResolutionStatus
resiliencehub:DescribeAppVersionTemplate
resiliencehub:DescribeDraftAppVersionResourcesImportStatus
resiliencehub:DescribeResiliencyPolicy
robomaker:Describe*
route53-recovery-control-config:Describe*
s3:DescribeJob
sagemaker:Describe*
savingsplans:DescribeSavingsPlanRates
savingsplans:DescribeSavingsPlans
savingsplans:DescribeSavingsPlansOfferingRates
savingsplans:DescribeSavingsPlansOfferings
schemas:Describe*
secretsmanager:Describe*
securityhub:Describe*
servicecatalog:Describe*
ses:Describe*
shield:Describe*
signer:DescribeSigningJob
sms-voice:DescribeAccountAttributes
sms-voice:DescribeAccountLimits
sms-voice:DescribeConfigurationSets
sms-voice:DescribeKeywords
sms-voice:DescribeOptedOutNumbers
sms-voice:DescribeOptOutLists
sms-voice:DescribePhoneNumbers
sms-voice:DescribePools
sms-voice:DescribeSenderIds
sms-voice:DescribeSpendLimits
snowball:Describe*
ssm-contacts:DescribeEngagement
ssm-contacts:DescribePage
ssm:Describe*
sso-directory:Describe*
sso:Describe*
states:Describe*
storagegateway:Describe*
support:DescribeAttachment
support:DescribeCases
support:DescribeCommunications
support:DescribeServices
support:DescribeSeverityLevels
support:DescribeTrustedAdvisorCheckRefreshStatuses
support:DescribeTrustedAdvisorCheckResult
support:DescribeTrustedAdvisorChecks
support:DescribeTrustedAdvisorCheckSummaries
swf:Describe*
synthetics:Describe*
tag:DescribeReportCreation
timestream:DescribeBatchLoadTask
timestream:DescribeDatabase
timestream:DescribeEndpoints
timestream:DescribeTable
transfer:Describe*
translate:DescribeTextTranslationJob
trustedadvisor:Describe*
wafv2:Describe*
workdocs:Describe*
workmail:Describe*
workspaces:Describe*

Detect で始まるアクションを持つもの

$ grep -E ":Detect" ReadOnlyAccess_ActionList.txt
cloudformation:Detect*
comprehend:Detect*
rekognition:Detect*

Discover で始まるアクションを持つもの

$ grep -E ":Discover" ReadOnlyAccess_ActionList.txt
kinesisanalytics:Discover*
servicediscovery:DiscoverInstances
servicediscovery:DiscoverInstancesRevision

Download で始まるアクションを持つもの

$ grep -E ":Download" ReadOnlyAccess_ActionList.txt
rds:Download*

E で始まるアクションを持つもの

例外的にパスカルケースでなかったパターンのため先頭の一文字だけ残された形となっていました。
ES〜 の形式の API アクションとなっている AWS サービスでした。

$ grep -E ":ES" ReadOnlyAccess_ActionList.txt
es:ESHttpGet
es:ESHttpHead

Estimate で始まるアクションを持つもの

$ grep -E ":Estimate" ReadOnlyAccess_ActionList.txt
cloudformation:Estimate*

Evaluate で始まるアクションを持つもの

$ grep -E ":Evaluate" ReadOnlyAccess_ActionList.txt
datapipeline:EvaluateExpression

Export で始まるアクションを持つもの

$ grep -E ":Export" ReadOnlyAccess_ActionList.txt
wellarchitected:ExportLens

Filter で始まるアクションを持つもの

$ grep -E ":Filter" ReadOnlyAccess_ActionList.txt
logs:FilterLogEvents

G で始まるアクションを持つもの

例外的にパスカルケースでなかったパターンのため先頭の一文字だけ残された形となっていました。
GET の形式の API アクションとなっている AWS サービスでした。

$ grep -E ":GET" ReadOnlyAccess_ActionList.txt
apigateway:GET

Generate で始まるアクションを持つもの

$ grep -E ":Generate" ReadOnlyAccess_ActionList.txt
cloudwatch:GenerateQuery
iam:Generate*

Get で始まるアクションを持つもの

執筆時点で 780 アクションとなり List の 794 アクションには及ばないものの、読み取りアクションとしての王道の一つと言えます。

$ grep -E ":Get" ReadOnlyAccess_ActionList.txt
a4b:Get*
access-analyzer:GetAccessPreview
access-analyzer:GetAnalyzedResource
access-analyzer:GetAnalyzer
access-analyzer:GetArchiveRule
access-analyzer:GetFinding
access-analyzer:GetGeneratedPolicy
account:GetAccountInformation
account:GetAlternateContact
account:GetChallengeQuestions
account:GetContactInformation
account:GetRegionOptStatus
acm-pca:Get*
acm:Get*
amplify:GetApp
amplify:GetBranch
amplify:GetDomainAssociation
amplify:GetJob
aoss:GetAccessPolicy
aoss:GetAccountSettings
aoss:GetPoliciesStats
aoss:GetSecurityConfig
aoss:GetSecurityPolicy
appconfig:GetApplication
appconfig:GetConfiguration
appconfig:GetConfigurationProfile
appconfig:GetDeployment
appconfig:GetDeploymentStrategy
appconfig:GetEnvironment
appconfig:GetHostedConfigurationVersion
appfabric:GetAppAuthorization
appfabric:GetAppBundle
appfabric:GetIngestion
appfabric:GetIngestionDestination
appsync:Get*
aps:GetAlertManagerSilence
aps:GetAlertManagerStatus
aps:GetDefaultScraperConfiguration
aps:GetLabels
aps:GetMetricMetadata
aps:GetSeries
arc-zonal-shift:GetManagedResource
artifact:GetReport
artifact:GetReportMetadata
artifact:GetTermForReport
athena:Get*
auditmanager:GetAccountStatus
auditmanager:GetAssessment
auditmanager:GetAssessmentFramework
auditmanager:GetAssessmentReportUrl
auditmanager:GetChangeLogs
auditmanager:GetControl
auditmanager:GetDelegations
auditmanager:GetEvidence
auditmanager:GetEvidenceByEvidenceFolder
auditmanager:GetEvidenceFolder
auditmanager:GetEvidenceFoldersByAssessment
auditmanager:GetEvidenceFoldersByAssessmentControl
auditmanager:GetOrganizationAdminAccount
auditmanager:GetServicesInScope
auditmanager:GetSettings
autoscaling-plans:GetScalingPlanResourceForecastData
autoscaling:GetPredictiveScalingForecast
backup-gateway:GetBandwidthRateLimitSchedule
backup-gateway:GetGateway
backup-gateway:GetHypervisor
backup-gateway:GetHypervisorPropertyMappings
backup-gateway:GetVirtualMachine
backup:Get*
bedrock:GetAgent
bedrock:GetAgentActionGroup
bedrock:GetAgentAlias
bedrock:GetAgentKnowledgeBase
bedrock:GetAgentVersion
bedrock:GetCustomModel
bedrock:GetDataSource
bedrock:GetFoundationModel
bedrock:GetFoundationModelAvailability
bedrock:GetIngestionJob
bedrock:GetKnowledgeBase
bedrock:GetModelCustomizationJob
bedrock:GetModelInvocationLoggingConfiguration
bedrock:GetProvisionedModelThroughput
bedrock:GetUseCaseForModelAccess
billing:GetBillingData
billing:GetBillingDetails
billing:GetBillingNotifications
billing:GetBillingPreferences
billing:GetContractInformation
billing:GetCredits
billing:GetIAMAccessPreference
billing:GetSellerOfRecord
billingconductor:GetBillingGroupCostReport
braket:GetDevice
braket:GetJob
braket:GetQuantumTask
ce:GetAnomalies
ce:GetAnomalyMonitors
ce:GetAnomalySubscriptions
ce:GetApproximateUsageRecords
ce:GetCostAndUsage
ce:GetCostAndUsageWithResources
ce:GetCostCategories
ce:GetCostForecast
ce:GetDimensionValues
ce:GetPreferences
ce:GetReservationCoverage
ce:GetReservationPurchaseRecommendation
ce:GetReservationUtilization
ce:GetRightsizingRecommendation
ce:GetSavingsPlanPurchaseRecommendationDetails
ce:GetSavingsPlansCoverage
ce:GetSavingsPlansPurchaseRecommendation
ce:GetSavingsPlansUtilization
ce:GetSavingsPlansUtilizationDetails
ce:GetTags
ce:GetUsageForecast
chatbot:Get*
chime:Get*
cleanrooms:GetAnalysisTemplate
cleanrooms:GetCollaboration
cleanrooms:GetCollaborationAnalysisTemplate
cleanrooms:GetConfiguredAudienceModelAssociation
cleanrooms:GetConfiguredTable
cleanrooms:GetConfiguredTableAnalysisRule
cleanrooms:GetConfiguredTableAssociation
cleanrooms:GetMembership
cleanrooms:GetProtectedQuery
cleanrooms:GetSchema
cleanrooms:GetSchemaAnalysisRule
cleanrooms-ml:GetTrainingDataset
cleanrooms-ml:GetAudienceGenerationJob
cleanrooms-ml:GetAudienceModel
cleanrooms-ml:GetConfiguredAudienceModel
cleanrooms-ml:GetConfiguredAudienceModelPolicy
clouddirectory:Get*
cloudformation:Get*
cloudfront-keyvaluestore:Get*
cloudfront:Get*
cloudtrail:Get*
cloudwatch:Get*
codeartifact:GetAuthorizationToken
codeartifact:GetDomainPermissionsPolicy
codeartifact:GetPackageVersionAsset
codeartifact:GetPackageVersionReadme
codeartifact:GetRepositoryEndpoint
codeartifact:GetRepositoryPermissionsPolicy
codecatalyst:GetBillingAuthorization
codecatalyst:GetConnection
codecatalyst:GetPendingConnection
codecommit:Get*
codedeploy:Get*
codeguru-profiler:Get*
codeguru-reviewer:Get*
codepipeline:Get*
codestar-connections:GetConnection
codestar-connections:GetHost
codestar-connections:GetRepositoryLink
codestar-connections:GetRepositorySyncStatus
codestar-connections:GetResourceSyncStatus
codestar-connections:GetSyncConfiguration
codestar:Get*
cognito-identity:GetCredentialsForIdentity
cognito-identity:GetIdentityPoolAnalytics
cognito-identity:GetIdentityPoolDailyAnalytics
cognito-identity:GetIdentityPoolRoles
cognito-identity:GetIdentityProviderDailyAnalytics
cognito-identity:GetOpenIdToken
cognito-identity:GetOpenIdTokenForDeveloperIdentity
cognito-idp:Get*
cognito-sync:Get*
compute-optimizer:GetAutoScalingGroupRecommendations
compute-optimizer:GetEBSVolumeRecommendations
compute-optimizer:GetEC2InstanceRecommendations
compute-optimizer:GetEC2RecommendationProjectedMetrics
compute-optimizer:GetECSServiceRecommendationProjectedMetrics
compute-optimizer:GetECSServiceRecommendations
compute-optimizer:GetEffectiveRecommendationPreferences
compute-optimizer:GetEnrollmentStatus
compute-optimizer:GetEnrollmentStatusesForOrganization
compute-optimizer:GetLambdaFunctionRecommendations
compute-optimizer:GetLicenseRecommendations
compute-optimizer:GetRecommendationPreferences
compute-optimizer:GetRecommendationSummaries
config:Get*
connect:GetContactAttributes
connect:GetCurrentMetricData
connect:GetCurrentUserData
connect:GetFederationToken
connect:GetMetricData
connect:GetMetricDataV2
connect:GetTaskTemplate
connect:GetTrafficDistribution
consoleapp:GetDeviceIdentity
consolidatedbilling:GetAccountBillingRole
cost-optimization-hub:GetPreferences
cost-optimization-hub:GetRecommendation
cur:GetClassicReport
cur:GetClassicReportPreferences
cur:GetUsageReport
customer-verification:GetCustomerVerificationDetails
customer-verification:GetCustomerVerificationEligibility
dataexchange:Get*
datapipeline:Get*
dax:GetItem
deepcomposer:GetComposition
deepcomposer:GetModel
deepcomposer:GetSampleModel
detective:Get*
devicefarm:Get*
devops-guru:GetCostEstimation
devops-guru:GetResourceCollection
discovery:Get*
dlm:Get*
drs:GetFailbackReplicationConfiguration
drs:GetLaunchConfiguration
drs:GetReplicationConfiguration
ds:Get*
dynamodb:Get*
ec2:Get*
ec2messages:Get*
ecr-public:GetAuthorizationToken
ecr-public:GetRegistryCatalogData
ecr-public:GetRepositoryCatalogData
ecr-public:GetRepositoryPolicy
ecr:Get*
elasticmapreduce:GetBlockPublicAccessConfiguration
elemental-appliances-software:Get*
emr-serverless:GetApplication
emr-serverless:GetDashboardForJobRun
emr-serverless:GetJobRun
es:Get*
evidently:GetExperiment
evidently:GetExperimentResults
evidently:GetFeature
evidently:GetLaunch
evidently:GetProject
evidently:GetSegment
fis:GetAction
fis:GetExperiment
fis:GetExperimentTargetAccountConfiguration
fis:GetExperimentTemplate
fis:GetTargetAccountConfiguration
fis:GetTargetResourceType
fms:GetAdminAccount
fms:GetAppsList
fms:GetComplianceDetail
fms:GetNotificationChannel
fms:GetPolicy
fms:GetProtectionStatus
fms:GetProtocolsList
fms:GetViolationDetails
forecast:GetAccuracyMetrics
frauddetector:GetBatchImportJobs
frauddetector:GetBatchPredictionJobs
frauddetector:GetDeleteEventsByEventTypeStatus
frauddetector:GetDetectors
frauddetector:GetDetectorVersion
frauddetector:GetEntityTypes
frauddetector:GetEvent
frauddetector:GetEventPredictionMetadata
frauddetector:GetEventTypes
frauddetector:GetExternalModels
frauddetector:GetKMSEncryptionKey
frauddetector:GetLabels
frauddetector:GetListElements
frauddetector:GetListsMetadata
frauddetector:GetModels
frauddetector:GetModelVersion
frauddetector:GetOutcomes
frauddetector:GetRules
frauddetector:GetVariables
freetier:GetFreeTierAlertPreference
freetier:GetFreeTierUsage
gamelift:Get*
glacier:Get*
glue:GetCatalogImportStatus
glue:GetClassifier
glue:GetClassifiers
glue:GetCrawler
glue:GetCrawlerMetrics
glue:GetCrawlers
glue:GetDatabase
glue:GetDatabases
glue:GetDataCatalogEncryptionSettings
glue:GetDataflowGraph
glue:GetDevEndpoint
glue:GetDevEndpoints
glue:GetJob
glue:GetJobBookmark
glue:GetJobRun
glue:GetJobRuns
glue:GetJobs
glue:GetMapping
glue:GetMLTaskRun
glue:GetMLTaskRuns
glue:GetMLTransform
glue:GetMLTransforms
glue:GetPartition
glue:GetPartitions
glue:GetPlan
glue:GetRegistry
glue:GetResourcePolicy
glue:GetSchema
glue:GetSchemaByDefinition
glue:GetSchemaVersion
glue:GetSchemaVersionsDiff
glue:GetSecurityConfiguration
glue:GetSecurityConfigurations
glue:GetTable
glue:GetTables
glue:GetTableVersion
glue:GetTableVersions
glue:GetTags
glue:GetTrigger
glue:GetTriggers
glue:GetUserDefinedFunction
glue:GetUserDefinedFunctions
glue:GetWorkflow
glue:GetWorkflowRun
glue:GetWorkflowRunProperties
glue:GetWorkflowRuns
greengrass:Get*
groundstation:GetConfig
groundstation:GetDataflowEndpointGroup
groundstation:GetMinuteUsage
groundstation:GetMissionProfile
groundstation:GetSatellite
guardduty:Get*
healthlake:GetCapabilities
iam:Get*
identity-sync:GetSyncProfile
identity-sync:GetSyncTarget
identitystore:GetGroupId
identitystore:GetGroupMembershipId
identitystore:GetUserId
imagebuilder:Get*
importexport:Get*
inspector:Get*
inspector2:GetDelegatedAdminAccount
inspector2:GetFindingsReportStatus
inspector2:GetMember
internetmonitor:GetHealthEvent
internetmonitor:GetInternetEvent
internetmonitor:GetMonitor
invoicing:GetInvoiceEmailDeliveryPreferences
invoicing:GetInvoicePDF
iot:Get*
iot1click:GetDeviceMethods
iot1click:GetDevicesInPlacement
iotanalytics:Get*
iotfleetwise:GetCampaign
iotfleetwise:GetDecoderManifest
iotfleetwise:GetFleet
iotfleetwise:GetLoggingOptions
iotfleetwise:GetModelManifest
iotfleetwise:GetRegisterAccountStatus
iotfleetwise:GetSignalCatalog
iotfleetwise:GetVehicle
iotfleetwise:GetVehicleStatus
iotroborunner:GetDestination
iotroborunner:GetSite
iotroborunner:GetWorker
iotroborunner:GetWorkerFleet
iotsitewise:Get*
iotwireless:GetDestination
iotwireless:GetDeviceProfile
iotwireless:GetEventConfigurationByResourceTypes
iotwireless:GetFuotaTask
iotwireless:GetLogLevelsByResourceTypes
iotwireless:GetMetrics
iotwireless:GetMetricConfiguration
iotwireless:GetMulticastGroup
iotwireless:GetMulticastGroupSession
iotwireless:GetNetworkAnalyzerConfiguration
iotwireless:GetPartnerAccount
iotwireless:GetPosition
iotwireless:GetPositionConfiguration
iotwireless:GetPositionEstimate
iotwireless:GetResourceEventConfiguration
iotwireless:GetResourceLogLevel
iotwireless:GetResourcePosition
iotwireless:GetServiceEndpoint
iotwireless:GetServiceProfile
iotwireless:GetWirelessDevice
iotwireless:GetWirelessDeviceImportTask
iotwireless:GetWirelessDeviceStatistics
iotwireless:GetWirelessGateway
iotwireless:GetWirelessGatewayCertificate
iotwireless:GetWirelessGatewayFirmwareInformation
iotwireless:GetWirelessGatewayStatistics
iotwireless:GetWirelessGatewayTask
iotwireless:GetWirelessGatewayTaskDefinition
ivs:GetChannel
ivs:GetComposition
ivs:GetEncoderConfiguration
ivs:GetStage
ivs:GetStageSession
ivs:GetParticipant
ivs:GetPlaybackKeyPair
ivs:GetPlaybackRestrictionPolicy
ivs:GetRecordingConfiguration
ivs:GetStreamSession
ivschat:GetLoggingConfiguration
ivschat:GetRoom
kafka:Get*
kafka:GetBootstrapBrokers
kafka:GetCompatibleKafkaVersions
kendra:GetQuerySuggestions
kendra:GetSnapshots
kinesis:Get*
kinesisanalytics:Get*
kinesisvideo:Get*
kms:Get*
lakeformation:GetDataCellsFilter
lakeformation:GetDataLakeSettings
lakeformation:GetEffectivePermissionsForPath
lakeformation:GetLfTag
lakeformation:GetResourceLfTags
lambda:Get*
launchwizard:GetDeployment
launchwizard:GetInfrastructureSuggestion
launchwizard:GetIpAddress
launchwizard:GetResourceCostEstimate
launchwizard:GetResourceRecommendation
launchwizard:GetSettingsSet
launchwizard:GetWorkload
launchwizard:GetWorkloadAsset
launchwizard:GetWorkloadAssets
lex:Get*
license-manager:Get*
lightsail:GetActiveNames
lightsail:GetAlarms
lightsail:GetAutoSnapshots
lightsail:GetBlueprints
lightsail:GetBucketAccessKeys
lightsail:GetBucketBundles
lightsail:GetBucketMetricData
lightsail:GetBuckets
lightsail:GetBundles
lightsail:GetCertificates
lightsail:GetCloudFormationStackRecords
lightsail:GetContainerAPIMetadata
lightsail:GetContainerImages
lightsail:GetContainerServiceDeployments
lightsail:GetContainerServiceMetricData
lightsail:GetContainerServicePowers
lightsail:GetContainerServices
lightsail:GetDisk
lightsail:GetDisks
lightsail:GetDiskSnapshot
lightsail:GetDiskSnapshots
lightsail:GetDistributionBundles
lightsail:GetDistributionLatestCacheReset
lightsail:GetDistributionMetricData
lightsail:GetDistributions
lightsail:GetDomain
lightsail:GetDomains
lightsail:GetExportSnapshotRecords
lightsail:GetInstance
lightsail:GetInstanceMetricData
lightsail:GetInstancePortStates
lightsail:GetInstances
lightsail:GetInstanceSnapshot
lightsail:GetInstanceSnapshots
lightsail:GetInstanceState
lightsail:GetKeyPair
lightsail:GetKeyPairs
lightsail:GetLoadBalancer
lightsail:GetLoadBalancerMetricData
lightsail:GetLoadBalancers
lightsail:GetLoadBalancerTlsCertificates
lightsail:GetOperation
lightsail:GetOperations
lightsail:GetOperationsForResource
lightsail:GetRegions
lightsail:GetRelationalDatabase
lightsail:GetRelationalDatabaseBlueprints
lightsail:GetRelationalDatabaseBundles
lightsail:GetRelationalDatabaseEvents
lightsail:GetRelationalDatabaseLogEvents
lightsail:GetRelationalDatabaseLogStreams
lightsail:GetRelationalDatabaseMetricData
lightsail:GetRelationalDatabaseParameters
lightsail:GetRelationalDatabases
lightsail:GetRelationalDatabaseSnapshot
lightsail:GetRelationalDatabaseSnapshots
lightsail:GetStaticIp
lightsail:GetStaticIps
logs:Get*
lookoutmetrics:Get*
m2:GetApplication
m2:GetApplicationVersion
m2:GetBatchJobExecution
m2:GetDataSetDetails
m2:GetDataSetImportTask
m2:GetDeployment
m2:GetEnvironment
machinelearning:Get*
macie2:GetAdministratorAccount
macie2:GetAllowList
macie2:GetAutomatedDiscoveryConfiguration
macie2:GetBucketStatistics
macie2:GetClassificationExportConfiguration
macie2:GetClassificationScope
macie2:GetCustomDataIdentifier
macie2:GetFindings
macie2:GetFindingsFilter
macie2:GetFindingsPublicationConfiguration
macie2:GetFindingStatistics
macie2:GetInvitationsCount
macie2:GetMacieSession
macie2:GetMember
macie2:GetResourceProfile
macie2:GetRevealConfiguration
macie2:GetSensitiveDataOccurrencesAvailability
macie2:GetSensitivityInspectionTemplate
macie2:GetUsageStatistics
macie2:GetUsageTotals
managedblockchain:GetMember
managedblockchain:GetNetwork
managedblockchain:GetNode
managedblockchain:GetProposal
mediaconvert:Get*
medialive:GetCloudWatchAlarmTemplate
medialive:GetCloudWatchAlarmTemplateGroup
medialive:GetEventBridgeRuleTemplate
medialive:GetEventBridgeRuleTemplateGroup
medialive:GetSignalMap
mediapackagev2:GetChannel
mediapackagev2:GetChannelGroup
mediapackagev2:GetChannelPolicy
mediapackagev2:GetHeadObject
mediapackagev2:GetObject
mediapackagev2:GetOriginEndpoint
mediapackagev2:GetOriginEndpointPolicy
mediastore:GetContainerPolicy
mediastore:GetCorsPolicy
mediastore:GetLifecyclePolicy
mediastore:GetMetricPolicy
mediastore:GetObject
mgh:GetHomeRegion
mgn:GetLaunchConfiguration
mgn:GetReplicationConfiguration
mobileanalytics:Get*
mobiletargeting:Get*
monitron:GetProject
monitron:GetProjectAdminUser
networkmanager:GetConnectAttachment
networkmanager:GetConnections
networkmanager:GetConnectPeer
networkmanager:GetConnectPeerAssociations
networkmanager:GetCoreNetwork
networkmanager:GetCoreNetworkChangeEvents
networkmanager:GetCoreNetworkChangeSet
networkmanager:GetCoreNetworkPolicy
networkmanager:GetCustomerGatewayAssociations
networkmanager:GetDevices
networkmanager:GetLinkAssociations
networkmanager:GetLinks
networkmanager:GetNetworkResourceCounts
networkmanager:GetNetworkResourceRelationships
networkmanager:GetNetworkResources
networkmanager:GetNetworkRoutes
networkmanager:GetNetworkTelemetry
networkmanager:GetResourcePolicy
networkmanager:GetRouteAnalysis
networkmanager:GetSites
networkmanager:GetSiteToSiteVpnAttachment
networkmanager:GetTransitGatewayConnectPeerAssociations
networkmanager:GetTransitGatewayPeering
networkmanager:GetTransitGatewayRegistrations
networkmanager:GetTransitGatewayRouteTableAttachment
networkmanager:GetVpcAttachment
nimble:GetEula
nimble:GetFeatureMap
nimble:GetLaunchProfile
nimble:GetLaunchProfileDetails
nimble:GetLaunchProfileInitialization
nimble:GetLaunchProfileMember
nimble:GetStreamingImage
nimble:GetStreamingSession
nimble:GetStudio
nimble:GetStudioComponent
nimble:GetStudioMember
notifications-contacts:GetEmailContact
notifications:GetEventRule
notifications:GetNotificationConfiguration
notifications:GetNotificationEvent
oam:GetLink
oam:GetSink
oam:GetSinkPolicy
omics:Get*
one:GetDeviceConfigurationTemplate
one:GetDeviceInstance
one:GetDeviceInstanceConfiguration
one:GetSite
one:GetSiteAddress
opsworks:Get*
osis:GetPipeline
osis:GetPipelineBlueprint
osis:GetPipelineChangeProgress
outposts:Get*
payment-cryptography:GetAlias
payment-cryptography:GetKey
payment-cryptography:GetPublicKeyCertificate
payments:GetPaymentInstrument
payments:GetPaymentStatus
pca-connector-ad:GetConnector
pca-connector-ad:GetDirectoryRegistration
pca-connector-ad:GetServicePrincipalName
pca-connector-ad:GetTemplate
pca-connector-ad:GetTemplateGroupAccessControlEntry
personalize:Get*
pi:GetDimensionKeyDetails
pi:GetResourceMetadata
pi:GetResourceMetrics
polly:Get*
pricing:GetAttributeValues
pricing:GetPriceListFileUrl
pricing:GetProducts
proton:GetDeployment
proton:GetEnvironment
proton:GetEnvironmentTemplate
proton:GetEnvironmentTemplateVersion
proton:GetService
proton:GetServiceInstance
proton:GetServiceTemplate
proton:GetServiceTemplateVersion
purchase-orders:GetPurchaseOrder
qldb:GetBlock
qldb:GetDigest
qldb:GetRevision
ram:Get*
rbin:GetRule
redshift:GetReservedNodeExchangeOfferings
refactor-spaces:GetApplication
refactor-spaces:GetEnvironment
refactor-spaces:GetResourcePolicy
refactor-spaces:GetRoute
refactor-spaces:GetService
rekognition:GetCelebrityInfo
rekognition:GetCelebrityRecognition
rekognition:GetContentModeration
rekognition:GetFaceDetection
rekognition:GetFaceSearch
rekognition:GetLabelDetection
rekognition:GetPersonTracking
rekognition:GetSegmentDetection
rekognition:GetTextDetection
resource-explorer-2:GetDefaultView
resource-explorer-2:GetIndex
resource-explorer-2:GetView
resource-groups:Get*
robomaker:Get*
route53-recovery-cluster:Get*
route53-recovery-control-config:GetResourcePolicy
route53-recovery-readiness:Get*
route53:Get*
route53domains:Get*
route53resolver:Get*
rum:GetAppMonitor
rum:GetAppMonitorData
s3-object-lambda:GetObject
s3-object-lambda:GetObjectAcl
s3-object-lambda:GetObjectLegalHold
s3-object-lambda:GetObjectRetention
s3-object-lambda:GetObjectTagging
s3-object-lambda:GetObjectVersion
s3-object-lambda:GetObjectVersionAcl
s3-object-lambda:GetObjectVersionTagging
s3:Get*
sagemaker-groundtruth-synthetic:GetAccountDetails
sagemaker-groundtruth-synthetic:GetBatch
sagemaker-groundtruth-synthetic:GetProject
sagemaker:GetSearchSuggestions
scheduler:GetSchedule
scheduler:GetScheduleGroup
schemas:Get*
sdb:Get*
secretsmanager:GetResourcePolicy
securityhub:Get*
securitylake:GetDataLakeExceptionSubscription
securitylake:GetDataLakeOrganizationConfiguration
securitylake:GetDataLakeSources
securitylake:GetSubscriber
serverlessrepo:Get*
servicecatalog:GetApplication
servicecatalog:GetAttributeGroup
servicediscovery:Get*
servicequotas:GetAssociationForServiceQuotaTemplate
servicequotas:GetAWSDefaultServiceQuota
servicequotas:GetRequestedServiceQuotaChange
servicequotas:GetServiceQuota
servicequotas:GetServiceQuotaIncreaseRequestFromTemplate
ses:Get*
shield:Get*
signer:GetSigningPlatform
signer:GetSigningProfile
snowball:Get*
sns:Get*
sqs:Get*
ssm-contacts:GetContact
ssm-contacts:GetContactChannel
ssm-incidents:GetIncidentRecord
ssm-incidents:GetReplicationSet
ssm-incidents:GetResourcePolicies
ssm-incidents:GetResponsePlan
ssm-incidents:GetTimelineEvent
ssm:Get*
sso:Get*
states:GetExecutionHistory
sts:GetAccessKeyInfo
sts:GetCallerIdentity
sts:GetSessionToken
supportplans:GetSupportPlan
supportplans:GetSupportPlanUpdateStatus
sustainability:GetCarbonFootprintSummary
swf:Get*
synthetics:Get*
tag:Get*
tax:GetExemptions
tax:GetTaxInheritance
tax:GetTaxInterview
tax:GetTaxRegistration
tax:GetTaxRegistrationDocument
tnb:GetSolFunctionInstance
tnb:GetSolFunctionPackage
tnb:GetSolFunctionPackageContent
tnb:GetSolFunctionPackageDescriptor
tnb:GetSolNetworkInstance
tnb:GetSolNetworkOperation
tnb:GetSolNetworkPackage
tnb:GetSolNetworkPackageContent
tnb:GetSolNetworkPackageDescriptor
transcribe:Get*
translate:GetParallelData
translate:GetTerminology
verifiedpermissions:GetIdentitySource
verifiedpermissions:GetPolicy
verifiedpermissions:GetPolicyStore
verifiedpermissions:GetPolicyTemplate
verifiedpermissions:GetSchema
vpc-lattice:GetAccessLogSubscription
vpc-lattice:GetAuthPolicy
vpc-lattice:GetListener
vpc-lattice:GetResourcePolicy
vpc-lattice:GetRule
vpc-lattice:GetService
vpc-lattice:GetServiceNetwork
vpc-lattice:GetServiceNetworkServiceAssociation
vpc-lattice:GetServiceNetworkVpcAssociation
vpc-lattice:GetTargetGroup
waf-regional:Get*
waf:Get*
wafv2:Get*
wellarchitected:GetAnswer
wellarchitected:GetConsolidatedReport
wellarchitected:GetLens
wellarchitected:GetLensReview
wellarchitected:GetLensReviewReport
wellarchitected:GetLensVersionDifference
wellarchitected:GetMilestone
wellarchitected:GetProfile
wellarchitected:GetProfileTemplate
wellarchitected:GetReviewTemplate
wellarchitected:GetReviewTemplateAnswer
wellarchitected:GetReviewTemplateLensReview
wellarchitected:GetWorkload
workdocs:Get*
workmail:Get*
workspaces-web:GetBrowserSettings
workspaces-web:GetIdentityProvider
workspaces-web:GetNetworkSettings
workspaces-web:GetPortal
workspaces-web:GetPortalServiceProviderMetadata
workspaces-web:GetTrustStore
workspaces-web:GetUserAccessLoggingSettings
workspaces-web:GetUserSettings
xray:Get*

Git で始まるアクションを持つもの

$ grep -E ":Git" ReadOnlyAccess_ActionList.txt
codecommit:GitPull

Is で始まるアクションを持つもの

$ grep -E ":Is" ReadOnlyAccess_ActionList.txt
lightsail:Is*
verifiedpermissions:IsAuthorized
verifiedpermissions:IsAuthorizedWithToken

List で始まるアクションを持つもの

執筆時点で 794 アクションあり、読み取りアクションとしてもっとも王道と言えるアクション名といえます。

$ grep -E ":List" ReadOnlyAccess_ActionList.txt
a4b:List*
access-analyzer:ListAccessPreviewFindings
access-analyzer:ListAccessPreviews
access-analyzer:ListAnalyzedResources
access-analyzer:ListAnalyzers
access-analyzer:ListArchiveRules
access-analyzer:ListFindings
access-analyzer:ListPolicyGenerations
access-analyzer:ListTagsForResource
account:ListRegions
acm-pca:List*
acm:List*
airflow:ListEnvironments
airflow:ListTagsForResource
amplify:ListApps
amplify:ListBranches
amplify:ListDomainAssociations
amplify:ListJobs
aoss:ListAccessPolicies
aoss:ListCollections
aoss:ListLifecyclePolicies
aoss:ListSecurityConfigs
aoss:ListSecurityPolicies
aoss:ListTagsForResource
aoss:ListVpcEndpoints
appconfig:ListApplications
appconfig:ListConfigurationProfiles
appconfig:ListDeployments
appconfig:ListDeploymentStrategies
appconfig:ListEnvironments
appconfig:ListHostedConfigurationVersions
appconfig:ListTagsForResource
appfabric:ListAppAuthorizations
appfabric:ListAppBundles
appfabric:ListIngestionDestinations
appfabric:ListIngestions
appfabric:ListTagsForResource
appflow:ListConnectorEntities
appflow:ListConnectorFields
appflow:ListConnectors
appflow:ListFlows
appflow:ListTagsForResource
application-autoscaling:ListTagsForResource
applicationinsights:List*
appmesh:List*
apprunner:ListAssociatedServicesForWebAcl
apprunner:ListAutoScalingConfigurations
apprunner:ListConnections
apprunner:ListObservabilityConfigurations
apprunner:ListOperations
apprunner:ListServices
apprunner:ListServicesForAutoScalingConfiguration
apprunner:ListTagsForResource
apprunner:ListVpcConnectors
apprunner:ListVpcIngressConnections
appstream:List*
appsync:List*
aps:ListAlertManagerAlertGroups
aps:ListAlertManagerAlerts
aps:ListAlertManagerReceivers
aps:ListAlertManagerSilences
aps:ListAlerts
aps:ListRuleGroupsNamespaces
aps:ListRules
aps:ListScrapers
aps:ListTagsForResource
aps:ListWorkspaces
arc-zonal-shift:ListAutoshifts
arc-zonal-shift:ListManagedResources
arc-zonal-shift:ListZonalShifts
artifact:ListReports
athena:List*
auditmanager:ListAssessmentFrameworks
auditmanager:ListAssessmentReports
auditmanager:ListAssessments
auditmanager:ListControls
auditmanager:ListKeywordsForDataSource
auditmanager:ListNotifications
auditmanager:ListTagsForResource
backup-gateway:ListGateways
backup-gateway:ListHypervisors
backup-gateway:ListTagsForResource
backup-gateway:ListVirtualMachines
backup:List*
batch:List*
bedrock:ListAgentActionGroups
bedrock:ListAgentAliases
bedrock:ListAgentKnowledgeBases
bedrock:ListAgents
bedrock:ListAgentVersions
bedrock:ListCustomModels
bedrock:ListDataSources
bedrock:ListFoundationModelAgreementOffers
bedrock:ListFoundationModels
bedrock:ListIngestionJobs
bedrock:ListKnowledgeBases
bedrock:ListModelCustomizationJobs
bedrock:ListProvisionedModelThroughputs
billing:ListBillingViews
billingconductor:ListAccountAssociations
billingconductor:ListBillingGroupCostReports
billingconductor:ListBillingGroups
billingconductor:ListCustomLineItems
billingconductor:ListCustomLineItemVersions
billingconductor:ListPricingPlans
billingconductor:ListPricingPlansAssociatedWithPricingRule
billingconductor:ListPricingRules
billingconductor:ListPricingRulesAssociatedToPricingPlan
billingconductor:ListResourcesAssociatedToCustomLineItem
billingconductor:ListTagsForResource
ce:ListCostAllocationTags
ce:ListCostAllocationTagBackfillHistory
ce:ListCostCategoryDefinitions
ce:ListSavingsPlansPurchaseRecommendationGeneration
ce:ListTagsForResource
chatbot:ListMicrosoftTeamsChannelConfigurations
chatbot:ListMicrosoftTeamsConfiguredTeams
chatbot:ListMicrosoftTeamsUserIdentities
chime:List*
cleanrooms:ListAnalysisTemplates
cleanrooms:ListCollaborationAnalysisTemplates
cleanrooms:ListCollaborationConfiguredAudienceModelAssociations
cleanrooms:ListCollaborations
cleanrooms:ListConfiguredTableAssociations
cleanrooms:ListConfiguredTables
cleanrooms:ListMembers
cleanrooms:ListMemberships
cleanrooms:ListProtectedQueries
cleanrooms:ListSchemas
cleanrooms:ListTagsForResource
cleanrooms-ml:ListAudienceExportJobs
cleanrooms-ml:ListAudienceGenerationJobs
cleanrooms-ml:ListAudienceModels
cleanrooms-ml:ListConfiguredAudienceModels
cleanrooms-ml:ListTrainingDatasets
cleanrooms-ml:ListTagsForResource
cloud9:List*
clouddirectory:List*
cloudformation:List*
cloudfront-keyvaluestore:List*
cloudfront:List*
cloudhsm:List*
cloudsearch:List*
cloudtrail:List*
cloudwatch:List*
codeartifact:ListDomains
codeartifact:ListPackages
codeartifact:ListPackageVersionAssets
codeartifact:ListPackageVersionDependencies
codeartifact:ListPackageVersions
codeartifact:ListRepositories
codeartifact:ListRepositoriesInDomain
codeartifact:ListTagsForResource
codebuild:List*
codecatalyst:ListConnections
codecatalyst:ListIamRolesForConnection
codecatalyst:ListTagsForResource
codecommit:List*
codedeploy:List*
codeguru-profiler:List*
codeguru-reviewer:List*
codepipeline:List*
codestar-connections:ListConnections
codestar-connections:ListHosts
codestar-connections:ListRepositoryLinks
codestar-connections:ListRepositorySyncDefinitions
codestar-connections:ListSyncConfigurations
codestar-connections:ListTagsForResource
codestar-notifications:ListTargets
codestar:List*
cognito-identity:List*
cognito-idp:List*
cognito-sync:List*
comprehend:List*
config:List*
connect:List*
consoleapp:ListDeviceIdentities
consolidatedbilling:ListLinkedAccounts
cost-optimization-hub:ListEnrollmentStatuses
cost-optimization-hub:ListRecommendations
cost-optimization-hub:ListRecommendationSummaries
databrew:ListDatasets
databrew:ListJobRuns
databrew:ListJobs
databrew:ListProjects
databrew:ListRecipes
databrew:ListRecipeVersions
databrew:ListRulesets
databrew:ListSchedules
databrew:ListTagsForResource
dataexchange:List*
datapipeline:List*
datasync:List*
dax:ListTags
deepcomposer:ListCompositions
deepcomposer:ListModels
deepcomposer:ListSampleModels
deepcomposer:ListTrainingTopics
detective:List*
devicefarm:List*
devops-guru:ListAnomaliesForInsight
devops-guru:ListAnomalousLogGroups
devops-guru:ListEvents
devops-guru:ListInsights
devops-guru:ListMonitoredResources
devops-guru:ListNotificationChannels
devops-guru:ListOrganizationInsights
devops-guru:ListRecommendations
discovery:List*
dms:List*
drs:ListExtensibleSourceServers
drs:ListLaunchActions
drs:ListStagingAccounts
drs:ListTagsForResource
ds:List*
dynamodb:List*
ec2:ListImagesInRecycleBin
ec2:ListSnapshotsInRecycleBin
ecr-public:ListTagsForResource
ecr:List*
ecs:List*
eks:List*
elastic-inference:ListTagsForResource
elasticache:List*
elasticbeanstalk:List*
elasticfilesystem:ListTagsForResource
elasticmapreduce:List*
elastictranscoder:List*
elemental-appliances-software:List*
emr-containers:ListJobRuns
emr-containers:ListManagedEndpoints
emr-containers:ListTagsForResource
emr-containers:ListVirtualClusters
emr-serverless:ListApplications
emr-serverless:ListJobRuns
emr-serverless:ListTagsForResource
es:List*
events:List*
evidently:ListExperiments
evidently:ListFeatures
evidently:ListLaunches
evidently:ListProjects
evidently:ListSegmentReferences
evidently:ListSegments
evidently:ListTagsForResource
firehose:List*
fis:ListActions
fis:ListExperimentResolvedTargets
fis:ListExperiments
fis:ListExperimentTargetAccountConfigurations
fis:ListExperimentTemplates
fis:ListTagsForResource
fis:ListTargetAccountConfigurations
fis:ListTargetResourceTypes
fms:ListAppsLists
fms:ListComplianceStatus
fms:ListMemberAccounts
fms:ListPolicies
fms:ListProtocolsLists
fms:ListTagsForResource
forecast:ListDatasetGroups
forecast:ListDatasetImportJobs
forecast:ListDatasets
forecast:ListExplainabilities
forecast:ListExplainabilityExports
forecast:ListForecastExportJobs
forecast:ListForecasts
forecast:ListMonitorEvaluations
forecast:ListMonitors
forecast:ListPredictorBacktestExportJobs
forecast:ListPredictors
forecast:ListWhatIfAnalyses
forecast:ListWhatIfForecastExports
forecast:ListWhatIfForecasts
frauddetector:ListEventPredictions
frauddetector:ListTagsForResource
freertos:List*
fsx:List*
gamelift:List*
glacier:List*
globalaccelerator:List*
glue:ListCrawlers
glue:ListCrawls
glue:ListDevEndpoints
glue:ListJobs
glue:ListMLTransforms
glue:ListRegistries
glue:ListSchemas
glue:ListSchemaVersions
glue:ListTriggers
glue:ListWorkflows
grafana:ListPermissions
grafana:ListTagsForResource
grafana:ListVersions
grafana:ListWorkspaces
greengrass:List*
groundstation:ListConfigs
groundstation:ListContacts
groundstation:ListDataflowEndpointGroups
groundstation:ListGroundStations
groundstation:ListMissionProfiles
groundstation:ListSatellites
groundstation:ListTagsForResource
guardduty:List*
healthlake:ListFHIRDatastores
healthlake:ListFHIRExportJobs
healthlake:ListFHIRImportJobs
healthlake:ListTagsForResource
iam:List*
identity-sync:ListSyncFilters
identitystore-auth:ListSessions
identitystore:ListGroupMemberships
identitystore:ListGroupMembershipsForMember
identitystore:ListGroups
identitystore:ListUsers
imagebuilder:List*
importexport:List*
inspector:List*
inspector2:ListAccountPermissions
inspector2:ListCisScans
inspector2:ListCoverage
inspector2:ListCoverageStatistics
inspector2:ListDelegatedAdminAccounts
inspector2:ListFilters
inspector2:ListFindingAggregations
inspector2:ListFindings
inspector2:ListMembers
inspector2:ListTagsForResource
inspector2:ListUsageTotals
internetmonitor:ListHealthEvents
internetmonitor:ListInternetEvents
internetmonitor:ListMonitors
internetmonitor:ListTagsForResource
invoicing:ListInvoiceSummaries
iot:List*
iot1click:ListDeviceEvents
iot1click:ListDevices
iot1click:ListPlacements
iot1click:ListProjects
iot1click:ListTagsForResource
iotanalytics:List*
iotevents:ListAlarmModels
iotevents:ListAlarmModelVersions
iotevents:ListAlarms
iotevents:ListDetectorModels
iotevents:ListDetectorModelVersions
iotevents:ListDetectors
iotevents:ListInputs
iotevents:ListTagsForResource
iotfleethub:ListApplications
iotfleetwise:ListCampaigns
iotfleetwise:ListDecoderManifestNetworkInterfaces
iotfleetwise:ListDecoderManifests
iotfleetwise:ListDecoderManifestSignals
iotfleetwise:ListFleets
iotfleetwise:ListFleetsForVehicle
iotfleetwise:ListModelManifestNodes
iotfleetwise:ListModelManifests
iotfleetwise:ListSignalCatalogNodes
iotfleetwise:ListSignalCatalogs
iotfleetwise:ListTagsForResource
iotfleetwise:ListVehicles
iotfleetwise:ListVehiclesInFleet
iotroborunner:ListDestinations
iotroborunner:ListSites
iotroborunner:ListWorkerFleets
iotroborunner:ListWorkers
iotsitewise:List*
iotwireless:ListDestinations
iotwireless:ListDeviceProfiles
iotwireless:ListDevicesForWirelessDeviceImportTask
iotwireless:ListEventConfigurations
iotwireless:ListFuotaTasks
iotwireless:ListMulticastGroups
iotwireless:ListMulticastGroupsByFuotaTask
iotwireless:ListNetworkAnalyzerConfigurations
iotwireless:ListPartnerAccounts
iotwireless:ListPositionConfigurations
iotwireless:ListQueuedMessages
iotwireless:ListServiceProfiles
iotwireless:ListTagsForResource
iotwireless:ListWirelessDeviceImportTasks
iotwireless:ListWirelessDevices
iotwireless:ListWirelessGateways
iotwireless:ListWirelessGatewayTaskDefinitions
ivs:ListChannels
ivs:ListCompositions
ivs:ListEncoderConfigurations
ivs:ListParticipants
ivs:ListParticipantEvents
ivs:ListPlaybackKeyPairs
ivs:ListPlaybackRestrictionPolicies
ivs:ListRecordingConfigurations
ivs:ListStages
ivs:ListStageSessions
ivs:ListStreams
ivs:ListStreamKeys
ivs:ListStreamSessions
ivs:ListTagsForResource
ivschat:ListLoggingConfigurations
ivschat:ListRooms
ivschat:ListTagsForResource
kafka:List*
kafka:ListClusterOperations
kafka:ListClusters
kafka:ListClustersV2
kafka:ListConfigurationRevisions
kafka:ListConfigurations
kafka:ListKafkaVersions
kafka:ListNodes
kafka:ListTagsForResource
kafkaconnect:ListConnectors
kafkaconnect:ListCustomPlugins
kafkaconnect:ListWorkerConfigurations
kendra:ListDataSources
kendra:ListDataSourceSyncJobs
kendra:ListEntityPersonas
kendra:ListExperienceEntities
kendra:ListExperiences
kendra:ListFaqs
kendra:ListGroupsOlderThanOrderingId
kendra:ListIndices
kendra:ListQuerySuggestionsBlockLists
kendra:ListTagsForResource
kendra:ListThesauri
kinesis:List*
kinesisanalytics:List*
kinesisvideo:List*
kms:List*
lakeformation:ListDataCellsFilter
lakeformation:ListLfTags
lakeformation:ListPermissions
lakeformation:ListResources
lakeformation:ListTableStorageOptimizers
lambda:List*
launchwizard:ListAdditionalNodes
launchwizard:ListAllowedResources
launchwizard:ListDeploymentEvents
launchwizard:ListDeployments
launchwizard:ListProvisionedApps
launchwizard:ListResourceCostEstimates
launchwizard:ListSettingsSets
launchwizard:ListWorkloadDeploymentOptions
launchwizard:ListWorkloadDeploymentPatterns
launchwizard:ListWorkloads
lex:ListBotAliases
lex:ListBotChannels
lex:ListBotLocales
lex:ListBots
lex:ListBotVersions
lex:ListBuiltInIntents
lex:ListBuiltInSlotTypes
lex:ListExports
lex:ListImports
lex:ListIntents
lex:ListSlots
lex:ListSlotTypes
lex:ListTagsForResource
license-manager:List*
logs:ListAnomalies
logs:ListLogAnomalyDetectors
logs:ListLogDeliveries
logs:ListTagsForResource
logs:ListTagsLogGroup
lookoutequipment:ListDataIngestionJobs
lookoutequipment:ListDatasets
lookoutequipment:ListInferenceEvents
lookoutequipment:ListInferenceExecutions
lookoutequipment:ListInferenceSchedulers
lookoutequipment:ListLabelGroups
lookoutequipment:ListLabels
lookoutequipment:ListModels
lookoutequipment:ListModelVersions
lookoutequipment:ListRetrainingSchedulers
lookoutequipment:ListSensorStatistics
lookoutequipment:ListTagsForResource
lookoutmetrics:List*
lookoutvision:ListDatasetEntries
lookoutvision:ListModelPackagingJobs
lookoutvision:ListModels
lookoutvision:ListProjects
lookoutvision:ListTagsForResource
m2:ListApplications
m2:ListApplicationVersions
m2:ListBatchJobDefinitions
m2:ListBatchJobExecutions
m2:ListDataSetImportHistory
m2:ListDataSets
m2:ListDeployments
m2:ListEngineVersions
m2:ListEnvironments
m2:ListTagsForResource
macie2:ListAllowLists
macie2:ListClassificationJobs
macie2:ListClassificationScopes
macie2:ListCustomDataIdentifiers
macie2:ListFindings
macie2:ListFindingsFilters
macie2:ListInvitations
macie2:ListMembers
macie2:ListOrganizationAdminAccounts
macie2:ListResourceProfileArtifacts
macie2:ListResourceProfileDetections
macie2:ListSensitivityInspectionTemplates
macie2:ListTagsForResource
managedblockchain:ListInvitations
managedblockchain:ListMembers
managedblockchain:ListNetworks
managedblockchain:ListNodes
managedblockchain:ListProposals
managedblockchain:ListProposalVotes
managedblockchain:ListTagsForResource
mediaconnect:ListEntitlements
mediaconnect:ListFlows
mediaconnect:ListOfferings
mediaconnect:ListReservations
mediaconnect:ListTagsForResource
mediaconvert:List*
medialive:ListChannels
medialive:ListCloudWatchAlarmTemplateGroups
medialive:ListCloudWatchAlarmTemplates
medialive:ListEventBridgeRuleTemplateGroups
medialive:ListEventBridgeRuleTemplates
medialive:ListInputDevices
medialive:ListInputDeviceTransfers
medialive:ListInputs
medialive:ListInputSecurityGroups
medialive:ListMultiplexes
medialive:ListMultiplexPrograms
medialive:ListOfferings
medialive:ListReservations
medialive:ListSignalMaps
medialive:ListTagsForResource
mediapackage-vod:List*
mediapackage:List*
mediapackagev2:ListChannelGroups
mediapackagev2:ListChannels
mediapackagev2:ListOriginEndpoints
mediapackagev2:ListTagsForResource
mediastore:ListContainers
mediastore:ListItems
mediastore:ListTagsForResource
memorydb:ListTags
mgh:List*
mgn:ListApplications
mgn:ListSourceServerActions
mgn:ListTemplateActions
mgn:ListWaves
mobiletargeting:List*
monitron:ListProjects
monitron:ListTagsForResource
mq:List*
network-firewall:ListFirewallPolicies
network-firewall:ListFirewalls
network-firewall:ListRuleGroups
network-firewall:ListTagsForResource
network-firewall:ListTLSInspectionConfigurations
networkmanager:ListAttachments
networkmanager:ListConnectPeers
networkmanager:ListCoreNetworkPolicyVersions
networkmanager:ListCoreNetworks
networkmanager:ListPeerings
networkmanager:ListTagsForResource
nimble:ListEulaAcceptances
nimble:ListEulas
nimble:ListLaunchProfileMembers
nimble:ListLaunchProfiles
nimble:ListStreamingImages
nimble:ListStreamingSessions
nimble:ListStudioComponents
nimble:ListStudioMembers
nimble:ListStudios
nimble:ListTagsForResource
notifications-contacts:ListEmailContacts
notifications-contacts:ListTagsForResource
notifications:ListChannels
notifications:ListEventRules
notifications:ListNotificationConfigurations
notifications:ListNotificationEvents
notifications:ListNotificationHubs
notifications:ListTagsForResource
oam:ListAttachedLinks
oam:ListLinks
oam:ListSinks
omics:List*
one:ListDeviceConfigurationTemplates
one:ListDeviceInstances
one:ListSites
one:ListUsers
opsworks-cm:List*
organizations:List*
osis:ListPipelineBlueprints
osis:ListPipelines
osis:ListTagsForResource
outposts:List*
payment-cryptography:ListAliases
payment-cryptography:ListKeys
payment-cryptography:ListTagsForResource
payments:ListPaymentPreferences
pca-connector-ad:ListConnectors
pca-connector-ad:ListDirectoryRegistrations
pca-connector-ad:ListServicePrincipalNames
pca-connector-ad:ListTagsForResource
pca-connector-ad:ListTemplateGroupAccessControlEntries
pca-connector-ad:ListTemplates
personalize:List*
pi:ListAvailableResourceDimensions
pi:ListAvailableResourceMetrics
pipes:ListPipes
pipes:ListTagsForResource
polly:List*
pricing:ListPriceLists
proton:ListDeployments
proton:ListEnvironmentAccountConnections
proton:ListEnvironments
proton:ListEnvironmentTemplates
proton:ListServiceInstances
proton:ListServices
proton:ListServiceTemplates
proton:ListTagsForResource
purchase-orders:ListPurchaseOrderInvoices
purchase-orders:ListPurchaseOrders
qldb:ListJournalKinesisStreamsForLedger
qldb:ListJournalS3Exports
qldb:ListJournalS3ExportsForLedger
qldb:ListLedgers
qldb:ListTagsForResource
ram:List*
rbin:ListRules
rbin:ListTagsForResource
rds:List*
refactor-spaces:ListApplications
refactor-spaces:ListEnvironments
refactor-spaces:ListEnvironmentVpcs
refactor-spaces:ListRoutes
refactor-spaces:ListServices
refactor-spaces:ListTagsForResource
rekognition:List*
resiliencehub:ListAlarmRecommendations
resiliencehub:ListAppAssessmentComplianceDrifts
resiliencehub:ListAppAssessments
resiliencehub:ListAppComponentCompliances
resiliencehub:ListAppComponentRecommendations
resiliencehub:ListAppInputSources
resiliencehub:ListApps
resiliencehub:ListAppVersionAppComponents
resiliencehub:ListAppVersionResourceMappings
resiliencehub:ListAppVersionResources
resiliencehub:ListAppVersions
resiliencehub:ListRecommendationTemplates
resiliencehub:ListResiliencyPolicies
resiliencehub:ListSopRecommendations
resiliencehub:ListSuggestedResiliencyPolicies
resiliencehub:ListTagsForResource
resiliencehub:ListTestRecommendations
resiliencehub:ListUnsupportedAppVersionResources
resource-explorer-2:ListIndexes
resource-explorer-2:ListSupportedResourceTypes
resource-explorer-2:ListTagsForResource
resource-explorer-2:ListViews
resource-groups:List*
robomaker:List*
route53-recovery-cluster:ListRoutingControls
route53-recovery-control-config:List*
route53-recovery-readiness:List*
route53:List*
route53domains:List*
route53resolver:List*
rum:ListAppMonitors
s3-object-lambda:ListBucket
s3-object-lambda:ListBucketMultipartUploads
s3-object-lambda:ListBucketVersions
s3-object-lambda:ListMultipartUploadParts
s3:List*
sagemaker-groundtruth-synthetic:ListBatchDataTransfers
sagemaker-groundtruth-synthetic:ListBatchSummaries
sagemaker-groundtruth-synthetic:ListProjectDataTransfers
sagemaker-groundtruth-synthetic:ListProjectSummaries
sagemaker:List*
savingsplans:ListTagsForResource
scheduler:ListScheduleGroups
scheduler:ListSchedules
scheduler:ListTagsForResource
schemas:List*
sdb:List*
secretsmanager:List*
securityhub:List*
securitylake:ListDataLakeExceptions
securitylake:ListDataLakes
securitylake:ListLogSources
securitylake:ListSubscribers
securitylake:ListTagsForResource
serverlessrepo:List*
servicecatalog:List*
servicediscovery:List*
servicequotas:ListAWSDefaultServiceQuotas
servicequotas:ListRequestedServiceQuotaChangeHistory
servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota
servicequotas:ListServiceQuotaIncreaseRequestsInTemplate
servicequotas:ListServiceQuotas
servicequotas:ListServices
ses:List*
shield:List*
signer:ListProfilePermissions
signer:ListSigningJobs
signer:ListSigningPlatforms
signer:ListSigningProfiles
signer:ListTagsForResource
sms-voice:ListPoolOriginationIdentities
sms-voice:ListTagsForResource
snowball:List*
sns:List*
sqs:List*
ssm-contacts:ListContactChannels
ssm-contacts:ListContacts
ssm-contacts:ListEngagements
ssm-contacts:ListPageReceipts
ssm-contacts:ListPagesByContact
ssm-contacts:ListPagesByEngagement
ssm-incidents:ListIncidentRecords
ssm-incidents:ListRelatedItems
ssm-incidents:ListReplicationSets
ssm-incidents:ListResponsePlans
ssm-incidents:ListTagsForResource
ssm-incidents:ListTimelineEvents
ssm:List*
sso-directory:List*
sso:List*
states:List*
storagegateway:List*
swf:List*
synthetics:List*
tax:ListTaxRegistrations
timestream:ListBatchLoadTasks
timestream:ListDatabases
timestream:ListMeasures
timestream:ListTables
timestream:ListTagsForResource
tnb:ListSolFunctionInstances
tnb:ListSolFunctionPackages
tnb:ListSolNetworkInstances
tnb:ListSolNetworkOperations
tnb:ListSolNetworkPackages
tnb:ListTagsForResource
transcribe:List*
transfer:List*
translate:ListParallelData
translate:ListTerminologies
translate:ListTextTranslationJobs
verifiedpermissions:ListIdentitySources
verifiedpermissions:ListPolicies
verifiedpermissions:ListPolicyStores
verifiedpermissions:ListPolicyTemplates
vpc-lattice:ListAccessLogSubscriptions
vpc-lattice:ListListeners
vpc-lattice:ListRules
vpc-lattice:ListServiceNetworks
vpc-lattice:ListServiceNetworkServiceAssociations
vpc-lattice:ListServiceNetworkVpcAssociations
vpc-lattice:ListServices
vpc-lattice:ListTagsForResource
vpc-lattice:ListTargetGroups
vpc-lattice:ListTargets
waf-regional:List*
waf:List*
wafv2:List*
wellarchitected:ListAnswers
wellarchitected:ListCheckDetails
wellarchitected:ListCheckSummaries
wellarchitected:ListLenses
wellarchitected:ListLensReviewImprovements
wellarchitected:ListLensReviews
wellarchitected:ListLensShares
wellarchitected:ListMilestones
wellarchitected:ListNotifications
wellarchitected:ListProfileNotifications
wellarchitected:ListProfiles
wellarchitected:ListProfileShares
wellarchitected:ListReviewTemplateAnswers
wellarchitected:ListReviewTemplates
wellarchitected:ListShareInvitations
wellarchitected:ListTagsForResource
wellarchitected:ListTemplateShares
wellarchitected:ListWorkloads
wellarchitected:ListWorkloadShares
workmail:List*
workspaces-web:ListBrowserSettings
workspaces-web:ListIdentityProviders
workspaces-web:ListNetworkSettings
workspaces-web:ListPortals
workspaces-web:ListTagsForResource
workspaces-web:ListTrustStores
workspaces-web:ListUserAccessLoggingSettings
workspaces-web:ListUserSettings

Lookup で始まるアクションを持つもの

$ grep -E ":Lookup" ReadOnlyAccess_ActionList.txt
clouddirectory:LookupPolicy
cloudtrail:LookupEvents
cognito-identity:Lookup*

Parti で始まるアクションを持つもの

$ grep -E ":Parti" ReadOnlyAccess_ActionList.txt
dynamodb:PartiQLSelect

Preview で始まるアクションを持つもの

$ grep -E ":Preview" ReadOnlyAccess_ActionList.txt
inspector:Preview*

Query で始まるアクションを持つもの

$ grep -E ":Query" ReadOnlyAccess_ActionList.txt
aps:QueryMetrics
cognito-sync:QueryRecords
datapipeline:QueryObjects
dax:Query
dynamodb:Query
forecast:QueryForecast
forecast:QueryWhatIfForecast
glue:QuerySchemaVersionMetadata
kendra:Query

Read で始まるアクションを持つもの

思ったより Read で始まるアクションは少なく 3 アクションのみでした。

$ grep -E ":Read" ReadOnlyAccess_ActionList.txt
codeartifact:ReadFromRepository
elastictranscoder:Read*
healthlake:ReadResource

Receive で始まるアクションを持つもの

$ grep -E ":Receive" ReadOnlyAccess_ActionList.txt
sqs:Receive*

Recognize で始まるアクションを持つもの

$ grep -E ":Recognize" ReadOnlyAccess_ActionList.txt
rekognition:RecognizeCelebrities

Request で始まるアクションを持つもの

$ grep -E ":Request" ReadOnlyAccess_ActionList.txt
elasticbeanstalk:Request*

Resolve で始まるアクションを持つもの

$ grep -E ":Resolve" ReadOnlyAccess_ActionList.txt
gamelift:ResolveAlias

Retrieve で始まるアクションを持つもの

$ grep -E ":Retrieve" ReadOnlyAccess_ActionList.txt
chime:Retrieve*
elasticbeanstalk:Retrieve*

Sample で始まるアクションを持つもの

$ grep -E ":Sample" ReadOnlyAccess_ActionList.txt
iotanalytics:SampleChannelData

Scan で始まるアクションを持つもの

$ grep -E ":Scan" ReadOnlyAccess_ActionList.txt
dax:Scan
dynamodb:Scan
servicecatalog:Scan*

Search で始まるアクションを持つもの

執筆時点で 26 アクションあり、まあまあ多い方でした。

$ grep -E ":Search" ReadOnlyAccess_ActionList.txt
a4b:Search*
braket:SearchDevices
braket:SearchJobs
braket:SearchQuantumTasks
chime:Search*
detective:SearchGraph
devops-guru:SearchInsights
ec2:SearchLocalGatewayRoutes
ec2:SearchTransitGatewayRoutes
gamelift:Search*
glue:SearchTables
healthlake:SearchWithGet
healthlake:SearchWithPost
lakeformation:SearchDatabasesByLfTags
lakeformation:SearchTablesByLfTags
macie2:SearchResources
rekognition:Search*
resource-explorer-2:Search
resource-groups:Search*
sagemaker:Search
schemas:Search*
serverlessrepo:SearchApplications
servicecatalog:Search*
sso-directory:Search*
sso:Search*
workmail:Search*

Select で始まるアクションを持つもの

$ grep -E ":Select" ReadOnlyAccess_ActionList.txt
cassandra:Select
config:SelectAggregateResourceConfig
config:SelectResourceConfig
sdb:Select*

Simulate で始まるアクションを持つもの

$ grep -E ":Simulate" ReadOnlyAccess_ActionList.txt
iam:Simulate*

Start で始まるアクションを持つもの

Start* としてしまうと EC2 インスタンスの起動を含んでしまうため迂闊に指定ができないタイプではあります。

$ grep -E ":Start" ReadOnlyAccess_ActionList.txt
devops-guru:StartCostEstimation
logs:StartLiveTail
logs:StartQuery

Stop で始まるアクションを持つもの

Stop* としてしまうと EC2 インスタンスの停止を含んでしまうため迂闊に指定ができないタイプではあります。

$ grep -E ":Stop" ReadOnlyAccess_ActionList.txt
logs:StopLiveTail
logs:StopQuery

Synthesize で始まるアクションを持つもの

$ grep -E ":Synthesize" ReadOnlyAccess_ActionList.txt
polly:SynthesizeSpeech

Test で始まるアクションを持つもの

$ grep -E ":Test" ReadOnlyAccess_ActionList.txt
dms:Test*
events:Test*
evidently:TestSegmentPattern
logs:TestMetricFilter
route53:Test*
transfer:TestIdentityProvider

Validate で始まるアクションを持つもの

$ grep -E ":Validate" ReadOnlyAccess_ActionList.txt
access-analyzer:ValidatePolicy
auditmanager:ValidateAssessmentReportIntegrity
chime:Validate*
cloudformation:ValidateTemplate
datapipeline:Validate*
elasticbeanstalk:Validate*

Verify で始まるアクションを持つもの

$ grep -E ":Verify" ReadOnlyAccess_ActionList.txt
codestar:Verify*
ds:Verify*

View で始まるアクションを持つもの

執筆時点で 6 アクションのみで、思ったより少ない印象です。

$ grep -E ":View" ReadOnlyAccess_ActionList.txt
aws-portal:View*
budgets:View*
elasticmapreduce:View*
purchase-orders:ViewPurchaseOrders
redshift:View*
route53domains:View*

describe で始まるアクションを持つもの

API アクション名がパスカルケースでなく、キャメルケースとなっているアクションも存在していました。
廃止が決まっている CodeStar なので無視することもできそうではあります。

$ grep -E ":describe" ReadOnlyAccess_ActionList.txt
codestar-notifications:describeNotificationRule

list で始まるアクションを持つもの