Merge pull request #1896 from udondan/update-aws-managed-policies

Author: udondan

docs/source/_static/managed-policies/AWSAccountActivityAccess.json

@@ -6,7 +6,6 @@
       "Action": [
         "account:GetAccountInformation",
         "account:GetAlternateContact",
-        "account:GetChallengeQuestions",
         "account:GetContactInformation",
         "account:GetRegionOptStatus",
         "account:ListRegions",

docs/source/_static/managed-policies/AmazonEKSNetworkingPolicy.json

@@ -54,6 +54,19 @@
           "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}"
         }
       }
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:ModifyNetworkInterfaceAttribute",
+      "Resource": [
+        "arn:aws:ec2:*:*:network-interface/*",
+        "arn:aws:ec2:*:*:instance/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}"
+        }
+      }
     }
   ]
 }

docs/source/_static/managed-policies/CloudWatchLogsAPIKeyAccess.json

@@ -0,0 +1,44 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "LogsAPIs",
+      "Effect": "Allow",
+      "Action": [
+        "logs:CallWithBearerToken",
+        "logs:PutLogEvents"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "KMSAPIs",
+      "Effect": "Allow",
+      "Action": [
+        "kms:GenerateDataKey",
+        "kms:Decrypt"
+      ],
+      "Condition": {
+        "StringLike": {
+          "kms:ViaService": "logs.*.amazonaws.com"
+        },
+        "ArnLike": {
+          "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:*:*:log-group:*"
+        }
+      },
+      "Resource": "arn:aws:kms:*:*:key/*"
+    },
+    {
+      "Sid": "KMSDescribeAPIs",
+      "Effect": "Allow",
+      "Action": [
+        "kms:DescribeKey"
+      ],
+      "Condition": {
+        "StringLike": {
+          "kms:ViaService": "logs.*.amazonaws.com"
+        }
+      },
+      "Resource": "arn:aws:kms:*:*:key/*"
+    }
+  ]
+}

docs/source/_static/managed-policies/index.json

@@ -6259,6 +6259,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchLambdaInsightsExecutionRolePolicy);
     }
 
+    /** Grants permissions to call CloudWatch Logs using API key authentication. */
+    public CloudWatchLogsAPIKeyAccess(): aws_iam.IManagedPolicy {
+        return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchLogsAPIKeyAccess);
+    }
+
     /** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch Logs resources */
     public CloudWatchLogsCrossAccountSharingConfiguration(): aws_iam.IManagedPolicy {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchLogsCrossAccountSharingConfiguration);

lib/generated/aws-managed-policies/cdk-iam-floyd.ts

@@ -2500,6 +2500,8 @@ export class AwsManagedPolicy {
     public static CloudWatchLambdaApplicationSignalsExecutionRolePolicy = 'CloudWatchLambdaApplicationSignalsExecutionRolePolicy';
     /** Policy required for the Lambda Insights Extension */
     public static CloudWatchLambdaInsightsExecutionRolePolicy = 'CloudWatchLambdaInsightsExecutionRolePolicy';
+    /** Grants permissions to call CloudWatch Logs using API key authentication. */
+    public static CloudWatchLogsAPIKeyAccess = 'CloudWatchLogsAPIKeyAccess';
     /** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch Logs resources */
     public static CloudWatchLogsCrossAccountSharingConfiguration = 'CloudWatchLogsCrossAccountSharingConfiguration';
     /** Provides full access to CloudWatch Logs */