AWS devopsagent documentation change
Summary
Added required IAM permissions for Athena, Glue, and KMS services
Security assessment
Documents necessary permissions for secure access control, including sensitive KMS:Decrypt action for encrypted resources.
Diff
diff --git a/devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md b/devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md index e4bb59f19..7551a10ce 100644 --- a//devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md +++ b//devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md @@ -78,0 +79 @@ Service | Actions | Use case +Amazon Athena | `athena:GetQuery*`, `athena:StartQueryExecution`, `athena:StopQueryExecution` | Run Athena queries against your data catalog and retrieve managed query results @@ -80,0 +82,2 @@ AWS Direct Connect | `directconnect:DescribeConnections`, `directconnect:Describ +AWS Glue | `glue:GetPartitions` | Read partition metadata from the Glue Data Catalog for Athena queries +AWS KMS | `kms:Decrypt` | Decrypt encrypted resources such as S3 objects