Permissions for @turbot/aws-workspaces
Taking a look at permissions and associated grant levels for each permission for WorkSpaces:
| Permission | Grant Level | Help |
|---|---|---|
| iam:GetRole | Metadata | |
| iam:PassRole | Admin | Admins can allow workspace to use workspaces_DefaultRole role to create and delete network interface and required permissions. |
| workspaces:AssociateIpGroups | Admin | Admins can associate the specified IP access control group with the specified directory. |
| workspaces:AuthorizeIpRules | Admin | Admins can add one or more rules to the specified IP access control group. |
| workspaces:CopyWorkspaceImage | Operator | |
| workspaces:CreateIpGroup | Admin | Admins can create an IP access control group. |
| workspaces:CreateRegistration | Admin | |
| workspaces:CreateTags | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:CreateWorkspaces | Admin | Admins can manage create/terminate WorkSpace Instances. |
| workspaces:DeleteIpGroup | Admin | |
| workspaces:DeleteTags | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:DeleteWorkspaceImage | Admin | |
| workspaces:DeregisterWorkspaceDirectory | Admin | |
| workspaces:DescribeAccount | Metadata | Retrieves a list that describes the configuration of bring your own license (BYOL) for the specified account. |
| workspaces:DescribeAccountModifications | Metadata | Retrieves a list that describes modifications to the configuration of bring your own license (BYOL) for the specified account. |
| workspaces:DescribeClientProperties | Metadata | Describe client properties about the specified resources. |
| workspaces:DescribeIpGroups | Metadata | |
| workspaces:DescribeTags | Metadata | |
| workspaces:DescribeWorkspaceBundles | Metadata | |
| workspaces:DescribeWorkspaceDirectories | Metadata | |
| workspaces:DescribeWorkspaceImages | Metadata | Retrieves a list that describes one or more specified images. |
| workspaces:DescribeWorkspaceSnapshots | Metadata | |
| workspaces:DescribeWorkspaces | Metadata | |
| workspaces:DescribeWorkspacesConnectionStatus | Metadata | |
| workspaces:DisassociateIpGroups | Admin | |
| workspaces:ImportWorkspaceImage | Admin | Import a licensed EC2 image to into Amazon WorkSpaces. |
| workspaces:ListAvailableManagementCidrRanges | Metadata | List available CIDR ranges for a CIDR range constraint. |
| workspaces:ModifyAccount | Admin | Modify the configuration of bring your own license (BYOL) for the specified account. |
| workspaces:ModifyClientProperties | Admin | Modify the client properties of a specified resource. |
| workspaces:ModifySelfservicePermissions | Admin | |
| workspaces:ModifyWorkspaceAccessProperties | Admin | |
| workspaces:ModifyWorkspaceCreationProperties | Admin | |
| workspaces:ModifyWorkspaceProperties | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:ModifyWorkspaceState | Operator | Operators can change the state of workSpace to ADMIN_MAINTENANCE inorder to perform maintenance. |
| workspaces:RebootWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:RebuildWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:RegisterWorkspaceDirectory | Admin | |
| workspaces:RestoreWorkspace | Admin | |
| workspaces:RevokeIpRules | Admin | Admins can remove one or more rules from the specified IP access control group. |
| workspaces:StartWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:StopWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
| workspaces:TerminateWorkspaces | Admin | Admins can manage create/terminate WorkSpace Instances. |
| workspaces:UpdateRulesOfIpGroup | Admin |