Permissions for @turbot/aws-workspaces
Taking a look at permissions and associated grant levels for each permission for WorkSpaces:
Permission | Grant Level | Help |
---|---|---|
iam:GetRole | Metadata | |
iam:PassRole | Admin | Admins can allow workspace to use workspaces_DefaultRole role to create and delete network interface and required permissions. |
workspaces:AssociateIpGroups | Admin | Admins can associate the specified IP access control group with the specified directory. |
workspaces:AuthorizeIpRules | Admin | Admins can add one or more rules to the specified IP access control group. |
workspaces:CopyWorkspaceImage | Operator | |
workspaces:CreateIpGroup | Admin | Admins can create an IP access control group. |
workspaces:CreateRegistration | Admin | |
workspaces:CreateTags | Operator | Operators can manage existing WorkSpace instances. |
workspaces:CreateWorkspaces | Admin | Admins can manage create/terminate WorkSpace Instances. |
workspaces:DeleteIpGroup | Admin | |
workspaces:DeleteTags | Operator | Operators can manage existing WorkSpace instances. |
workspaces:DeleteWorkspaceImage | Admin | |
workspaces:DeregisterWorkspaceDirectory | Admin | |
workspaces:DescribeAccount | Metadata | Retrieves a list that describes the configuration of bring your own license (BYOL) for the specified account. |
workspaces:DescribeAccountModifications | Metadata | Retrieves a list that describes modifications to the configuration of bring your own license (BYOL) for the specified account. |
workspaces:DescribeClientProperties | Metadata | Describe client properties about the specified resources. |
workspaces:DescribeIpGroups | Metadata | |
workspaces:DescribeTags | Metadata | |
workspaces:DescribeWorkspaceBundles | Metadata | |
workspaces:DescribeWorkspaceDirectories | Metadata | |
workspaces:DescribeWorkspaceImages | Metadata | Retrieves a list that describes one or more specified images. |
workspaces:DescribeWorkspaceSnapshots | Metadata | |
workspaces:DescribeWorkspaces | Metadata | |
workspaces:DescribeWorkspacesConnectionStatus | Metadata | |
workspaces:DisassociateIpGroups | Admin | |
workspaces:ImportWorkspaceImage | Admin | Import a licensed EC2 image to into Amazon WorkSpaces. |
workspaces:ListAvailableManagementCidrRanges | Metadata | List available CIDR ranges for a CIDR range constraint. |
workspaces:ModifyAccount | Admin | Modify the configuration of bring your own license (BYOL) for the specified account. |
workspaces:ModifyClientProperties | Admin | Modify the client properties of a specified resource. |
workspaces:ModifySelfservicePermissions | Admin | |
workspaces:ModifyWorkspaceAccessProperties | Admin | |
workspaces:ModifyWorkspaceCreationProperties | Admin | |
workspaces:ModifyWorkspaceProperties | Operator | Operators can manage existing WorkSpace instances. |
workspaces:ModifyWorkspaceState | Operator | Operators can change the state of workSpace to ADMIN_MAINTENANCE inorder to perform maintenance. |
workspaces:RebootWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
workspaces:RebuildWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
workspaces:RegisterWorkspaceDirectory | Admin | |
workspaces:RestoreWorkspace | Admin | |
workspaces:RevokeIpRules | Admin | Admins can remove one or more rules from the specified IP access control group. |
workspaces:StartWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
workspaces:StopWorkspaces | Operator | Operators can manage existing WorkSpace instances. |
workspaces:TerminateWorkspaces | Admin | Admins can manage create/terminate WorkSpace Instances. |
workspaces:UpdateRulesOfIpGroup | Admin |