AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.
AWSAuditManagerServiceRolePolicy details (in AWS console)
Policy Name
AWSAuditManagerServiceRolePolicy
Description
Enables access to AWS Services and Resources used or managed by AWS Audit Manager
ARN
arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy
Path
/aws-service-role/
PolicyId
ANPAZKAPJZG4C5N52UWST
AttachmentCount
[
  {
    "Effect": "Allow",
    "Action": [
      "acm:GetAccountConfiguration",
      "acm:ListCertificates",
      "backup:ListRecoveryPointsByResource",
      "bedrock:GetCustomModel",
      "bedrock:GetFoundationModel",
      "bedrock:GetModelCustomizationJob",
      "bedrock:GetModelInvocationLoggingConfiguration",
      "bedrock:ListCustomModels",
      "bedrock:ListFoundationModels",
      "bedrock:ListModelCustomizationJobs",
      "cloudtrail:DescribeTrails",
      "cloudtrail:LookupEvents",
      "cloudwatch:DescribeAlarms",
      "cloudwatch:DescribeAlarmsForMetric",
      "cloudwatch:GetMetricStatistics",
      "cloudwatch:ListMetrics",
      "cognito-idp:DescribeUserPool",
      "config:DescribeConfigRules",
      "config:DescribeDeliveryChannels",
      "config:ListDiscoveredResources",
      "directconnect:DescribeDirectConnectGateways",
      "directconnect:DescribeVirtualGateways",
      "dynamodb:DescribeTable",
      "dynamodb:ListBackups",
      "dynamodb:ListGlobalTables",
      "dynamodb:ListTables",
      "ec2:DescribeAddresses",
      "ec2:DescribeCustomerGateways",
      "ec2:DescribeEgressOnlyInternetGateways",
      "ec2:DescribeFlowLogs",
      "ec2:DescribeInstances",
      "ec2:DescribeInternetGateways",
      "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations",
      "ec2:DescribeLocalGateways",
      "ec2:DescribeLocalGatewayVirtualInterfaces",
      "ec2:DescribeNatGateways",
      "ec2:DescribeNetworkAcls",
      "ec2:DescribeRouteTables",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeSnapshots",
      "ec2:DescribeTransitGateways",
      "ec2:DescribeVolumes",
      "ec2:DescribeVpcEndpoints",
      "ec2:DescribeVpcPeeringConnections",
      "ec2:DescribeVpcs",
      "ec2:DescribeVpnConnections",
      "ec2:DescribeVpnGateways",
      "ec2:GetEbsDefaultKmsKeyId",
      "ec2:GetEbsEncryptionByDefault",
      "ecs:DescribeClusters",
      "eks:DescribeAddonVersions",
      "elasticache:DescribeCacheClusters",
      "elasticache:DescribeServiceUpdates",
      "elasticfilesystem:DescribeAccessPoints",
      "elasticfilesystem:DescribeFileSystems",
      "elasticloadbalancing:DescribeLoadBalancers",
      "elasticloadbalancing:DescribeSslPolicies",
      "elasticloadbalancing:DescribeTargetGroups",
      "elasticmapreduce:ListClusters",
      "elasticmapreduce:ListSecurityConfigurations",
      "events:DescribeRule",
      "events:ListConnections",
      "events:ListEventBuses",
      "events:ListEventSources",
      "events:ListRules",
      "firehose:ListDeliveryStreams",
      "fsx:DescribeFileSystems",
      "guardduty:ListDetectors",
      "iam:GenerateCredentialReport",
      "iam:GetAccountAuthorizationDetails",
      "iam:GetAccountPasswordPolicy",
      "iam:GetAccountSummary",
      "iam:GetCredentialReport",
      "iam:ListEntitiesForPolicy",
      "iam:ListGroupPolicies",
      "iam:ListGroups",
      "iam:ListOpenIdConnectProviders",
      "iam:ListPolicies",
      "iam:ListRolePolicies",
      "iam:ListRoles",
      "iam:ListSamlProviders",
      "iam:ListUserPolicies",
      "iam:ListUsers",
      "iam:ListVirtualMFADevices",
      "kafka:ListClusters",
      "kafka:ListKafkaVersions",
      "kinesis:ListStreams",
      "kms:DescribeKey",
      "kms:GetKeyPolicy",
      "kms:GetKeyRotationStatus",
      "kms:ListGrants",
      "kms:ListKeyPolicies",
      "kms:ListKeys",
      "lambda:ListFunctions",
      "license-manager:ListAssociationsForLicenseConfiguration",
      "license-manager:ListLicenseConfigurations",
      "license-manager:ListUsageForLicenseConfiguration",
      "logs:DescribeDestinations",
      "logs:DescribeExportTasks",
      "logs:DescribeLogGroups",
      "logs:DescribeMetricFilters",
      "logs:DescribeResourcePolicies",
      "logs:FilterLogEvents",
      "organizations:DescribeOrganization",
      "organizations:DescribePolicy",
      "rds:DescribeCertificates",
      "rds:DescribeDbClusterEndpoints",
      "rds:DescribeDbClusterParameterGroups",
      "rds:DescribeDbClusters",
      "rds:DescribeDBInstances",
      "rds:DescribeDbSecurityGroups",
      "redshift:DescribeClusters",
      "route53:GetQueryLoggingConfig",
      "s3:GetBucketPublicAccessBlock",
      "s3:GetBucketVersioning",
      "s3:GetEncryptionConfiguration",
      "s3:GetLifecycleConfiguration",
      "s3:ListAllMyBuckets",
      "securityhub:DescribeStandards",
      "sns:ListTopics",
      "sqs:ListQueues",
      "waf-regional:GetLoggingConfiguration",
      "waf-regional:ListRuleGroups",
      "waf-regional:ListSubscribedRuleGroups",
      "waf-regional:ListWebACLs",
      "waf:ListActivatedRulesInRuleGroup"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "s3:GetBucketPolicy"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "events:PutRule"
    ],
    "Resource": [
      "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "events:DeleteRule",
      "events:DescribeRule",
      "events:EnableRule",
      "events:DisableRule",
      "events:ListTargetsByRule",
      "events:PutTargets",
      "events:RemoveTargets"
    ],
    "Resource": [
      "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver"
    ]
  }
]