| access-analyzer:ApplyArchiveRule | Owner |
| access-analyzer:CancelPolicyGeneration | Owner |
| access-analyzer:CreateAccessPreview | Owner |
| access-analyzer:CreateAnalyzer | Owner |
| access-analyzer:CreateArchiveRule | Owner |
| access-analyzer:DeleteAnalyzer | Owner |
| access-analyzer:DeleteArchiveRule | Owner |
| access-analyzer:StartPolicyGeneration | Owner |
| access-analyzer:StartResourceScan | Owner |
| access-analyzer:UpdateArchiveRule | Owner |
| access-analyzer:UpdateFindings | Owner |
| iam:AddRoleToInstanceProfile | Owner |
| iam:AddUserToGroup | Owner |
| iam:AttachGroupPolicy | Owner |
| iam:AttachRolePolicy | Owner |
| iam:CreateAccountAlias | Owner |
| iam:CreateGroup | Owner |
| iam:CreateInstanceProfile | Owner |
| iam:CreatePolicy | Owner |
| iam:CreatePolicyVersion | Owner |
| iam:CreateRole | Owner |
| iam:CreateSAMLProvider | Owner |
| iam:CreateServiceLinkedRole | Owner |
| iam:CreateServiceSpecificCredential | Owner |
| iam:CreateVirtualMFADevice | Owner |
| iam:DeactivateMFADevice | Owner |
| iam:DeleteAccountAlias | Owner |
| iam:DeleteAccountPasswordPolicy | Owner |
| iam:DeleteGroup | Owner |
| iam:DeleteGroupPolicy | Owner |
| iam:DeleteInstanceProfile | Owner |
| iam:DeletePolicy | Owner |
| iam:DeletePolicyVersion | Owner |
| iam:DeleteRole | Owner |
| iam:DeleteRolePermissionsBoundary | Owner |
| iam:DeleteRolePolicy | Owner |
| iam:DeleteSAMLProvider | Owner |
| iam:DeleteServerCertificate | Owner |
| iam:DeleteServiceLinkedRole | Owner |
| iam:DeleteServiceSpecificCredential | Owner |
| iam:DeleteSSHPublicKey | Owner |
| iam:DeleteUserPermissionsBoundary | Owner |
| iam:DeleteUserPermissionsBoundary | Owner |
| iam:DeleteVirtualMFADevice | Owner |
| iam:DetachGroupPolicy | Owner |
| iam:DetachRolePolicy | Owner |
| iam:EnableMFADevice | Owner |
| iam:GenerateOrganizationsAccessReport | Owner |
| iam:PassRole | Owner |
| iam:PutGroupPolicy | Owner |
| iam:PutRolePermissionsBoundary | Owner |
| iam:PutRolePolicy | Owner |
| iam:PutUserPermissionsBoundary | Owner |
| iam:RemoveRoleFromInstanceProfile | Owner |
| iam:RemoveUserFromGroup | Owner |
| iam:ResetServiceSpecificCredential | Owner |
| iam:ResyncMFADevice | Owner |
| iam:SetDefaultPolicyVersion | Owner |
| iam:SetSecurityTokenServicePreferences | Owner |
| iam:UpdateAccountPasswordPolicy | Owner |
| iam:UpdateAssumeRolePolicy | Owner |
| iam:UpdateGroup | Owner |
| iam:UpdateRole | Owner |
| iam:UpdateRoleDescription | Owner |
| iam:UpdateSAMLProvider | Owner |
| iam:UpdateServerCertificate | Owner |
| iam:UpdateServiceSpecificCredential | Owner |
| iam:UpdateSSHPublicKey | Owner |
| iam:UploadServerCertificate | Owner |
| iam:UploadSSHPublicKey | Owner |
| access-analyzer:TagResource | Operator |
| access-analyzer:UntagResource | Operator |
| access-analyzer:ValidatePolicy | Operator |
| iam:TagInstanceProfile | Operator |
| iam:TagMFADevice | Operator |
| iam:TagOpenIDConnectProvider | Operator |
| iam:TagPolicy | Operator |
| iam:TagRole | Operator |
| iam:TagSAMLProvider | Operator |
| iam:TagServerCertificate | Operator |
| iam:TagUser | Operator |
| iam:UntagInstanceProfile | Operator |
| iam:UntagMFADevice | Operator |
| iam:UntagOpenIDConnectProvider | Operator |
| iam:UntagPolicy | Operator |
| iam:UntagRole | Operator |
| iam:UntagSAMLProvider | Operator |
| iam:UntagServerCertificate | Operator |
| iam:UntagUser | Operator |
| sts:AssumeRole | Operator |
| sts:AssumeRoleWithSAML | Operator |
| sts:AssumeRoleWithWebIdentity | Operator |
| access-analyzer:GetAccessPreview | Metadata |
| access-analyzer:GetAnalyzedResource | Metadata |
| access-analyzer:GetAnalyzer | Metadata |
| access-analyzer:GetArchiveRule | Metadata |
| access-analyzer:GetFinding | Metadata |
| access-analyzer:GetGeneratedPolicy | Metadata |
| access-analyzer:ListAccessPreviewFindings | Metadata |
| access-analyzer:ListAccessPreviews | Metadata |
| access-analyzer:ListAnalyzedResources | Metadata |
| access-analyzer:ListAnalyzers | Metadata |
| access-analyzer:ListArchiveRules | Metadata |
| access-analyzer:ListFindings | Metadata |
| access-analyzer:ListPolicyGenerations | Metadata |
| access-analyzer:ListTagsForResource | Metadata |
| iam:GenerateCredentialReport | Metadata |
| iam:GenerateServiceLastAccessedDetails | Metadata |
| iam:GetAccessKeyLastUsed | Metadata |
| iam:GetAccountAuthorizationDetails | Metadata |
| iam:GetAccountPasswordPolicy | Metadata |
| iam:GetAccountSummary | Metadata |
| iam:GetContextKeysForCustomPolicy | Metadata |
| iam:GetContextKeysForPrincipalPolicy | Metadata |
| iam:GetCredentialReport | Metadata |
| iam:GetGroup | Metadata |
| iam:GetGroupPolicy | Metadata |
| iam:GetInstanceProfile | Metadata |
| iam:GetLoginProfile | Metadata |
| iam:GetOpenIDConnectProvider | Metadata |
| iam:GetOrganizationsAccessReport | Metadata |
| iam:GetPolicy | Metadata |
| iam:GetPolicyVersion | Metadata |
| iam:GetRole | Metadata |
| iam:GetRolePolicy | Metadata |
| iam:GetSAMLProvider | Metadata |
| iam:GetServerCertificate | Metadata |
| iam:GetServiceLastAccessedDetails | Metadata |
| iam:GetServiceLastAccessedDetailsWithEntities | Metadata |
| iam:GetServiceLinkedRoleDeletionStatus | Metadata |
| iam:GetSSHPublicKey | Metadata |
| iam:GetUser | Metadata |
| iam:GetUserPolicy | Metadata |
| iam:ListAccessKeys | Metadata |
| iam:ListAccountAliases | Metadata |
| iam:ListAttachedGroupPolicies | Metadata |
| iam:ListAttachedRolePolicies | Metadata |
| iam:ListAttachedUserPolicies | Metadata |
| iam:ListEntitiesForPolicy | Metadata |
| iam:ListGroupPolicies | Metadata |
| iam:ListGroups | Metadata |
| iam:ListGroupsForUser | Metadata |
| iam:ListInstanceProfiles | Metadata |
| iam:ListInstanceProfilesForRole | Metadata |
| iam:ListInstanceProfileTags | Metadata |
| iam:ListMFADevices | Metadata |
| iam:ListMFADeviceTags | Metadata |
| iam:ListOpenIDConnectProviders | Metadata |
| iam:ListOpenIDConnectProviderTags | Metadata |
| iam:ListPolicies | Metadata |
| iam:ListPoliciesGrantingServiceAccess | Metadata |
| iam:ListPolicyTags | Metadata |
| iam:ListPolicyVersions | Metadata |
| iam:ListRolePolicies | Metadata |
| iam:ListRoles | Metadata |
| iam:ListRoleTags | Metadata |
| iam:ListSAMLProviders | Metadata |
| iam:ListSAMLProviderTags | Metadata |
| iam:ListServerCertificates | Metadata |
| iam:ListServerCertificateTags | Metadata |
| iam:ListServiceSpecificCredentials | Metadata |
| iam:ListSigningCertificates | Metadata |
| iam:ListSSHPublicKeys | Metadata |
| iam:ListUserPolicies | Metadata |
| iam:ListUsers | Metadata |
| iam:ListUserTags | Metadata |
| iam:ListVirtualMFADevices | Metadata |
| iam:SimulateCustomPolicy | Metadata |
| iam:SimulatePrincipalPolicy | Metadata |
| organizations:DescribeOrganization | Metadata |
| sts:DecodeAuthorizationMessage | Metadata |
