# AWS managed policies for Amazon Application Recovery Controller (ARC)
For information about the AWS managed policies for the ARC capabilities with managed policies, including a managed policy for a service-linked role, see the following topics:
+ [Managed polices for zonal autoshift](security-iam-awsmanpol-zonal-autoshift.md)
+ [Managed polices for routing control](security-iam-awsmanpol-routing.md)
+ [Managed polices for readiness check](security-iam-awsmanpol-readiness.md)
## Updates to AWS managed policies for Amazon Application Recovery Controller (ARC)
View details about updates to AWS managed policies for capabilities in ARC since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the ARC [Document history page](doc-history.md).
| Change | Description | Date |
| --- | --- | --- |
| [AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy.html) – New policy | Amazon Application Recovery Controller (ARC) released a new managed policy that grants permissions for Region switch plan execution and evaluation. This policy provides read-only access to Region switch plan information, execution status, and Amazon CloudWatch monitoring data. It also includes permission to simulate IAM principal policies for plan evaluation. | November 3rd, 2025 |
| [AWSZonalAutoshiftPracticeRunSLRPolicy managed policy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSZonalAutoshiftPracticeRunSLRPolicy.html) – Updated policy | Adds the policy statement `AutoshiftPracticeCheckPermissions` with the permissions `autoscaling:DescribeAutoScalingGroups`, `ec2:DescribeInstances`, `elasticloadbalancing:DescribeTargetHealth`, and `elasticloadbalancing:DescribeTargetHealth` to support balanced capacity checks. To learn more, see [How zonal autoshift and practice runs work](arc-zonal-autoshift.how-it-works.md). | June 30, 2025 |
| [ AWSServiceRoleForPercPracticePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSZonalAutoshiftPracticeRunSLRPolicy.html) – New policy | ARC added a new service-linked role for autoshift and practice runs. ARC uses the permissions enabled by the service-linked role to monitor customer-provided Amazon CloudWatch alarms and customer Health Dashboard events for practice runs, and to start practice runs. To learn more about the new service-linked role, see [Service-linked role permissions for AWSServiceRoleForZonalAutoshiftPracticeRun](using-service-linked-roles-zonal-autoshift.md#slr-permissions-slr2). | November 30, 2023 |
| [AmazonRoute53RecoveryControlConfigReadOnlyAccess](security-iam-awsmanpol-routing.md#security-iam-awsmanpol-AmazonRoute53RecoveryControlConfigReadOnlyAccess) – Updated policy | Adds permissions for `GetResourcePolicy`, to support returning details about AWS Resource Access Manager resource policies for shared resources. | October 18, 2023 |
| [Route53RecoveryReadinessServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Route53RecoveryReadinessServiceRolePolicy.html) – Updated policy | ARC added new permissions to query information about Amazon EC2 instances. ARC uses the following permissions to support polling Amazon EC2 instances, to run readiness checks and determine the readiness status for the instances. `ec2:DescribeVpnGateways` `ec2:DescribeCustomerGateways` | February 17, 2023 |
| [Route53RecoveryReadinessServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Route53RecoveryReadinessServiceRolePolicy.html) – Updated policy | ARC added a new permission to query information about Lambda functions. ARC uses the following permission to query information about Lambda functions to run readiness checks and determine the readiness status for the functions. `lambda:ListProvisionedConcurrencyConfigs` | August 31, 2022 |
| [AmazonRoute53RecoveryControlConfigFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRoute53RecoveryControlConfigFullAccess.html) – Updated policy | Removed Amazon Route 53 permissions from the policy and added note listing the optional permissions. | May 26, 2022 |
| [AmazonRoute53RecoveryControlConfigFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRoute53RecoveryControlConfigFullAccess.html) – Updated policy | Added missing required Amazon Route 53 permissions to the policy. | April 15, 2022 |
| [AmazonRoute53RecoveryClusterReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRoute53RecoveryClusterReadOnlyAccess.html) – Updated policy | ARC added a new permission, `route53-recovery-cluster:ListRoutingControls`, to allow listing routing control ARNs with high availability. | March 15, 2022 |
| [AmazonRoute53RecoveryControlConfigReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRoute53RecoveryControlConfigReadOnlyAccess.html) – Updated policy | ARC added a new permission, `route53-recovery-control-config:ListTagsForResources`, to allow listing tags for a resource. | December 20, 2021 |
| [Route53RecoveryReadinessServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Route53RecoveryReadinessServiceRolePolicy.html) – Updated policy | ARC added a new permission to query information about Amazon API Gateway. ARC uses the permission, `apigateway:GET`, to query information about API Gateway to run readiness checks and determine the readiness status. | October 28, 2021 |
| [AmazonRoute53RecoveryReadinessReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRoute53RecoveryReadinessReadOnlyAccess.html) – Added new permissions | ARC added two new permissions to [ AmazonRoute53RecoveryReadinessReadOnlyAccess](security-iam-awsmanpol-readiness.md#security-iam-awsmanpol-AmazonRoute53RecoveryReadinessReadOnlyAccess): ARC uses `route53-recovery-readiness:GetArchitectureRecommendations` and `route53-recovery-readiness:GetCellReadinessSummary` to allow read-only access to these actions for working with recovery readiness. | October 15, 2021 |
| [Route53RecoveryReadinessServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Route53RecoveryReadinessServiceRolePolicy.html) – Updated policy | ARC added new permissions to query information about Lambda functions. ARC uses the following permissions to query information about Lambda functions to run readiness checks and determine the readiness status for those functions. `lambda:GetFunctionConcurrency` `lambda:GetFunctionConfiguration` `lambda:GetProvisionedConcurrencyConfig` `lambda:ListAliases` `lambda:ListVersionsByFunction` `lambda:ListEventSourceMappings` `lambda:ListFunctions` | October 8, 2021 |
| [Route53RecoveryReadinessServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Route53RecoveryReadinessServiceRolePolicy.html) – Added new managed policies | ARC added the following new managed policies: [AmazonRoute53RecoveryReadinessFullAccess](security-iam-awsmanpol-readiness.md#security-iam-awsmanpol-AmazonRoute53RecoveryReadinessFullAccess) [AmazonRoute53RecoveryReadinessReadOnlyAccess](security-iam-awsmanpol-readiness.md#security-iam-awsmanpol-AmazonRoute53RecoveryReadinessReadOnlyAccess) [AmazonRoute53RecoveryClusterFullAccess](security-iam-awsmanpol-routing.md#security-iam-awsmanpol-AmazonRoute53RecoveryClusterFullAccess) [AmazonRoute53RecoveryClusterReadOnlyAccess](security-iam-awsmanpol-routing.md#security-iam-awsmanpol-AmazonRoute53RecoveryClusterReadOnlyAccess) [AmazonRoute53RecoveryControlConfigFullAccess](security-iam-awsmanpol-routing.md#security-iam-awsmanpol-AmazonRoute53RecoveryControlConfigFullAccess) [AmazonRoute53RecoveryControlConfigReadOnlyAccess](security-iam-awsmanpol-routing.md#security-iam-awsmanpol-AmazonRoute53RecoveryControlConfigReadOnlyAccess) | August 18, 2021 |
| ARC started tracking changes | ARC started tracking changes for its AWS managed policies. | July 27, 2021 |