trustedadvisor:ListRoots is a Read access-level action in the trustedadvisor service. Grants permission to view, in the Trusted Advisor console, all of the roots that are defined in an AWS organization
This action does not support resource-level permissions; use "Resource": "*" in your policy.
No condition keys are documented for this action.
A minimal policy that allows trustedadvisor:ListRoots. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowTrustedadvisorListRoots",
"Effect": "Allow",
"Action": "trustedadvisor:ListRoots",
"Resource": "*"
}
]
}