diff --git a/iamlivecore/iam_definition.json b/iamlivecore/iam_definition.json index 12f39a53..3d5f558f 100644 --- a/iamlivecore/iam_definition.json +++ b/iamlivecore/iam_definition.json @@ -1721,9 +1721,24 @@ }, { "conditions": [ + { + "condition": "account:AccountResourceOrgPaths", + "description": "Filters access by the resource path for an account in an organization", + "type": "ArrayOfString" + }, + { + "condition": "account:AccountResourceOrgTags/${TagKey}", + "description": "Filters access by resource tags for an account in an organization", + "type": "ArrayOfString" + }, + { + "condition": "account:AlternateContactTypes", + "description": "Filters access by alternate contact types", + "type": "ArrayOfString" + }, { "condition": "account:TargetRegion", - "description": "Filters access by a list of regions", + "description": "Filters access by a list of Regions. Enables or disables all the Regions specified here", "type": "String" } ], @@ -1731,7 +1746,24 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to disable a region", + "description": "Grants permission to delete the alternate contacts for an account", + "privilege": "DeleteAlternateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accountInOrganization" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable use of a Region", "privilege": "DisableRegion", "resource_types": [ { @@ -1745,7 +1777,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enable a region", + "description": "Grants permission to enable use of a Region", "privilege": "EnableRegion", "resource_types": [ { @@ -1757,9 +1789,26 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the alternate contacts for an account", + "privilege": "GetAlternateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accountInOrganization" + } + ] + }, { "access_level": "List", - "description": "Grants permission to list regions", + "description": "Grants permission to list the available Regions", "privilege": "ListRegions", "resource_types": [ { @@ -1768,10 +1817,38 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the alternate contacts for an account", + "privilege": "PutAlternateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accountInOrganization" + } + ] } ], - "resources": [], - "service_name": "AWS Accounts" + "resources": [ + { + "arn": "arn:${Partition}:account::${Account}:account", + "condition_keys": [], + "resource": "account" + }, + { + "arn": "arn:${Partition}:account::${ManagementAccountId}:account/o-${OrganizationId}/${MemberAccountId}", + "condition_keys": [], + "resource": "accountInOrganization" + } + ], + "service_name": "AWS Account Management" }, { "conditions": [ @@ -3396,6 +3473,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteBackendStorage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Amplify Admin challenge token by appId", @@ -3530,6 +3619,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetBackendStorage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an Amplify Admin challenge token by appId", @@ -3564,6 +3665,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ImportBackendStorage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the jobs of an existing Amplify Admin backend environment by appId and backendEnvironmentName", @@ -3581,6 +3694,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListS3Buckets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete all existing Amplify Admin backend environments by appId", @@ -3723,6 +3848,311 @@ ], "service_name": "AWS Amplify Admin" }, + { + "conditions": [ + { + "condition": "amplifyuibuilder:AppId", + "description": "Filters access by the app ID", + "type": "String" + }, + { + "condition": "amplifyuibuilder:ComponentsId", + "description": "Filters access by the component ID", + "type": "String" + }, + { + "condition": "amplifyuibuilder:EnvironmentName", + "description": "Filters access by the backend environment name", + "type": "String" + }, + { + "condition": "amplifyuibuilder:ThemesId", + "description": "Filters access by the theme ID", + "type": "String" + }, + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "amplifyuibuilder", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a component", + "privilege": "CreateComponent", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a theme", + "privilege": "CreateTheme", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a component", + "privilege": "DeleteComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a theme", + "privilege": "DeleteTheme", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to exchange a code for a token", + "privilege": "ExchangeCodeForToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to export components", + "privilege": "ExportComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to export themes", + "privilege": "ExportThemes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an existing component", + "privilege": "GetComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an existing theme", + "privilege": "GetTheme", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the components for an app", + "privilege": "ListComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the themes for an app", + "privilege": "ListThemes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to refresh an access token", + "privilege": "RefreshToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a component", + "privilege": "UpdateComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a theme", + "privilege": "UpdateTheme", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/components/${Id}", + "condition_keys": [ + "amplifyuibuilder:AppId", + "amplifyuibuilder:ComponentsId", + "amplifyuibuilder:EnvironmentName", + "aws:ResourceTag/${TagKey}" + ], + "resource": "ComponentResource" + }, + { + "arn": "arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/themes/${Id}", + "condition_keys": [ + "amplifyuibuilder:AppId", + "amplifyuibuilder:EnvironmentName", + "amplifyuibuilder:ThemesId", + "aws:ResourceTag/${TagKey}" + ], + "resource": "ThemeResource" + } + ], + "service_name": "AWS Amplify UI Builder" + }, { "conditions": [ { @@ -3737,17 +4167,17 @@ }, { "condition": "apigateway:Request/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not. Available during the CreateMethod and PutMethod operations. Also available as a collection during import and reimport", + "description": "Filters access based on whether an API key is required or not. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Request/ApiName", - "description": "Filters access by API name. Available during the CreateRestApi and UpdateRestApi operations", + "description": "Filters access by API name. Available during the CreateApi and UpdateApi operations", "type": "String" }, { "condition": "apigateway:Request/AuthorizerType", - "description": "Filters access by type of authorizer in the request, for example TOKEN, REQUEST, JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", + "description": "Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, { @@ -3757,13 +4187,13 @@ }, { "condition": "apigateway:Request/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations", + "description": "Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations", "type": "Bool" }, { "condition": "apigateway:Request/EndpointType", - "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations", - "type": "ArrayOfString" + "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations", + "type": "String" }, { "condition": "apigateway:Request/MtlsTrustStoreUri", @@ -3777,7 +4207,7 @@ }, { "condition": "apigateway:Request/RouteAuthorizationType", - "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import", + "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import", "type": "ArrayOfString" }, { @@ -3802,52 +4232,52 @@ }, { "condition": "apigateway:Resource/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not for the existing Method resource. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", + "description": "Filters access based on whether an API key is required or not for the existing Route resource. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Resource/ApiName", - "description": "Filters access by API name of the existing RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", + "description": "Filters access by API name. Available during the UpdateApi and DeleteApi operations", "type": "String" }, { "condition": "apigateway:Resource/AuthorizerType", - "description": "Filters access by the current type of authorizer, for example TOKEN, REQUEST, JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", + "description": "Filters access by the current type of authorizer, for example REQUEST or JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/AuthorizerUri", - "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", + "description": "Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", + "description": "Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations", "type": "Bool" }, { "condition": "apigateway:Resource/EndpointType", - "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations", - "type": "ArrayOfString" + "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateApi, and DeleteApi operations", + "type": "String" }, { "condition": "apigateway:Resource/MtlsTrustStoreUri", - "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/MtlsTrustStoreVersion", - "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/RouteAuthorizationType", - "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", + "description": "ilters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/SecurityPolicy", - "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations", + "description": "Filters access by TLS version. Available during the UpdateDomainName and DeleteDomainName operations", "type": "ArrayOfString" }, { @@ -3868,23 +4298,6 @@ ], "prefix": "apigateway", "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", - "privilege": "AddCertificateToDomain", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainName" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainNames" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a particular resource", @@ -3893,157 +4306,157 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" + "resource_type": "AccessLogSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizer" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMapping" + "resource_type": "ApiMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificate" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Deployment" + "resource_type": "AuthorizersCache" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" + "resource_type": "Cors" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationVersion" + "resource_type": "Deployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DomainName" + "resource_type": "Integration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayResponse" + "resource_type": "IntegrationResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integration" + "resource_type": "Model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponse" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Method" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MethodResponse" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Model" + "resource_type": "RouteSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" + "resource_type": "Stage" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resource" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "BasePathMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage" + "resource_type": "ClientCertificate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template" + "resource_type": "DocumentationPart" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlan" + "resource_type": "DocumentationVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlanKey" + "resource_type": "DomainName" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "VpcLink" + "resource_type": "GatewayResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AccessLogSettings" + "resource_type": "Method" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "MethodResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AuthorizersCache" + "resource_type": "Resource" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Cors" + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "Template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "UsagePlan" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "UsagePlanKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteSettings" + "resource_type": "VpcLink" }, { "condition_keys": [ @@ -4063,47 +4476,47 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Account" + "resource_type": "AccessLogSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKeys" + "resource_type": "ApiMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizer" + "resource_type": "ApiMappings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizers" + "resource_type": "Apis" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMapping" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMappings" + "resource_type": "Authorizers" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificate" + "resource_type": "AuthorizersCache" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificates" + "resource_type": "Cors" }, { "condition_keys": [], @@ -4118,232 +4531,232 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" + "resource_type": "ExportedAPI" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationParts" + "resource_type": "Integration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationVersion" + "resource_type": "IntegrationResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationVersions" + "resource_type": "IntegrationResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DomainName" + "resource_type": "Integrations" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DomainNames" + "resource_type": "Model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayResponse" + "resource_type": "ModelTemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayResponses" + "resource_type": "Models" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integration" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponse" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Method" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MethodResponse" + "resource_type": "RouteResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Model" + "resource_type": "RouteSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Models" + "resource_type": "Routes" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" + "resource_type": "Stage" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidators" + "resource_type": "Stages" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resource" + "resource_type": "Account" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resources" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "ApiKeys" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApis" + "resource_type": "BasePathMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sdk" + "resource_type": "BasePathMappings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage" + "resource_type": "ClientCertificate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stages" + "resource_type": "ClientCertificates" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlan" + "resource_type": "DocumentationPart" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlanKey" + "resource_type": "DocumentationParts" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlanKeys" + "resource_type": "DocumentationVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlans" + "resource_type": "DocumentationVersions" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "VpcLink" + "resource_type": "DomainName" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "VpcLinks" + "resource_type": "DomainNames" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AccessLogSettings" + "resource_type": "GatewayResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "GatewayResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "Method" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMappings" + "resource_type": "MethodResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Apis" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AuthorizersCache" + "resource_type": "RequestValidators" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Cors" + "resource_type": "Resource" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ExportedAPI" + "resource_type": "Resources" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponses" + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integrations" + "resource_type": "RestApis" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ModelTemplate" + "resource_type": "Sdk" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "UsagePlan" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "UsagePlanKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "UsagePlanKeys" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponses" + "resource_type": "UsagePlans" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteSettings" + "resource_type": "VpcLink" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Routes" + "resource_type": "VpcLinks" } ] }, @@ -4355,12 +4768,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Account" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" + "resource_type": "ApiMapping" }, { "condition_keys": [], @@ -4370,127 +4783,127 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMapping" + "resource_type": "Deployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificate" + "resource_type": "Integration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Deployment" + "resource_type": "IntegrationResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" + "resource_type": "Model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationVersion" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DomainName" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayResponse" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integration" + "resource_type": "Stage" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponse" + "resource_type": "Account" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Method" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MethodResponse" + "resource_type": "BasePathMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Model" + "resource_type": "ClientCertificate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" + "resource_type": "DocumentationPart" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resource" + "resource_type": "DocumentationVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "DomainName" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage" + "resource_type": "GatewayResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template" + "resource_type": "Method" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlan" + "resource_type": "MethodResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlanKey" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "VpcLink" + "resource_type": "Resource" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "Template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "UsagePlan" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "UsagePlanKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "VpcLink" }, { "condition_keys": [ @@ -4510,7 +4923,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKeys" + "resource_type": "ApiMappings" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Apis" }, { "condition_keys": [], @@ -4520,17 +4938,52 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMappings" + "resource_type": "Deployments" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificates" + "resource_type": "IntegrationResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Deployments" + "resource_type": "Integrations" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Models" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RouteResponses" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Routes" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stages" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApiKeys" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "BasePathMappings" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClientCertificates" }, { "condition_keys": [], @@ -4562,11 +5015,6 @@ "dependent_actions": [], "resource_type": "MethodResponse" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Models" - }, { "condition_keys": [], "dependent_actions": [], @@ -4582,11 +5030,6 @@ "dependent_actions": [], "resource_type": "RestApis" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stages" - }, { "condition_keys": [], "dependent_actions": [], @@ -4602,36 +5045,6 @@ "dependent_actions": [], "resource_type": "VpcLinks" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ApiMappings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Apis" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "IntegrationResponses" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Integrations" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RouteResponses" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Routes" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -4647,6 +5060,11 @@ "description": "Grants permission to update a particular resource", "privilege": "PUT", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Apis" + }, { "condition_keys": [], "dependent_actions": [], @@ -4672,11 +5090,6 @@ "dependent_actions": [], "resource_type": "RestApi" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Apis" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -4687,6 +5100,23 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", + "privilege": "AddCertificateToDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainNames" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to remove certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", @@ -4741,86 +5171,258 @@ ], "resources": [ { - "arn": "arn:${Partition}:apigateway:${Region}::/account", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings", "condition_keys": [], - "resource": "Account" + "resource": "AccessLogSettings" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apikeys/${ApiKeyId}", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}", "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/ApiName", + "apigateway:Resource/AuthorizerType", + "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/DisableExecuteApiEndpoint", + "apigateway:Resource/EndpointType", + "apigateway:Resource/RouteAuthorizationType", "aws:ResourceTag/${TagKey}" ], - "resource": "ApiKey" + "resource": "Api" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apikeys", + "arn": "arn:${Partition}:apigateway:${Region}::/apis", "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/RouteAuthorizationType", "aws:ResourceTag/${TagKey}" ], - "resource": "ApiKeys" + "resource": "Apis" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers/${AuthorizerId}", + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiMapping" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiMappings" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}", + "condition_keys": [ + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", "apigateway:Resource/AuthorizerType", "apigateway:Resource/AuthorizerUri", - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri" + "aws:ResourceTag/${TagKey}" ], "resource": "Authorizer" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers", "condition_keys": [ "apigateway:Request/AuthorizerType", - "aws:ResourceTag/${TagKey}", - "apigateway:Request/AuthorizerUri" + "apigateway:Request/AuthorizerUri", + "aws:ResourceTag/${TagKey}" ], "resource": "Authorizers" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/${BasePath}", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers", + "condition_keys": [], + "resource": "AuthorizersCache" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors", + "condition_keys": [], + "resource": "Cors" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "BasePathMapping" + "resource": "Deployment" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments", "condition_keys": [ + "apigateway:Request/StageName", "aws:ResourceTag/${TagKey}" ], - "resource": "BasePathMappings" + "resource": "Deployments" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates/${ClientCertificateId}", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}", + "condition_keys": [], + "resource": "ExportedAPI" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ClientCertificate" + "resource": "Integration" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ClientCertificates" + "resource": "Integrations" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}", + "condition_keys": [], + "resource": "IntegrationResponse" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments/${DeploymentId}", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses", + "condition_keys": [], + "resource": "IntegrationResponses" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Deployment" + "resource": "Model" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models", "condition_keys": [ - "apigateway:Request/StageName", "aws:ResourceTag/${TagKey}" ], - "resource": "Deployments" + "resource": "Models" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template", + "condition_keys": [], + "resource": "ModelTemplate" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}", + "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Route" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes", + "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Routes" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}", + "condition_keys": [], + "resource": "RouteResponse" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses", + "condition_keys": [], + "resource": "RouteResponses" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}", + "condition_keys": [], + "resource": "RouteRequestParameter" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}", + "condition_keys": [], + "resource": "RouteSettings" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}", + "condition_keys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "apigateway:Resource/AccessLoggingDestination", + "apigateway:Resource/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Stage" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages", + "condition_keys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Stages" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/account", + "condition_keys": [], + "resource": "Account" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apikeys/${ApiKeyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiKey" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apikeys", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiKeys" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/${BasePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "BasePathMapping" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "BasePathMappings" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates/${ClientCertificateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ClientCertificate" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ClientCertificates" }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts/${DocumentationPartId}", @@ -4886,18 +5488,6 @@ ], "resource": "GatewayResponses" }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Integration" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration/responses/${StatusCode}", - "condition_keys": [], - "resource": "IntegrationResponse" - }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}", "condition_keys": [ @@ -4914,20 +5504,6 @@ "condition_keys": [], "resource": "MethodResponse" }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models/${ModelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Model" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Models" - }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/${RequestValidatorId}", "condition_keys": [], @@ -4992,26 +5568,6 @@ "condition_keys": [], "resource": "Sdk" }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "apigateway:Request/AccessLoggingDestination", - "apigateway:Resource/AccessLoggingFormat", - "apigateway:Resource/AccessLoggingDestination", - "apigateway:Request/AccessLoggingFormat" - ], - "resource": "Stage" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages", - "condition_keys": [ - "apigateway:Request/AccessLoggingFormat", - "apigateway:Request/AccessLoggingDestination", - "aws:ResourceTag/${TagKey}" - ], - "resource": "Stages" - }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/models/${ModelName}/template", "condition_keys": [], @@ -5054,132 +5610,6 @@ "aws:ResourceTag/${TagKey}" ], "resource": "VpcLinks" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings", - "condition_keys": [], - "resource": "AccessLogSettings" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}", - "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", - "apigateway:Request/RouteAuthorizationType", - "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/ApiName", - "apigateway:Resource/AuthorizerType", - "apigateway:Resource/AuthorizerUri", - "apigateway:Resource/DisableExecuteApiEndpoint", - "apigateway:Resource/EndpointType", - "apigateway:Resource/RouteAuthorizationType", - "aws:ResourceTag/${TagKey}" - ], - "resource": "Api" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis", - "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", - "apigateway:Request/RouteAuthorizationType", - "aws:ResourceTag/${TagKey}" - ], - "resource": "Apis" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ApiMapping" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ApiMappings" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers", - "condition_keys": [], - "resource": "AuthorizersCache" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors", - "condition_keys": [], - "resource": "Cors" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}", - "condition_keys": [], - "resource": "ExportedAPI" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Integrations" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses", - "condition_keys": [], - "resource": "IntegrationResponses" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template", - "condition_keys": [], - "resource": "ModelTemplate" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}", - "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/RouteAuthorizationType", - "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/RouteAuthorizationType", - "aws:ResourceTag/${TagKey}" - ], - "resource": "Route" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes", - "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/RouteAuthorizationType", - "aws:ResourceTag/${TagKey}" - ], - "resource": "Routes" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}", - "condition_keys": [], - "resource": "RouteResponse" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses", - "condition_keys": [], - "resource": "RouteResponses" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}", - "condition_keys": [], - "resource": "RouteRequestParameter" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}", - "condition_keys": [], - "resource": "RouteSettings" } ], "service_name": "Amazon API Gateway Management" @@ -5204,6 +5634,38 @@ ], "prefix": "app-integrations", "privileges": [ + { + "access_level": "Write", + "description": "Grants permissions to create a new DataIntegration", + "privilege": "CreateDataIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to create a DataIntegrationAssociation", + "privilege": "CreateDataIntegrationAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "Write", "description": "Grants permissions to create a new EventIntegration", @@ -5235,7 +5697,38 @@ "events:PutRule", "events:PutTargets" ], - "resource_type": "event-integration-association*" + "resource_type": "event-integration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to delete a DataIntegration", + "privilege": "DeleteDataIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to delete a DataIntegrationAssociation", + "privilege": "DeleteDataIntegrationAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-association*" } ] }, @@ -5274,6 +5767,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permissions to view details about DataIntegrations", + "privilege": "GetDataIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permissions to view details about EventIntegrations", @@ -5293,6 +5805,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permissions to list DataIntegrationAssociations", + "privilege": "ListDataIntegrationAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permissions to list DataIntegrations", + "privilege": "ListDataIntegrations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permissions to list EventIntegrationAssociations", @@ -5322,6 +5858,16 @@ "description": "Grants permission to lists tag for an Amazon AppIntegration resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -5346,6 +5892,16 @@ "description": "Grants permission to tag an Amazon AppIntegration resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -5372,6 +5928,16 @@ "description": "Grants permissions to untag an Amazon AppIntegration resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -5392,6 +5958,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permissions to modify a DataIntegration", + "privilege": "UpdateDataIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permissions to modify an EventIntegration", @@ -5426,6 +6011,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "event-integration-association" + }, + { + "arn": "arn:${Partition}:app-integrations:${Region}:${Account}:data-integration/${DataIntegrationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-integration" + }, + { + "arn": "arn:${Partition}:app-integrations:${Region}:${Account}:data-integration-association/${DataIntegrationId}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-integration-association" } ], "service_name": "Amazon AppIntegrations" @@ -5929,6 +6528,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "StartConfigurationSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to initiate a deployment", @@ -8821,22 +9432,46 @@ }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], "prefix": "appstream", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate the specified application with the fleet", + "privilege": "AssociateApplicationFleet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate the specified fleet with the specified stack", @@ -8918,6 +9553,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an app block. App blocks store details about the virtual hard disk that contains the files for the application in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. App blocks are only supported for Elastic fleets", + "privilege": "CreateAppBlock", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application within customer account. Applications store the details about how to launch applications on streaming instances. This is only supported for Elastic fleets", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains", @@ -8943,7 +9618,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "image" }, { "condition_keys": [ @@ -9044,13 +9719,21 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update an existing image within customer account", "privilege": "CreateUpdatedImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -9079,6 +9762,44 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified app block", + "privilege": "DeleteAppBlock", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified application", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the specified Directory Config object from AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains", @@ -9210,6 +9931,47 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list that describes one or more specified app blocks, if the app block arns are provided. Otherwise, all app blocks in the account are described", + "privilege": "DescribeAppBlocks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the associations that are associated with the specified application or fleet", + "privilege": "DescribeApplicationFleetAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list that describes one or more specified applications, if the application arns are provided. Otherwise, all applications in the account are described", + "privilege": "DescribeApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list that describes one or more specified Directory Config objects for AppStream 2.0, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains", @@ -9347,6 +10109,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the specified application from the specified fleet", + "privilege": "DisassociateApplicationFleet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate the specified fleet from the specified stack", @@ -9528,9 +10314,19 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, and stacks", + "description": "Grants permission to add or overwrite one or more tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, stacks, app blocks and applications", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], @@ -9567,6 +10363,16 @@ "description": "Grants permission to disassociate one or more tags from the specified AppStream 2.0 resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], @@ -9596,6 +10402,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the specified fields for the specified application", + "privilege": "UpdateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-block" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the specified Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains", @@ -9699,6 +10529,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "stack" + }, + { + "arn": "arn:${Partition}:appstream:${Region}:${Account}:app-block/${AppBlockName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app-block" + }, + { + "arn": "arn:${Partition}:appstream:${Region}:${Account}:application/${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" } ], "service_name": "Amazon AppStream 2.0" @@ -10347,6 +11191,64 @@ ], "prefix": "aps", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create alerts", + "privilege": "CreateAlertManagerAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an alert manager definition", + "privilege": "CreateAlertManagerDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a rule groups namespace", + "privilege": "CreateRuleGroupsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroupsnamespace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a workspace", @@ -10362,6 +11264,63 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an alert manager definition", + "privilege": "DeleteAlertManagerDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a silence", + "privilege": "DeleteAlertManagerSilence", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a rule groups namespace", + "privilege": "DeleteRuleGroupsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroupsnamespace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a workspace", @@ -10381,6 +11340,44 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an alert manager definition", + "privilege": "DescribeAlertManagerDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a rule groups namespace", + "privilege": "DescribeRuleGroupsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroupsnamespace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a workspace", @@ -10400,6 +11397,44 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a silence", + "privilege": "GetAlertManagerSilence", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get current status of an alertmanager", + "privilege": "GetAlertManagerStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve AMP workspace labels", @@ -10457,6 +11492,139 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list groups", + "privilege": "ListAlertManagerAlertGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list alerts", + "privilege": "ListAlertManagerAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list receivers", + "privilege": "ListAlertManagerReceivers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list silences", + "privilege": "ListAlertManagerSilences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list active alerts", + "privilege": "ListAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list rule groups namespaces", + "privilege": "ListRuleGroupsNamespaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list alerting and recording rules", + "privilege": "ListRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags on an AMP resource", @@ -10465,7 +11633,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "rulegroupsnamespace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" }, { "condition_keys": [ @@ -10489,6 +11662,63 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an alert manager definition", + "privilege": "PutAlertManagerDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update a silence", + "privilege": "PutAlertManagerSilences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a rule groups namespace", + "privilege": "PutRuleGroupsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroupsnamespace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to run a query on AMP workspace metrics", @@ -10535,7 +11765,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "rulegroupsnamespace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" }, { "condition_keys": [ @@ -10555,7 +11790,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "rulegroupsnamespace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" }, { "condition_keys": [ @@ -10589,13 +11829,22 @@ ], "resources": [ { - "arn": "arn:${Partition}:aps:${Region}:${Account}:workspace/${ResourceId}", + "arn": "arn:${Partition}:aps:${Region}:${Account}:workspace/${WorkspaceId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "resource": "workspace" + }, + { + "arn": "arn:${Partition}:aps:${Region}:${Account}:rulegroupsnamespace/${WorkspaceId}/${Namespace}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "rulegroupsnamespace" } ], "service_name": "Amazon Managed Service for Prometheus" @@ -11206,17 +12455,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -11388,6 +12637,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a share request for a custom framework in AWS Audit Manager", + "privilege": "DeleteAssessmentFrameworkShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an assessment report in AWS Audit Manager", @@ -11600,6 +12861,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get analytics data for all active assessments", + "privilege": "GetInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get analytics data for a specific active assessment", + "privilege": "GetInsightsByAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the delegated administrator account in AWS Audit Manager", @@ -11636,6 +12921,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list analytics data for controls in a specific control domain and active assessment", + "privilege": "ListAssessmentControlInsightsByControlDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all sent or received share requests for custom frameworks in AWS Audit Manager", + "privilege": "ListAssessmentFrameworkShareRequests", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all assessment frameworks in AWS Audit Manager", @@ -11672,6 +12981,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list analytics data for control domains across all active assessments", + "privilege": "ListControlDomainInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list analytics data for control domains in a specific active assessment", + "privilege": "ListControlDomainInsightsByAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list analytics data for controls in a specific control domain across all active assessments", + "privilege": "ListControlInsightsByControlDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all controls in AWS Audit Manager", @@ -11709,7 +13054,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for an AWS Audit Manager resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -11749,6 +13094,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a share request for a custom framework in AWS Audit Manager", + "privilege": "StartAssessmentFrameworkShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assessmentFramework*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag an AWS Audit Manager resource", @@ -11846,6 +13203,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a share request for a custom framework in AWS Audit Manager", + "privilege": "UpdateAssessmentFrameworkShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the status of an assessment in AWS Audit Manager", @@ -11897,22 +13266,22 @@ ], "resources": [ { - "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${assessmentId}", + "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${AssessmentId}", "condition_keys": [], "resource": "assessment" }, { - "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${assessmentFrameworkId}", + "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessmentFramework/${AssessmentFrameworkId}", "condition_keys": [], "resource": "assessmentFramework" }, { - "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${assessmentId}/controlSet/{controlSetId}", + "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${AssessmentId}/ControlSet/${ControlSetId}", "condition_keys": [], "resource": "assessmentControlSet" }, { - "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:control/${controlId}", + "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:control/${ControlId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -13116,10 +14485,34 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to users to approve an incoming subscription request (for providers who provide products that require subscription verification)", + "privilege": "AcceptAgreementApprovalRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to users to cancel pending subscription requests for products that require subscription verification", + "privilege": "CancelAgreementRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Describes Image Builds identified by a build Id", - "privilege": "DescribeBuilds", + "description": "Grants permission to users to describe the metadata about the agreement", + "privilege": "DescribeAgreement", "resource_types": [ { "condition_keys": [], @@ -13130,8 +14523,56 @@ }, { "access_level": "Read", - "description": "Lists Image Builds.", - "privilege": "ListBuilds", + "description": "Grants permission to users to view the details of their incoming subscription requests (for providers who provide products that require subscription verification)", + "privilege": "GetAgreementApprovalRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to users to view the details of their subscription requests for data products that require subscription verification", + "privilege": "GetAgreementRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to users to get a list of terms for an agreement", + "privilege": "GetAgreementTerms", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to users to list their incoming subscription requests (for providers who provide products that require subscription verification)", + "privilege": "ListAgreementApprovalRequests", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to users to list their subscription requests for products that require subscription verification", + "privilege": "ListAgreementRequests", "resource_types": [ { "condition_keys": [], @@ -13142,8 +14583,238 @@ }, { "access_level": "Write", - "description": "Starts an Image Build", - "privilege": "StartBuild", + "description": "Grants permission to users to decline an incoming subscription requests (for providers who provide products that require subscription verification)", + "privilege": "RejectAgreementApprovalRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to users to search their agreements", + "privilege": "SearchAgreements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription", + "privilege": "Subscribe", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription", + "privilege": "Unsubscribe", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to users to make changes to an incoming subscription request, including the ability to delete the prospective subscriber's information (for providers who provide products that require subscription verification)", + "privilege": "UpdateAgreementApprovalRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to users to see their account's subscriptions", + "privilege": "ViewSubscriptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Cancels a running change set.", + "privilege": "CancelChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Complete an existing task and submit the content to the associated change.", + "privilege": "CompleteTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns the details of an existing change set.", + "privilege": "DescribeChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns the details of an existing entity.", + "privilege": "DescribeEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns the details of an existing task.", + "privilege": "DescribeTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Lists existing change sets.", + "privilege": "ListChangeSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Lists existing entities.", + "privilege": "ListEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists existing tasks.", + "privilege": "ListTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Requests a new change set.", + "privilege": "StartChangeSet", + "resource_types": [ + { + "condition_keys": [ + "catalog:ChangeType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Update the content of an existing task.", + "privilege": "UpdateTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to post metering records for a set of customers for SaaS applications", + "privilege": "BatchMeterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to emit metering records", + "privilege": "MeterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", + "privilege": "RegisterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resolve a registration token to obtain a CustomerIdentifier and product code", + "privilege": "ResolveCustomer", "resource_types": [ { "condition_keys": [], @@ -13178,80 +14849,8 @@ }, { "access_level": "Read", - "description": "Retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", - "privilege": "GetEntitlements", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Cancels a running change set.", - "privilege": "CancelChangeSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Complete an existing task and submit the content to the associated change.", - "privilege": "CompleteTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns the details of an existing change set.", - "privilege": "DescribeChangeSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns the details of an existing entity.", - "privilege": "DescribeEntity", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns the details of an existing task.", - "privilege": "DescribeTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Lists existing change sets.", - "privilege": "ListChangeSets", + "description": "Describes Image Builds identified by a build Id", + "privilege": "DescribeBuilds", "resource_types": [ { "condition_keys": [], @@ -13262,58 +14861,8 @@ }, { "access_level": "Read", - "description": "Lists existing entities.", - "privilege": "ListEntities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Lists existing tasks.", - "privilege": "ListTasks", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Requests a new change set.", - "privilege": "StartChangeSet", - "resource_types": [ - { - "condition_keys": [ - "catalog:ChangeType" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Update the content of an existing task.", - "privilege": "UpdateTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows users to approve an incoming subscription request (for providers who provide products that require subscription verification).", - "privilege": "AcceptAgreementApprovalRequest", + "description": "Lists Image Builds.", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], @@ -13324,32 +14873,8 @@ }, { "access_level": "Write", - "description": "Allows users to cancel pending subscription requests for products that require subscription verification.", - "privilege": "CancelAgreementRequest", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns metadata about the agreement.", - "privilege": "DescribeAgreement", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Allows users to view the details of their incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "GetAgreementApprovalRequest", + "description": "Starts an Image Build", + "privilege": "StartBuild", "resource_types": [ { "condition_keys": [], @@ -13360,164 +14885,8 @@ }, { "access_level": "Read", - "description": "Allows users to view the details of their subscription requests for data products that require subscription verification.", - "privilege": "GetAgreementRequest", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Returns a list of terms for an agreement.", - "privilege": "GetAgreementTerms", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Allows users to list their incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "ListAgreementApprovalRequests", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Allows users to list their subscription requests for products that require subscription verification.", - "privilege": "ListAgreementRequests", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows users to decline an incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "RejectAgreementApprovalRequest", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Allows users to search their agreements.", - "privilege": "SearchAgreements", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription.", - "privilege": "Subscribe", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription.", - "privilege": "Unsubscribe", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows users to make changes to an incoming subscription request, including the ability to delete the prospective subscriber's information (for providers who provide products that require subscription verification).", - "privilege": "UpdateAgreementApprovalRequest", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Allows users to see their account's subscriptions.", - "privilege": "ViewSubscriptions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to post metering records for a set of customers for SaaS applications", - "privilege": "BatchMeterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to emit metering records", - "privilege": "MeterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", - "privilege": "RegisterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to resolve a registration token to obtain a CustomerIdentifier and product code", - "privilege": "ResolveCustomer", + "description": "Retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", + "privilege": "GetEntitlements", "resource_types": [ { "condition_keys": [], @@ -13765,12 +15134,17 @@ { "condition": "backup:CopyTargetOrgPaths", "description": "Filters access by the organization unit", - "type": "String" + "type": "ArrayOfString" }, { "condition": "backup:CopyTargets", "description": "Filters access by the ARN of an backup vault", - "type": "String" + "type": "ArrayOfARN" + }, + { + "condition": "backup:FrameworkArns", + "description": "Filters access by the Framework ARNs", + "type": "ArrayOfARN" } ], "prefix": "backup", @@ -13891,7 +15265,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "backup:FrameworkArns" ], "dependent_actions": [], "resource_type": "" @@ -13948,7 +15323,19 @@ }, { "access_level": "Write", - "description": "Grants permission to remove notifications from backup vault", + "description": "Grants permission to remove the lock configuration from a backup vault", + "privilege": "DeleteBackupVaultLockConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the notifications from a backup vault", "privilege": "DeleteBackupVaultNotifications", "resource_types": [ { @@ -14458,6 +15845,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add a lock configuration to the backup vault", + "privilege": "PutBackupVaultLockConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add an SNS topic to the backup vault", @@ -14684,6 +16083,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "reportPlan*" + }, + { + "condition_keys": [ + "backup:FrameworkArns" + ], + "dependent_actions": [], + "resource_type": "" } ] } @@ -14727,6 +16133,346 @@ ], "service_name": "AWS Backup" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "String" + } + ], + "prefix": "backup-gateway", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to AssociateGatewayToServer", + "privilege": "AssociateGatewayToServer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Backup", + "privilege": "Backup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualmachine*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to to CreateGateway", + "privilege": "CreateGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to DeleteGateway", + "privilege": "DeleteGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to DeleteHypervisor", + "privilege": "DeleteHypervisor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to DisassociateGatewayFromServer", + "privilege": "DisassociateGatewayFromServer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to ImportHypervisorConfiguration", + "privilege": "ImportHypervisorConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to ListGateways", + "privilege": "ListGateways", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to ListHypervisors", + "privilege": "ListHypervisors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to ListTagsForResource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualmachine" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to ListVirtualMachines", + "privilege": "ListVirtualMachines", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to PutMaintenanceStartTime", + "privilege": "PutMaintenanceStartTime", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Restore", + "privilege": "Restore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to TagResource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualmachine" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to TestHypervisorConfiguration", + "privilege": "TestHypervisorConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to UntagResource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hypervisor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualmachine" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to UpdateGatewayInformation", + "privilege": "UpdateGatewayInformation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to UpdateHypervisor", + "privilege": "UpdateHypervisor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:backup-gateway::${Account}:gateway/${GatewayId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gateway" + }, + { + "arn": "arn:${Partition}:backup-gateway::${Account}:hypervisor/${HypervisorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hypervisor" + }, + { + "arn": "arn:${Partition}:backup-gateway::${Account}:vm/${VirtualmachineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "virtualmachine" + } + ], + "service_name": "AWS Backup Gateway" + }, { "conditions": [], "prefix": "backup-storage", @@ -14751,57 +16497,62 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" }, { "condition": "batch:AWSLogsCreateGroup", - "description": "Filters access based on the specified logging driver to determine whether awslogs group will be created for the logs", - "type": "Boolean" + "description": "Filters access by the specified logging driver to determine whether awslogs group will be created for the logs", + "type": "Bool" }, { "condition": "batch:AWSLogsGroup", - "description": "Filters access based on the awslogs group where the logs are located", + "description": "Filters access by the awslogs group where the logs are located", "type": "String" }, { "condition": "batch:AWSLogsRegion", - "description": "Filters access based on the region where the logs are sent to", + "description": "Filters access by the region where the logs are sent to", "type": "String" }, { "condition": "batch:AWSLogsStreamPrefix", - "description": "Filters access based on the awslogs log stream prefix", + "description": "Filters access by the awslogs log stream prefix", "type": "String" }, { "condition": "batch:Image", - "description": "Filters access based on the image used to start a container", + "description": "Filters access by on the image used to start a container", "type": "String" }, { "condition": "batch:LogDriver", - "description": "Filters access based on the log driver used for the container", + "description": "Filters access by the log driver used for the container", "type": "String" }, { "condition": "batch:Privileged", - "description": "Filter access based on the specified privileged parameter value that determines whether the container is given elevated privileges on the host container instance (similar to the root user)", - "type": "Boolean" + "description": "Filters access by the specified privileged parameter value that determines whether the container is given elevated privileges on the host container instance (similar to the root user)", + "type": "Bool" + }, + { + "condition": "batch:ShareIdentifier", + "description": "Filters access by the shareIdentifier used inside submit job", + "type": "String" }, { "condition": "batch:User", - "description": "Filters access based on the user name or numeric uid used inside the container", + "description": "Filters access by user name or numeric uid used inside the container", "type": "String" } ], @@ -14854,6 +16605,31 @@ "dependent_actions": [], "resource_type": "job-queue*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Batch scheduling policy in your account", + "privilege": "CreateSchedulingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -14888,6 +16664,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Batch scheduling policy in your account", + "privilege": "DeleteSchedulingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deregister an AWS Batch job definition in your account", @@ -14948,6 +16736,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more AWS Batch scheduling policies in your account", + "privilege": "DescribeSchedulingPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list jobs for a specified AWS Batch job queue in your account", @@ -14960,6 +16760,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list AWS Batch scheduling policies in your account", + "privilege": "ListSchedulingPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags for an AWS Batch resource in your account", @@ -14984,6 +16796,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "job-queue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy" } ] }, @@ -15033,7 +16850,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "batch:ShareIdentifier" ], "dependent_actions": [], "resource_type": "" @@ -15065,6 +16883,11 @@ "dependent_actions": [], "resource_type": "job-queue" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -15112,6 +16935,11 @@ "dependent_actions": [], "resource_type": "job-queue" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy" + }, { "condition_keys": [ "aws:TagKeys" @@ -15147,6 +16975,23 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "compute-environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS Batch scheduling policy in your account", + "privilege": "UpdateSchedulingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduling-policy*" } ] } @@ -15174,11 +17019,18 @@ "resource": "job-definition" }, { - "arn": "arn:${Partition}:batch:${Region}:${Account}:job/${jobId}", + "arn": "arn:${Partition}:batch:${Region}:${Account}:job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "job" + }, + { + "arn": "arn:${Partition}:batch:${Region}:${Account}:scheduling-policy/${SchedulingPolicyName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "scheduling-policy" } ], "service_name": "AWS Batch" @@ -15187,17 +17039,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], @@ -15205,26 +17057,48 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a quantum task.", - "privilege": "CancelQuantumTask", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task*" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a quantum task.", - "privilege": "CreateQuantumTask", + "description": "Grants permission to cancel a quantum task", + "privilege": "CancelQuantumTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "quantum-task*" - }, + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a job", + "privilege": "CreateJob", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a quantum task", + "privilege": "CreateQuantumTask", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -15237,7 +17111,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the devices available in Amazon Braket.", + "description": "Grants permission to retrieve information about the devices available in Amazon Braket", "privilege": "GetDevice", "resource_types": [ { @@ -15249,7 +17123,19 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve quantum tasks.", + "description": "Grants permission to retrieve jobs", + "privilege": "GetJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve quantum tasks", "privilege": "GetQuantumTask", "resource_types": [ { @@ -15261,9 +17147,14 @@ }, { "access_level": "Read", - "description": "Lists the tags that have been applied to the quantum task resource.", + "description": "Grants permission to listing the tags that have been applied to the quantum task resource or the job", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], @@ -15273,7 +17164,7 @@ }, { "access_level": "Read", - "description": "Grants permission to search for devices available in Amazon Braket.", + "description": "Grants permission to search for devices available in Amazon Braket", "privilege": "SearchDevices", "resource_types": [ { @@ -15285,7 +17176,19 @@ }, { "access_level": "Read", - "description": "Grants permission to search for quantum tasks.", + "description": "Grants permission to search for jobs", + "privilege": "SearchJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search for quantum tasks", "privilege": "SearchQuantumTasks", "resource_types": [ { @@ -15297,7 +17200,7 @@ }, { "access_level": "Tagging", - "description": "Adds one or more tags to a quantum task.", + "description": "Grants permission to add one or more tags to a quantum task", "privilege": "TagResource", "resource_types": [ { @@ -15317,9 +17220,14 @@ }, { "access_level": "Tagging", - "description": "Remove one or more tags from a quantum task resource. A tag consists of a key-value pair", + "description": "Grants permission to remove one or more tags from a quantum task resource or a job. A tag consists of a key-value pair", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], @@ -15342,6 +17250,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "quantum-task" + }, + { + "arn": "arn:${Partition}:braket:${Region}:${Account}:job/${JobName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "job" } ], "service_name": "Amazon Braket" @@ -16747,17 +18662,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the tag keys in a request", "type": "String" } ], @@ -16811,6 +18726,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a flow with a channel", + "privilege": "AssociateChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate a phone number with an Amazon Chime user", @@ -16972,6 +18909,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to callback for a message on a channel", + "privilege": "ChannelFlowCallback", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to establish a web socket connection for app instance user to the messaging session endpoint", @@ -17157,6 +19106,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a channel flow for an app instance under the AWS account", + "privilege": "CreateChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add a user to a channel", @@ -17514,6 +19483,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a channel flow", + "privilege": "DeleteChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove a member from a channel", @@ -17805,6 +19786,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to deregister an endpoint for an app instance user", + "privilege": "DeregisterAppInstanceUserEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the full details of an AppInstance", @@ -17846,6 +19839,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an endpoint registered for an app instance user", + "privilege": "DescribeAppInstanceUserEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the full details of a channel", @@ -17880,6 +19885,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of a channel flow", + "privilege": "DescribeChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the full details of a channel membership", @@ -17948,6 +19965,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a flow from a channel", + "privilege": "DisassociateChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user", @@ -18122,6 +20161,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the preferences for a channel membership", + "privilege": "GetChannelMembershipPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the full details of a channel message", @@ -18139,6 +20195,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the status of a channel message", + "privilege": "GetChannelMessageStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get domain details for a domain associated with your Amazon Chime account", @@ -18588,6 +20661,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the endpoints registered for an app instance user", + "privilege": "ListAppInstanceUserEndpoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all AppInstanceUsers created under a single app instance", @@ -18692,6 +20777,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", + "privilege": "ListChannelFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all channel memberships in a channel", @@ -18722,7 +20819,7 @@ ] }, { - "access_level": "Write", + "access_level": "Read", "description": "Grants permission to list all the messages in a channel", "privilege": "ListChannelMessages", "resource_types": [ @@ -18772,6 +20869,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", + "privilege": "ListChannelsAssociatedWithChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all channels moderated by an app instance user", @@ -18989,7 +21098,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list the tags applied to an Amazon Chime resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -19084,6 +21193,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put the preferences for a channel membership", + "privilege": "PutChannelMembershipPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update details for an events configuration for a bot to receive outgoing events", @@ -19264,6 +21390,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register an endpoint for an app instance user", + "privilege": "RegisterAppInstanceUserEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify the account name for your Amazon Chime Enterprise or Team account", @@ -19325,7 +21463,7 @@ ] }, { - "access_level": "Write", + "access_level": "Read", "description": "Grants permission to download the file containing links to all user attachments returned as part of the \"Request attachments\" action", "privilege": "RetrieveDataExports", "resource_types": [ @@ -19599,6 +21737,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an endpoint registered for an app instance user", + "privilege": "UpdateAppInstanceUserEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the status of the specified bot", @@ -19644,6 +21794,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a channel flow", + "privilege": "UpdateChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the content of a message", @@ -19899,6 +22061,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "channel" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel-flow/${ChannelFlowId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel-flow" } ], "service_name": "Amazon Chime" @@ -19907,17 +22076,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" }, { @@ -19935,6 +22104,11 @@ "description": "Filters access by the instance type of the AWS Cloud9 environment's Amazon EC2 instance", "type": "String" }, + { + "condition": "cloud9:OwnerArn", + "description": "Filters access by the owner ARN specified", + "type": "ARN" + }, { "condition": "cloud9:Permissions", "description": "Filters access by the type of AWS Cloud9 permissions", @@ -19976,6 +22150,7 @@ "cloud9:InstanceType", "cloud9:SubnetId", "cloud9:UserArn", + "cloud9:OwnerArn", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -20017,6 +22192,7 @@ { "condition_keys": [ "cloud9:EnvironmentName", + "cloud9:OwnerArn", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -20173,7 +22349,9 @@ "privilege": "GetUserPublicKey", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloud9:UserArn" + ], "dependent_actions": [], "resource_type": "" } @@ -21289,58 +23467,12 @@ "service_name": "Amazon Cloud Directory" }, { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" - }, - { - "condition": "cloudformation:ChangeSetName", - "description": "Filters actions based on an AWS CloudFormation change set name. Use to control which change sets IAM users can execute or delete", - "type": "String" - }, - { - "condition": "cloudformation:ImportResourceTypes", - "description": "Filters actions based on the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they want to import a resource into a stack", - "type": "String" - }, - { - "condition": "cloudformation:ResourceTypes", - "description": "Filters actions based on the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they create or update a stack", - "type": "String" - }, - { - "condition": "cloudformation:RoleArn", - "description": "Filters actions based on the ARN of an IAM service role. Use to control which service role IAM users can use to work with stacks or change sets", - "type": "ARN" - }, - { - "condition": "cloudformation:StackPolicyUrl", - "description": "Filters actions based on an Amazon S3 stack policy URL. Use to control which stack policies IAM users can associate with a stack during a create or update stack action", - "type": "String" - }, - { - "condition": "cloudformation:TemplateUrl", - "description": "Filters actions based on an Amazon S3 template URL. Use to control which templates IAM users can use when they create or update stacks", - "type": "String" - } - ], + "conditions": [], "prefix": "cloudformation", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to activate a public third-party extension, making it available for use in stack templates", "privilege": "ActivateType", "resource_types": [ { @@ -21351,9 +23483,21 @@ ] }, { - "access_level": "Unknown", - "description": "", - "privilege": "BatchDescribeTypeConfiguration", + "access_level": "Read", + "description": "Grants permission to return configuration data for the specified CloudFormation extensions", + "privilege": "BatchDescribeTypeConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel resource requests in your account", + "privilege": "CancelResourceRequest", "resource_types": [ { "condition_keys": [], @@ -21419,6 +23563,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create resources in your account", + "privilege": "CreateResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a stack as specified in the template", @@ -21462,6 +23618,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:TargetRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -21495,8 +23658,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to deactivate a public extension that was previously activated in this account and region", "privilege": "DeactivateType", "resource_types": [ { @@ -21525,6 +23688,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete resources in your account", + "privilege": "DeleteResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a specified stack", @@ -21563,6 +23738,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:TargetRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -21622,8 +23804,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to return information about a CloudFormation extension publisher", "privilege": "DescribePublisher", "resource_types": [ { @@ -21832,6 +24014,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get resources in your account", + "privilege": "GetResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get resource requests in your account", + "privilege": "GetResourceRequestStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return the stack policy for a specified stack", @@ -21921,6 +24127,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list resource requests in your account", + "privilege": "ListResourceRequests", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list resources in your account", + "privilege": "ListResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to return summary information about stack instances that are associated with the specified stack set", @@ -22030,8 +24260,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to publish the specified extension to the CloudFormation registry as a public extension in this region", "privilege": "PublishType", "resource_types": [ { @@ -22054,8 +24284,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to register account as a publisher of public extensions in the CloudFormation registry", "privilege": "RegisterPublisher", "resource_types": [ { @@ -22077,6 +24307,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RollbackStack", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to set a stack policy for a specified stack", @@ -22097,8 +24339,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to set the configuration data for a registered CloudFormation extension, in the given account and region", "privilege": "SetTypeConfiguration", "resource_types": [ { @@ -22162,8 +24404,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to test a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry", "privilege": "TestType", "resource_types": [ { @@ -22190,6 +24432,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update resources in your account", + "privilege": "UpdateResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a stack as specified in the template", @@ -22233,6 +24487,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:TargetRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -22260,6 +24521,7 @@ "condition_keys": [ "cloudformation:RoleArn", "cloudformation:TemplateUrl", + "cloudformation:TargetRegion", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -22324,7 +24586,7 @@ "resource": "type" } ], - "service_name": "AWS CloudFormation" + "service_name": "AWS Cloud Control API" }, { "conditions": [ @@ -22686,6 +24948,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteResponseHeadersPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an RTMP distribution", @@ -22950,6 +25224,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetResponseHeadersPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetResponseHeadersPolicyConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the information about an RTMP distribution", @@ -23046,6 +25344,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the distributions associated a Lambda function", + "privilege": "ListDistributionsByLambdaFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", @@ -23070,6 +25380,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListDistributionsByResponseHeadersPolicyId", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL", @@ -23178,6 +25500,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListResponseHeadersPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list your RTMP distributions", @@ -24719,12 +27053,17 @@ { "condition": "cloudwatch:AlarmActions", "description": "Filters actions based on defined alarm actions", - "type": "String" + "type": "ArrayOfString" }, { "condition": "cloudwatch:namespace", "description": "Filters actions based on the presence of optional namespace values", "type": "String" + }, + { + "condition": "cloudwatch:requestInsightRuleLogGroups", + "description": "Filters actions based on the Log Groups specified in an Insight Rule.", + "type": "ArrayOfString" } ], "prefix": "cloudwatch", @@ -25080,7 +27419,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "cloudwatch:requestInsightRuleLogGroups" ], "dependent_actions": [], "resource_type": "" @@ -25807,13 +28147,23 @@ "condition": "aws:TagKeys", "description": "Filters actions based on the presence of tag keys in the request", "type": "String" + }, + { + "condition": "codebuild:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "codebuild:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "String" } ], "prefix": "codebuild", "privileges": [ { "access_level": "Write", - "description": "Deletes one or more builds.", + "description": "Deletes one or more builds", "privilege": "BatchDeleteBuilds", "resource_types": [ { @@ -25825,7 +28175,7 @@ }, { "access_level": "Read", - "description": "Gets information about one or more build batches.", + "description": "Gets information about one or more build batches", "privilege": "BatchGetBuildBatches", "resource_types": [ { @@ -25837,7 +28187,7 @@ }, { "access_level": "Read", - "description": "Gets information about one or more builds.", + "description": "Gets information about one or more builds", "privilege": "BatchGetBuilds", "resource_types": [ { @@ -25849,7 +28199,7 @@ }, { "access_level": "Read", - "description": "Gets information about one or more build projects.", + "description": "Gets information about one or more build projects", "privilege": "BatchGetProjects", "resource_types": [ { @@ -25861,7 +28211,7 @@ }, { "access_level": "Read", - "description": "Returns an array of ReportGroup objects that are specified by the input reportGroupArns parameter.", + "description": "Returns an array of ReportGroup objects that are specified by the input reportGroupArns parameter", "privilege": "BatchGetReportGroups", "resource_types": [ { @@ -25873,7 +28223,7 @@ }, { "access_level": "Read", - "description": "Returns an array of the Report objects specified by the input reportArns parameter.", + "description": "Returns an array of the Report objects specified by the input reportArns parameter", "privilege": "BatchGetReports", "resource_types": [ { @@ -25885,7 +28235,7 @@ }, { "access_level": "Write", - "description": "Adds or updates information about a report.", + "description": "Adds or updates information about a report", "privilege": "BatchPutCodeCoverages", "resource_types": [ { @@ -25897,7 +28247,7 @@ }, { "access_level": "Write", - "description": "Adds or updates information about a report.", + "description": "Adds or updates information about a report", "privilege": "BatchPutTestCases", "resource_types": [ { @@ -25909,7 +28259,7 @@ }, { "access_level": "Write", - "description": "Creates a build project.", + "description": "Creates a build project", "privilege": "CreateProject", "resource_types": [ { @@ -25929,7 +28279,7 @@ }, { "access_level": "Write", - "description": "Creates a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project.", + "description": "Creates a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project", "privilege": "CreateReport", "resource_types": [ { @@ -25941,7 +28291,7 @@ }, { "access_level": "Write", - "description": "Creates a report group.", + "description": "Creates a report group", "privilege": "CreateReportGroup", "resource_types": [ { @@ -25961,7 +28311,7 @@ }, { "access_level": "Write", - "description": "For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository.", + "description": "For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository", "privilege": "CreateWebhook", "resource_types": [ { @@ -25973,7 +28323,7 @@ }, { "access_level": "Write", - "description": "Deletes a build batch.", + "description": "Deletes a build batch", "privilege": "DeleteBuildBatch", "resource_types": [ { @@ -25985,7 +28335,7 @@ }, { "access_level": "Write", - "description": "Deletes an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console.", + "description": "Deletes an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", "privilege": "DeleteOAuthToken", "resource_types": [ { @@ -25997,7 +28347,7 @@ }, { "access_level": "Write", - "description": "Deletes a build project.", + "description": "Deletes a build project", "privilege": "DeleteProject", "resource_types": [ { @@ -26009,7 +28359,7 @@ }, { "access_level": "Write", - "description": "Deletes a report.", + "description": "Deletes a report", "privilege": "DeleteReport", "resource_types": [ { @@ -26021,7 +28371,7 @@ }, { "access_level": "Write", - "description": "Deletes a report group.", + "description": "Deletes a report group", "privilege": "DeleteReportGroup", "resource_types": [ { @@ -26033,7 +28383,7 @@ }, { "access_level": "Permissions management", - "description": "Deletes a resource policy for the associated project or report group.", + "description": "Deletes a resource policy for the associated project or report group", "privilege": "DeleteResourcePolicy", "resource_types": [ { @@ -26050,7 +28400,7 @@ }, { "access_level": "Write", - "description": "Deletes a set of GitHub, GitHub Enterprise, or Bitbucket source credentials.", + "description": "Deletes a set of GitHub, GitHub Enterprise, or Bitbucket source credentials", "privilege": "DeleteSourceCredentials", "resource_types": [ { @@ -26062,7 +28412,7 @@ }, { "access_level": "Write", - "description": "For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository.", + "description": "For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository", "privilege": "DeleteWebhook", "resource_types": [ { @@ -26074,7 +28424,7 @@ }, { "access_level": "Read", - "description": "Returns an array of CodeCoverage objects.", + "description": "Returns an array of CodeCoverage objects", "privilege": "DescribeCodeCoverages", "resource_types": [ { @@ -26086,7 +28436,7 @@ }, { "access_level": "Read", - "description": "Returns an array of TestCase objects.", + "description": "Returns an array of TestCase objects", "privilege": "DescribeTestCases", "resource_types": [ { @@ -26098,7 +28448,7 @@ }, { "access_level": "Read", - "description": "Analyzes and accumulates test report values for the test reports in the specified report group.", + "description": "Analyzes and accumulates test report values for the test reports in the specified report group", "privilege": "GetReportGroupTrend", "resource_types": [ { @@ -26110,7 +28460,7 @@ }, { "access_level": "Read", - "description": "Returns a resource policy for the specified project or report group.", + "description": "Returns a resource policy for the specified project or report group", "privilege": "GetResourcePolicy", "resource_types": [ { @@ -26127,7 +28477,7 @@ }, { "access_level": "Write", - "description": "Imports the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository.", + "description": "Imports the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository", "privilege": "ImportSourceCredentials", "resource_types": [ { @@ -26139,7 +28489,7 @@ }, { "access_level": "Write", - "description": "Resets the cache for a project.", + "description": "Resets the cache for a project", "privilege": "InvalidateProjectCache", "resource_types": [ { @@ -26151,7 +28501,7 @@ }, { "access_level": "List", - "description": "Gets a list of build batch IDs, with each build batch ID representing a single build batch.", + "description": "Gets a list of build batch IDs, with each build batch ID representing a single build batch", "privilege": "ListBuildBatches", "resource_types": [ { @@ -26163,7 +28513,7 @@ }, { "access_level": "List", - "description": "Gets a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch.", + "description": "Gets a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch", "privilege": "ListBuildBatchesForProject", "resource_types": [ { @@ -26175,7 +28525,7 @@ }, { "access_level": "List", - "description": "Gets a list of build IDs, with each build ID representing a single build.", + "description": "Gets a list of build IDs, with each build ID representing a single build", "privilege": "ListBuilds", "resource_types": [ { @@ -26187,7 +28537,7 @@ }, { "access_level": "List", - "description": "Gets a list of build IDs for the specified build project, with each build ID representing a single build.", + "description": "Gets a list of build IDs for the specified build project, with each build ID representing a single build", "privilege": "ListBuildsForProject", "resource_types": [ { @@ -26199,7 +28549,7 @@ }, { "access_level": "List", - "description": "Lists connected third-party OAuth providers. Only used in the AWS CodeBuild console.", + "description": "Lists connected third-party OAuth providers. Only used in the AWS CodeBuild console", "privilege": "ListConnectedOAuthAccounts", "resource_types": [ { @@ -26211,7 +28561,7 @@ }, { "access_level": "List", - "description": "Gets information about Docker images that are managed by AWS CodeBuild.", + "description": "Gets information about Docker images that are managed by AWS CodeBuild", "privilege": "ListCuratedEnvironmentImages", "resource_types": [ { @@ -26223,7 +28573,7 @@ }, { "access_level": "List", - "description": "Gets a list of build project names, with each build project name representing a single build project.", + "description": "Gets a list of build project names, with each build project name representing a single build project", "privilege": "ListProjects", "resource_types": [ { @@ -26235,7 +28585,7 @@ }, { "access_level": "List", - "description": "Returns a list of report group ARNs. Each report group ARN represents one report group.", + "description": "Returns a list of report group ARNs. Each report group ARN represents one report group", "privilege": "ListReportGroups", "resource_types": [ { @@ -26247,7 +28597,7 @@ }, { "access_level": "List", - "description": "Returns a list of report ARNs. Each report ARN representing one report.", + "description": "Returns a list of report ARNs. Each report ARN representing one report", "privilege": "ListReports", "resource_types": [ { @@ -26259,7 +28609,7 @@ }, { "access_level": "List", - "description": "Returns a list of report ARNs that belong to the specified report group. Each report ARN represents one report.", + "description": "Returns a list of report ARNs that belong to the specified report group. Each report ARN represents one report", "privilege": "ListReportsForReportGroup", "resource_types": [ { @@ -26271,7 +28621,7 @@ }, { "access_level": "List", - "description": "Lists source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console.", + "description": "Lists source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", "privilege": "ListRepositories", "resource_types": [ { @@ -26283,7 +28633,7 @@ }, { "access_level": "List", - "description": "Returns a list of project ARNs that have been shared with the requester. Each project ARN represents one project.", + "description": "Returns a list of project ARNs that have been shared with the requester. Each project ARN represents one project", "privilege": "ListSharedProjects", "resource_types": [ { @@ -26295,7 +28645,7 @@ }, { "access_level": "List", - "description": "Returns a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group.", + "description": "Returns a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group", "privilege": "ListSharedReportGroups", "resource_types": [ { @@ -26307,7 +28657,7 @@ }, { "access_level": "List", - "description": "Returns a list of SourceCredentialsInfo objects.", + "description": "Returns a list of SourceCredentialsInfo objects", "privilege": "ListSourceCredentials", "resource_types": [ { @@ -26319,7 +28669,7 @@ }, { "access_level": "Write", - "description": "Saves an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console.", + "description": "Saves an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", "privilege": "PersistOAuthToken", "resource_types": [ { @@ -26331,7 +28681,7 @@ }, { "access_level": "Permissions management", - "description": "Creates a resource policy for the associated project or report group.", + "description": "Creates a resource policy for the associated project or report group", "privilege": "PutResourcePolicy", "resource_types": [ { @@ -26348,7 +28698,7 @@ }, { "access_level": "Write", - "description": "Retries a build.", + "description": "Retries a build", "privilege": "RetryBuild", "resource_types": [ { @@ -26360,7 +28710,7 @@ }, { "access_level": "Write", - "description": "Retries a build batch.", + "description": "Retries a build batch", "privilege": "RetryBuildBatch", "resource_types": [ { @@ -26372,19 +28722,27 @@ }, { "access_level": "Write", - "description": "Starts running a build.", + "description": "Starts running a build", "privilege": "StartBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "project*" + }, + { + "condition_keys": [ + "codebuild:RequestTag/${TagKey}", + "codebuild:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Starts running a build batch.", + "description": "Starts running a build batch", "privilege": "StartBuildBatch", "resource_types": [ { @@ -26396,7 +28754,7 @@ }, { "access_level": "Write", - "description": "Attempts to stop running a build.", + "description": "Attempts to stop running a build", "privilege": "StopBuild", "resource_types": [ { @@ -26408,7 +28766,7 @@ }, { "access_level": "Write", - "description": "Attempts to stop running a build batch.", + "description": "Attempts to stop running a build batch", "privilege": "StopBuildBatch", "resource_types": [ { @@ -26420,7 +28778,7 @@ }, { "access_level": "Write", - "description": "Changes the settings of an existing build project.", + "description": "Changes the settings of an existing build project", "privilege": "UpdateProject", "resource_types": [ { @@ -26440,7 +28798,7 @@ }, { "access_level": "Write", - "description": "Changes the public visibility of a project and its builds.", + "description": "Changes the public visibility of a project and its builds", "privilege": "UpdateProjectVisibility", "resource_types": [ { @@ -26460,7 +28818,7 @@ }, { "access_level": "Write", - "description": "Updates information about a report.", + "description": "Updates information about a report", "privilege": "UpdateReport", "resource_types": [ { @@ -26472,7 +28830,7 @@ }, { "access_level": "Write", - "description": "Changes the settings of an existing report group.", + "description": "Changes the settings of an existing report group", "privilege": "UpdateReportGroup", "resource_types": [ { @@ -26492,7 +28850,7 @@ }, { "access_level": "Write", - "description": "Updates the webhook associated with an AWS CodeBuild build project.", + "description": "Updates the webhook associated with an AWS CodeBuild build project", "privilege": "UpdateWebhook", "resource_types": [ { @@ -33061,6 +35419,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a list of summaries of the document classifiers that you have created", + "privilege": "ListDocumentClassifierSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a list of the document classifiers that you have created", @@ -33109,6 +35479,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a list of summaries for the entity recognizers that you have created", + "privilege": "ListEntityRecognizerSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a list of the properties of all entity recognizers that you created, including recognizers currently in training", @@ -34060,9 +36442,32 @@ "service_name": "Amazon Comprehend Medical" }, { - "conditions": [], + "conditions": [ + { + "condition": "compute-optimizer:ResourceType", + "description": "Filters access by the resource type", + "type": "String" + } + ], "prefix": "compute-optimizer", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete recommendation preferences", + "privilege": "DeleteRecommendationPreferences", + "resource_types": [ + { + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "ec2:DescribeInstances" + ], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to view the status of recommendation export jobs", @@ -34077,7 +36482,7 @@ }, { "access_level": "Write", - "description": "Grants permission to export autoscaling group recommendations to S3 for the provided accounts", + "description": "Grants permission to export AutoScaling group recommendations to S3 for the provided accounts", "privilege": "ExportAutoScalingGroupRecommendations", "resource_types": [ { @@ -34138,7 +36543,7 @@ }, { "access_level": "List", - "description": "Grants permission to get recommendations for the provided autoscaling groups", + "description": "Grants permission to get recommendations for the provided AutoScaling groups", "privilege": "GetAutoScalingGroupRecommendations", "resource_types": [ { @@ -34152,7 +36557,7 @@ }, { "access_level": "List", - "description": "Grants permission to get recommendations for the provided ebs volumes", + "description": "Grants permission to get recommendations for the provided EBS volumes", "privilege": "GetEBSVolumeRecommendations", "resource_types": [ { @@ -34192,6 +36597,24 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get recommendation preferences that are in effect", + "privilege": "GetEffectiveRecommendationPreferences", + "resource_types": [ + { + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances" + ], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get the enrollment status for the specified account", @@ -34218,7 +36641,7 @@ }, { "access_level": "List", - "description": "Grants permission to get recommendations for the provided lambda functions", + "description": "Grants permission to get recommendations for the provided Lambda functions", "privilege": "GetLambdaFunctionRecommendations", "resource_types": [ { @@ -34231,6 +36654,20 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get recommendation preferences", + "privilege": "GetRecommendationPreferences", + "resource_types": [ + { + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get the recommendation summaries for the specified account(s)", @@ -34243,6 +36680,24 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put recommendation preferences", + "privilege": "PutRecommendationPreferences", + "resource_types": [ + { + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the enrollment status", @@ -34268,7 +36723,7 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", + "description": "Filters actions based on tag-value associated with the resource", "type": "String" }, { @@ -35451,17 +37906,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by using tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by using tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by using tag keys in the request", "type": "String" }, { @@ -35484,7 +37939,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permissions to associate approved origin for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate approved origin for an existing Amazon Connect instance", "privilege": "AssociateApprovedOrigin", "resource_types": [ { @@ -35503,7 +37958,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", "privilege": "AssociateBot", "resource_types": [ { @@ -35530,7 +37985,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate a Customer Profiles domain for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate a Customer Profiles domain for an existing Amazon Connect instance", "privilege": "AssociateCustomerProfilesDomain", "resource_types": [ { @@ -35547,7 +38002,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate instance storage for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate instance storage for an existing Amazon Connect instance", "privilege": "AssociateInstanceStorageConfig", "resource_types": [ { @@ -35578,7 +38033,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate a Lambda function for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate a Lambda function for an existing Amazon Connect instance", "privilege": "AssociateLambdaFunction", "resource_types": [ { @@ -35599,7 +38054,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", "privilege": "AssociateLexBot", "resource_types": [ { @@ -35623,7 +38078,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate quick connects with a queue in an Amazon Connect instance", + "description": "Grants permission to associate quick connects with a queue in an Amazon Connect instance", "privilege": "AssociateQueueQuickConnects", "resource_types": [ { @@ -35648,7 +38103,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate queues with a routing profile in an Amazon Connect instance", + "description": "Grants permission to associate queues with a routing profile in an Amazon Connect instance", "privilege": "AssociateRoutingProfileQueues", "resource_types": [ { @@ -35673,7 +38128,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to associate a security key for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to associate a security key for an existing Amazon Connect instance", "privilege": "AssociateSecurityKey", "resource_types": [ { @@ -35713,7 +38168,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a contact flow in an Amazon Connect instance", + "description": "Grants permission to create a contact flow in an Amazon Connect instance", "privilege": "CreateContactFlow", "resource_types": [ { @@ -35732,6 +38187,27 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a contact flow module in an Amazon Connect instance", + "privilege": "CreateContactFlowModule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create hours of operation in an Amazon Connect instance", @@ -35755,11 +38231,14 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a new Amazon Connect instance. The associated required actions grant permissions to configure instance settings.", + "description": "Grants permission to create a new Amazon Connect instance", "privilege": "CreateInstance", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [ "ds:AuthorizeApplication", "ds:CheckAlias", @@ -35779,7 +38258,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create an AppIntegration association with an Amazon Connect instance", + "description": "Grants permission to create an integration association with an Amazon Connect instance", "privilege": "CreateIntegrationAssociation", "resource_types": [ { @@ -35789,7 +38268,11 @@ "connect:DescribeInstance", "ds:DescribeDirectories", "events:PutRule", - "events:PutTargets" + "events:PutTargets", + "mobiletargeting:GetApp", + "voiceid:DescribeDomain", + "wisdom:GetAssistant", + "wisdom:GetKnowledgeBase" ], "resource_type": "instance*" }, @@ -35811,7 +38294,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a queue in an Amazon Connect instance", + "description": "Grants permission to create a queue in an Amazon Connect instance", "privilege": "CreateQueue", "resource_types": [ { @@ -35914,7 +38397,28 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a use case for an AppIntegration association", + "description": "Grants permission to create a security profile for the specified Amazon Connect instance", + "privilege": "CreateSecurityProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a use case for an integration association", "privilege": "CreateUseCase", "resource_types": [ { @@ -35984,7 +38488,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a user hierarchy group in an Amazon Connect instance", + "description": "Grants permission to create a user hierarchy group in an Amazon Connect instance", "privilege": "CreateUserHierarchyGroup", "resource_types": [ { @@ -36001,6 +38505,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a contact flow in an Amazon Connect instance", + "privilege": "DeleteContactFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a contact flow module in an Amazon Connect instance", + "privilege": "DeleteContactFlowModule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete hours of operation in an Amazon Connect instance", @@ -36023,7 +38567,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed.", + "description": "Grants permission to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed", "privilege": "DeleteInstance", "resource_types": [ { @@ -36037,7 +38581,8 @@ }, { "condition_keys": [ - "connect:InstanceId" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -36046,7 +38591,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete an AppIntegration association from an Amazon Connect instance. The association must not have any use cases associated with it.", + "description": "Grants permission to delete an integration association from an Amazon Connect instance. The association must not have any use cases associated with it", "privilege": "DeleteIntegrationAssociation", "resource_types": [ { @@ -36077,7 +38622,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a quick connect in an Amazon Connect instance", + "description": "Grants permission to delete a quick connect in an Amazon Connect instance", "privilege": "DeleteQuickConnect", "resource_types": [ { @@ -36097,7 +38642,27 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a use case from an AppIntegration association", + "description": "Grants permission to delete a security profile in an Amazon Connect instance", + "privilege": "DeleteSecurityProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a use case from an integration association", "privilege": "DeleteUseCase", "resource_types": [ { @@ -36124,7 +38689,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a user in an Amazon Connect instance", + "description": "Grants permission to delete a user in an Amazon Connect instance", "privilege": "DeleteUser", "resource_types": [ { @@ -36144,7 +38709,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a user hierarchy group in an Amazon Connect instance", + "description": "Grants permission to delete a user hierarchy group in an Amazon Connect instance", "privilege": "DeleteUserHierarchyGroup", "resource_types": [ { @@ -36183,7 +38748,26 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a contact flow in an Amazon Connect instance", + "description": "Grants permission to describe a contact in an Amazon Connect instance", + "privilege": "DescribeContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a contact flow in an Amazon Connect instance", "privilege": "DescribeContactFlow", "resource_types": [ { @@ -36203,7 +38787,27 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe hours of operation in an Amazon Connect instance", + "description": "Grants permission to describe a contact flow module in an Amazon Connect instance", + "privilege": "DescribeContactFlowModule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe hours of operation in an Amazon Connect instance", "privilege": "DescribeHoursOfOperation", "resource_types": [ { @@ -36223,7 +38827,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to view details of an Amazon Connect instance. This is required to create an instance.", + "description": "Grants permission to view details of an Amazon Connect instance and is also required to create an instance", "privilege": "DescribeInstance", "resource_types": [ { @@ -36235,7 +38839,8 @@ }, { "condition_keys": [ - "connect:InstanceId" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -36244,7 +38849,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to view the attribute details of an existing Amazon Connect instance", + "description": "Grants permission to view the attribute details of an existing Amazon Connect instance", "privilege": "DescribeInstanceAttribute", "resource_types": [ { @@ -36264,7 +38869,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to view the instance storage configuration for an existing Amazon Connect instance", + "description": "Grants permission to view the instance storage configuration for an existing Amazon Connect instance", "privilege": "DescribeInstanceStorageConfig", "resource_types": [ { @@ -36284,7 +38889,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a queue in an Amazon Connect instance", + "description": "Grants permission to describe a queue in an Amazon Connect instance", "privilege": "DescribeQueue", "resource_types": [ { @@ -36304,7 +38909,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a quick connect in an Amazon Connect instance", + "description": "Grants permission to describe a quick connect in an Amazon Connect instance", "privilege": "DescribeQuickConnect", "resource_types": [ { @@ -36324,7 +38929,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a routing profile in an Amazon Connect instance", + "description": "Grants permission to describe a routing profile in an Amazon Connect instance", "privilege": "DescribeRoutingProfile", "resource_types": [ { @@ -36344,7 +38949,27 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a user in an Amazon Connect instance", + "description": "Grants permission to describe a security profile in an Amazon Connect instance", + "privilege": "DescribeSecurityProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a user in an Amazon Connect instance", "privilege": "DescribeUser", "resource_types": [ { @@ -36364,7 +38989,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a hierarchy group for an Amazon Connect instance", + "description": "Grants permission to describe a hierarchy group for an Amazon Connect instance", "privilege": "DescribeUserHierarchyGroup", "resource_types": [ { @@ -36383,7 +39008,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe the hierarchy structure for an Amazon Connect instance", + "description": "Grants permission to describe the hierarchy structure for an Amazon Connect instance", "privilege": "DescribeUserHierarchyStructure", "resource_types": [ { @@ -36402,7 +39027,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate approved origin for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate approved origin for an existing Amazon Connect instance", "privilege": "DisassociateApprovedOrigin", "resource_types": [ { @@ -36421,7 +39046,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", "privilege": "DisassociateBot", "resource_types": [ { @@ -36446,7 +39071,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate a Customer Profiles domain for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate a Customer Profiles domain for an existing Amazon Connect instance", "privilege": "DisassociateCustomerProfilesDomain", "resource_types": [ { @@ -36465,7 +39090,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate instance storage for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate instance storage for an existing Amazon Connect instance", "privilege": "DisassociateInstanceStorageConfig", "resource_types": [ { @@ -36485,7 +39110,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate a Lambda function for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate a Lambda function for an existing Amazon Connect instance", "privilege": "DisassociateLambdaFunction", "resource_types": [ { @@ -36506,7 +39131,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", "privilege": "DisassociateLexBot", "resource_types": [ { @@ -36529,7 +39154,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate quick connects from a queue in an Amazon Connect instance", + "description": "Grants permission to disassociate quick connects from a queue in an Amazon Connect instance", "privilege": "DisassociateQueueQuickConnects", "resource_types": [ { @@ -36554,7 +39179,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate queues from a routing profile in an Amazon Connect instance", + "description": "Grants permission to disassociate queues from a routing profile in an Amazon Connect instance", "privilege": "DisassociateRoutingProfileQueues", "resource_types": [ { @@ -36574,7 +39199,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to disassociate the security key for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to disassociate the security key for an existing Amazon Connect instance", "privilege": "DisassociateSecurityKey", "resource_types": [ { @@ -36593,7 +39218,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to retrieve the contact attributes for the specified contact", + "description": "Grants permission to retrieve the contact attributes for the specified contact", "privilege": "GetContactAttributes", "resource_types": [ { @@ -36612,7 +39237,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to retrieve current metric data for the queues in an Amazon Connect instance", + "description": "Grants permission to retrieve current metric data for the queues in an Amazon Connect instance", "privilege": "GetCurrentMetricData", "resource_types": [ { @@ -36631,7 +39256,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to federate into an Amazon Connect instance when using SAML-based authentication for identity management", + "description": "Grants permission to federate into an Amazon Connect instance when using SAML-based authentication for identity management", "privilege": "GetFederationToken", "resource_types": [ { @@ -36650,7 +39275,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", + "description": "Grants permission to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", "privilege": "GetFederationTokens", "resource_types": [ { @@ -36666,7 +39291,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to retrieve historical metric data for queues in an Amazon Connect instance", + "description": "Grants permission to retrieve historical metric data for queues in an Amazon Connect instance", "privilege": "GetMetricData", "resource_types": [ { @@ -36691,13 +39316,13 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "wildcard-agent-status*" } ] }, { "access_level": "List", - "description": "Grants permissions to view approved origins of an existing Amazon Connect instance", + "description": "Grants permission to view approved origins of an existing Amazon Connect instance", "privilege": "ListApprovedOrigins", "resource_types": [ { @@ -36716,7 +39341,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the Lex bots of an existing Amazon Connect instance", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", "privilege": "ListBots", "resource_types": [ { @@ -36735,8 +39360,8 @@ }, { "access_level": "List", - "description": "Grants permissions to list contact flow resources in an Amazon Connect instance", - "privilege": "ListContactFlows", + "description": "Grants permission to list contact flow module resources in an Amazon Connect instance", + "privilege": "ListContactFlowModules", "resource_types": [ { "condition_keys": [], @@ -36747,7 +39372,38 @@ }, { "access_level": "List", - "description": "Grants permissions to list hours of operation resources in an Amazon Connect instance", + "description": "Grants permission to list contact flow resources in an Amazon Connect instance", + "privilege": "ListContactFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-contact-flow*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list references associated with a contact in an Amazon Connect instance", + "privilege": "ListContactReferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list hours of operation resources in an Amazon Connect instance", "privilege": "ListHoursOfOperations", "resource_types": [ { @@ -36766,7 +39422,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the attributes of an existing Amazon Connect instance", + "description": "Grants permission to view the attributes of an existing Amazon Connect instance", "privilege": "ListInstanceAttributes", "resource_types": [ { @@ -36785,7 +39441,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view storage configurations of an existing Amazon Connect instance", + "description": "Grants permission to view storage configurations of an existing Amazon Connect instance", "privilege": "ListInstanceStorageConfigs", "resource_types": [ { @@ -36804,7 +39460,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the Amazon Connect instances associated with an AWS account", + "description": "Grants permission to view the Amazon Connect instances associated with an AWS account", "privilege": "ListInstances", "resource_types": [ { @@ -36818,7 +39474,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list summary information about the AppIntegration associations for the specified Amazon Connect instance", + "description": "Grants permission to list summary information about the integration associations for the specified Amazon Connect instance", "privilege": "ListIntegrationAssociations", "resource_types": [ { @@ -36840,7 +39496,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the Lambda functions of an existing Amazon Connect instance", + "description": "Grants permission to view the Lambda functions of an existing Amazon Connect instance", "privilege": "ListLambdaFunctions", "resource_types": [ { @@ -36859,7 +39515,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the Lex bots of an existing Amazon Connect instance", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", "privilege": "ListLexBots", "resource_types": [ { @@ -36878,19 +39534,19 @@ }, { "access_level": "List", - "description": "Grants permissions to list phone number resources in an Amazon Connect instance", + "description": "Grants permission to list phone number resources in an Amazon Connect instance", "privilege": "ListPhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "wildcard-phone-number*" } ] }, { "access_level": "List", - "description": "Grants permissions to list prompt resources in an Amazon Connect instance", + "description": "Grants permission to list prompt resources in an Amazon Connect instance", "privilege": "ListPrompts", "resource_types": [ { @@ -36909,7 +39565,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list quick connect resources in a queue in an Amazon Connect instance", + "description": "Grants permission to list quick connect resources in a queue in an Amazon Connect instance", "privilege": "ListQueueQuickConnects", "resource_types": [ { @@ -36929,25 +39585,25 @@ }, { "access_level": "List", - "description": "Grants permissions to list queue resources in an Amazon Connect instance", + "description": "Grants permission to list queue resources in an Amazon Connect instance", "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "wildcard-queue*" } ] }, { "access_level": "List", - "description": "Grants permissions to list quick connect resources in an Amazon Connect instance", + "description": "Grants permission to list quick connect resources in an Amazon Connect instance", "privilege": "ListQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "wildcard-quick-connect*" } ] }, @@ -36965,7 +39621,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list queue resources in a routing profile in an Amazon Connect instance", + "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance", "privilege": "ListRoutingProfileQueues", "resource_types": [ { @@ -36985,7 +39641,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list routing profile resources in an Amazon Connect instance", + "description": "Grants permission to list routing profile resources in an Amazon Connect instance", "privilege": "ListRoutingProfiles", "resource_types": [ { @@ -37004,7 +39660,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the security keys of an existing Amazon Connect instance", + "description": "Grants permission to view the security keys of an existing Amazon Connect instance", "privilege": "ListSecurityKeys", "resource_types": [ { @@ -37023,7 +39679,27 @@ }, { "access_level": "List", - "description": "Grants permissions to list security profile resources in an Amazon Connect instance", + "description": "Grants permission to list permissions associated with security profile in an Amazon Connect instance", + "privilege": "ListSecurityProfilePermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list security profile resources in an Amazon Connect instance", "privilege": "ListSecurityProfiles", "resource_types": [ { @@ -37042,14 +39718,29 @@ }, { "access_level": "Read", - "description": "Grants permissions to list tags for an Amazon Connect resource", + "description": "Grants permission to list tags for an Amazon Connect resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent-status" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "contact-flow" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, { "condition_keys": [], "dependent_actions": [], @@ -37070,6 +39761,11 @@ "dependent_actions": [], "resource_type": "routing-profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, { "condition_keys": [], "dependent_actions": [], @@ -37091,7 +39787,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list the use cases of an AppIntegration association", + "description": "Grants permission to list the use cases of an integration association", "privilege": "ListUseCases", "resource_types": [ { @@ -37113,7 +39809,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list the hierarchy group resources in an Amazon Connect instance", + "description": "Grants permission to list the hierarchy group resources in an Amazon Connect instance", "privilege": "ListUserHierarchyGroups", "resource_types": [ { @@ -37132,7 +39828,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list user resources in an Amazon Connect instance", + "description": "Grants permission to list user resources in an Amazon Connect instance", "privilege": "ListUsers", "resource_types": [ { @@ -37151,7 +39847,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to resume recording for the specified contact", + "description": "Grants permission to resume recording for the specified contact", "privilege": "ResumeContactRecording", "resource_types": [ { @@ -37163,7 +39859,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to initiate a chat using the Amazon Connect API", + "description": "Grants permission to initiate a chat using the Amazon Connect API", "privilege": "StartChatContact", "resource_types": [ { @@ -37175,7 +39871,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to start recording for the specified contact", + "description": "Grants permission to start recording for the specified contact", "privilege": "StartContactRecording", "resource_types": [ { @@ -37187,7 +39883,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to initiate outbound calls using the Amazon Connect API", + "description": "Grants permission to initiate outbound calls using the Amazon Connect API", "privilege": "StartOutboundVoiceContact", "resource_types": [ { @@ -37199,7 +39895,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to initiate a task using the Amazon Connect API", + "description": "Grants permission to initiate a task using the Amazon Connect API", "privilege": "StartTaskContact", "resource_types": [ { @@ -37218,7 +39914,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer.", + "description": "Grants permission to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer", "privilege": "StopContact", "resource_types": [ { @@ -37237,7 +39933,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to stop recording for the specified contact", + "description": "Grants permission to stop recording for the specified contact", "privilege": "StopContactRecording", "resource_types": [ { @@ -37247,9 +39943,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "StopContactStreaming", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Grants permissions to suspend recording for the specified contact", + "description": "Grants permission to suspend recording for the specified contact", "privilege": "SuspendContactRecording", "resource_types": [ { @@ -37261,14 +39969,29 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to tag an Amazon Connect resource", + "description": "Grants permission to tag an Amazon Connect resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent-status" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "contact-flow" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, { "condition_keys": [], "dependent_actions": [], @@ -37289,6 +40012,11 @@ "dependent_actions": [], "resource_type": "routing-profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, { "condition_keys": [], "dependent_actions": [], @@ -37312,14 +40040,29 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to untag an Amazon Connect resource", + "description": "Grants permission to untag an Amazon Connect resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent-status" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "contact-flow" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, { "condition_keys": [], "dependent_actions": [], @@ -37340,6 +40083,11 @@ "dependent_actions": [], "resource_type": "routing-profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, { "condition_keys": [], "dependent_actions": [], @@ -37382,7 +40130,26 @@ }, { "access_level": "Write", - "description": "Grants permissions to create or update the contact attributes associated with the specified contact", + "description": "Grants permission to update a contact in an Amazon Connect instance", + "privilege": "UpdateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the contact attributes associated with the specified contact", "privilege": "UpdateContactAttributes", "resource_types": [ { @@ -37401,7 +40168,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update contact flow content in an Amazon Connect instance", + "description": "Grants permission to update contact flow content in an Amazon Connect instance", "privilege": "UpdateContactFlowContent", "resource_types": [ { @@ -37421,7 +40188,59 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the name and description of a contact flow in an Amazon Connect instance", + "description": "Grants permission to update the metadata of a contact flow in an Amazon Connect instance", + "privilege": "UpdateContactFlowMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateContactFlowModuleContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata of a contact flow module in an Amazon Connect instance", + "privilege": "UpdateContactFlowModuleMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the name and description of a contact flow in an Amazon Connect instance", "privilege": "UpdateContactFlowName", "resource_types": [ { @@ -37439,6 +40258,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the schedule of a contact that is already scheduled in an Amazon Connect instance", + "privilege": "UpdateContactSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update hours of operation in an Amazon Connect instance", @@ -37461,7 +40299,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the attribute for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to update the attribute for an existing Amazon Connect instance", "privilege": "UpdateInstanceAttribute", "resource_types": [ { @@ -37487,7 +40325,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the storage configuration for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "description": "Grants permission to update the storage configuration for an existing Amazon Connect instance", "privilege": "UpdateInstanceStorageConfig", "resource_types": [ { @@ -37518,7 +40356,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update queue hours of operation in an Amazon Connect instance", + "description": "Grants permission to update queue hours of operation in an Amazon Connect instance", "privilege": "UpdateQueueHoursOfOperation", "resource_types": [ { @@ -37543,7 +40381,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update queue capacity in an Amazon Connect instance", + "description": "Grants permission to update queue capacity in an Amazon Connect instance", "privilege": "UpdateQueueMaxContacts", "resource_types": [ { @@ -37563,7 +40401,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a queue name and description in an Amazon Connect instance", + "description": "Grants permission to update a queue name and description in an Amazon Connect instance", "privilege": "UpdateQueueName", "resource_types": [ { @@ -37583,7 +40421,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update queue outbound caller config in an Amazon Connect instance", + "description": "Grants permission to update queue outbound caller config in an Amazon Connect instance", "privilege": "UpdateQueueOutboundCallerConfig", "resource_types": [ { @@ -37613,7 +40451,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update queue status in an Amazon Connect instance", + "description": "Grants permission to update queue status in an Amazon Connect instance", "privilege": "UpdateQueueStatus", "resource_types": [ { @@ -37633,7 +40471,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the configuration of a quick connect in an Amazon Connect instance", + "description": "Grants permission to update the configuration of a quick connect in an Amazon Connect instance", "privilege": "UpdateQuickConnectConfig", "resource_types": [ { @@ -37668,7 +40506,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a quick connect name and description in an Amazon Connect instance", + "description": "Grants permission to update a quick connect name and description in an Amazon Connect instance", "privilege": "UpdateQuickConnectName", "resource_types": [ { @@ -37688,7 +40526,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the concurrency in a routing profile in an Amazon Connect instance", + "description": "Grants permission to update the concurrency in a routing profile in an Amazon Connect instance", "privilege": "UpdateRoutingProfileConcurrency", "resource_types": [ { @@ -37708,7 +40546,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the outbound queue in a routing profile in an Amazon Connect instance", + "description": "Grants permission to update the outbound queue in a routing profile in an Amazon Connect instance", "privilege": "UpdateRoutingProfileDefaultOutboundQueue", "resource_types": [ { @@ -37733,7 +40571,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a routing profile name and description in an Amazon Connect instance", + "description": "Grants permission to update a routing profile name and description in an Amazon Connect instance", "privilege": "UpdateRoutingProfileName", "resource_types": [ { @@ -37753,7 +40591,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the queues in routing profile in an Amazon Connect instance", + "description": "Grants permission to update the queues in routing profile in an Amazon Connect instance", "privilege": "UpdateRoutingProfileQueues", "resource_types": [ { @@ -37773,7 +40611,27 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a hierarchy group for a user in an Amazon Connect instance", + "description": "Grants permission to update a security profile group for a user in an Amazon Connect instance", + "privilege": "UpdateSecurityProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a hierarchy group for a user in an Amazon Connect instance", "privilege": "UpdateUserHierarchy", "resource_types": [ { @@ -37798,7 +40656,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a user hierarchy group name in an Amazon Connect instance", + "description": "Grants permission to update a user hierarchy group name in an Amazon Connect instance", "privilege": "UpdateUserHierarchyGroupName", "resource_types": [ { @@ -37817,7 +40675,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update user hierarchy structure in an Amazon Connect instance", + "description": "Grants permission to update user hierarchy structure in an Amazon Connect instance", "privilege": "UpdateUserHierarchyStructure", "resource_types": [ { @@ -37836,7 +40694,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update identity information for a user in an Amazon Connect instance", + "description": "Grants permission to update identity information for a user in an Amazon Connect instance", "privilege": "UpdateUserIdentityInfo", "resource_types": [ { @@ -37856,7 +40714,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update phone configuration settings for a user in an Amazon Connect instance", + "description": "Grants permission to update phone configuration settings for a user in an Amazon Connect instance", "privilege": "UpdateUserPhoneConfig", "resource_types": [ { @@ -37876,7 +40734,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a routing profile for a user in an Amazon Connect instance", + "description": "Grants permission to update a routing profile for a user in an Amazon Connect instance", "privilege": "UpdateUserRoutingProfile", "resource_types": [ { @@ -37901,7 +40759,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update security profiles for a user in an Amazon Connect instance", + "description": "Grants permission to update security profiles for a user in an Amazon Connect instance", "privilege": "UpdateUserSecurityProfiles", "resource_types": [ { @@ -37923,12 +40781,34 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update contact flow module content in an Amazon Connect instance", + "privilege": "UpdatedescribeContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "instance" }, { @@ -37952,7 +40832,9 @@ }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/security-profile/${SecurityProfileId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "security-profile" }, { @@ -37967,6 +40849,11 @@ ], "resource": "queue" }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/*", + "condition_keys": [], + "resource": "wildcard-queue" + }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/${QuickConnectId}", "condition_keys": [ @@ -37974,6 +40861,11 @@ ], "resource": "quick-connect" }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/*", + "condition_keys": [], + "resource": "wildcard-quick-connect" + }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/${ContactFlowId}", "condition_keys": [ @@ -37981,6 +40873,18 @@ ], "resource": "contact-flow" }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-flow-module" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/*", + "condition_keys": [], + "resource": "wildcard-contact-flow" + }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/operating-hours/${HoursOfOperationId}", "condition_keys": [ @@ -37995,11 +40899,21 @@ ], "resource": "agent-status" }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-status/*", + "condition_keys": [], + "resource": "wildcard-agent-status" + }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-numbers/${PhoneNumberId}", "condition_keys": [], "resource": "phone-number" }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-numbers/*", + "condition_keys": [], + "resource": "wildcard-phone-number" + }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", "condition_keys": [ @@ -38017,6 +40931,308 @@ ], "service_name": "Amazon Connect" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "String" + } + ], + "prefix": "connect-campaigns", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a specific campaign", + "privilege": "DescribeCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get state of a campaign", + "privilege": "GetCampaignState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get state of campaigns", + "privilege": "GetCampaignStateBatch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to provide summary of all campaigns", + "privilege": "ListCampaigns", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to pause a campaign", + "privilege": "PauseCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add configuration information for an Amazon Connect instance", + "privilege": "PutConnectInstanceConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create dial requests for the specified campaign", + "privilege": "PutDialRequestBatch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resume a campaign", + "privilege": "ResumeCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a campaign", + "privilege": "StartCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a campaign", + "privilege": "StopCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the dialer configuration of a campaign", + "privilege": "UpdateCampaignDialerConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the name of a campaign", + "privilege": "UpdateCampaignName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the outbound call configuration of a campaign", + "privilege": "UpdateCampaignOutboundCallConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "campaign" + } + ], + "service_name": "High-volume outbound communications" + }, { "conditions": [], "prefix": "controltower", @@ -38439,17 +41655,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -38542,6 +41758,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a ruleset", + "privilege": "CreateRuleset", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a schedule", @@ -38605,6 +41836,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a ruleset", + "privilege": "DeleteRuleset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a schedule", @@ -38677,6 +41920,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view details about a ruleset", + "privilege": "DescribeRuleset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about a schedule", @@ -38761,6 +42016,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list rulesets in your account", + "privilege": "ListRulesets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list schedules in your account", @@ -38798,6 +42065,11 @@ "dependent_actions": [], "resource_type": "Recipe" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset" + }, { "condition_keys": [], "dependent_actions": [], @@ -38890,6 +42162,11 @@ "dependent_actions": [], "resource_type": "Recipe" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset" + }, { "condition_keys": [], "dependent_actions": [], @@ -38930,6 +42207,11 @@ "dependent_actions": [], "resource_type": "Recipe" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset" + }, { "condition_keys": [], "dependent_actions": [], @@ -39004,6 +42286,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify a ruleset", + "privilege": "UpdateRuleset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a schedule", @@ -39032,6 +42326,13 @@ ], "resource": "Dataset" }, + { + "arn": "arn:${Partition}:databrew:${Region}:${Account}:ruleset/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Ruleset" + }, { "arn": "arn:${Partition}:databrew:${Region}:${Account}:recipe/${ResourceId}", "condition_keys": [ @@ -39060,22 +42361,22 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the mandatory tags.", + "description": "Filters access by the allowed set of values for each of the mandatory tags in the create request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tag value associated with the resource.", + "description": "Filters access by the tag value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request.", + "description": "Filters access by the presence of mandatory tags in the create request", "type": "String" }, { "condition": "dataexchange:JobType", - "description": "Indicates that the action can only be performed on the specified job type.", + "description": "Filters access by the specified job type", "type": "String" } ], @@ -39083,7 +42384,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permissions to cancel a job.", + "description": "Grants permission to cancel a job", "privilege": "CancelJob", "resource_types": [ { @@ -39095,7 +42396,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an asset (for example, in a Job).", + "description": "Grants permission to create an asset (for example, in a Job)", "privilege": "CreateAsset", "resource_types": [ { @@ -39111,7 +42412,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a data set.", + "description": "Grants permission to create a data set", "privilege": "CreateDataSet", "resource_types": [ { @@ -39127,7 +42428,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a job to import or export assets.", + "description": "Grants permission to create an event action", + "privilege": "CreateEventAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a job to import or export assets", "privilege": "CreateJob", "resource_types": [ { @@ -39139,7 +42452,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a revision.", + "description": "Grants permission to create a revision", "privilege": "CreateRevision", "resource_types": [ { @@ -39155,7 +42468,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete an asset.", + "description": "Grants permission to delete an asset", "privilege": "DeleteAsset", "resource_types": [ { @@ -39167,7 +42480,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a data set.", + "description": "Grants permission to delete a data set", "privilege": "DeleteDataSet", "resource_types": [ { @@ -39179,7 +42492,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a revision.", + "description": "Grants permission to delete an event action", + "privilege": "DeleteEventAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a revision", "privilege": "DeleteRevision", "resource_types": [ { @@ -39191,7 +42516,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to get information about an asset and to export it (for example, in a Job).", + "description": "Grants permission to get information about an asset and to export it (for example, in a Job)", "privilege": "GetAsset", "resource_types": [ { @@ -39203,7 +42528,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a data set.", + "description": "Grants permission to get information about a data set", "privilege": "GetDataSet", "resource_types": [ { @@ -39215,7 +42540,19 @@ }, { "access_level": "Read", - "description": "Grants permissions to get information about a job.", + "description": "Grants permission to get an event action", + "privilege": "GetEventAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a job", "privilege": "GetJob", "resource_types": [ { @@ -39227,7 +42564,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a revision.", + "description": "Grants permission to get information about a revision", "privilege": "GetRevision", "resource_types": [ { @@ -39238,8 +42575,8 @@ ] }, { - "access_level": "List", - "description": "Grants permissions to list the revisions of a data set.", + "access_level": "Read", + "description": "Grants permission to list the revisions of a data set", "privilege": "ListDataSetRevisions", "resource_types": [ { @@ -39250,8 +42587,8 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list data sets for the account.", + "access_level": "Read", + "description": "Grants permission to list data sets for the account", "privilege": "ListDataSets", "resource_types": [ { @@ -39262,8 +42599,20 @@ ] }, { - "access_level": "List", - "description": "Grants permissions to list jobs for the account.", + "access_level": "Read", + "description": "Grants permission to list event actions for the account", + "privilege": "ListEventActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list jobs for the account", "privilege": "ListJobs", "resource_types": [ { @@ -39274,8 +42623,8 @@ ] }, { - "access_level": "List", - "description": "Grants permissions to get list the assets of a revision.", + "access_level": "Read", + "description": "Grants permission to get list the assets of a revision", "privilege": "ListRevisionAssets", "resource_types": [ { @@ -39287,7 +42636,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list the tags that you associated with the specified resource.", + "description": "Grants permission to list the tags that you associated with the specified resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -39304,7 +42653,7 @@ }, { "access_level": "Write", - "description": "Grants permission to publish a data set.", + "description": "Grants permission to publish a data set", "privilege": "PublishDataSet", "resource_types": [ { @@ -39316,7 +42665,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to start a job.", + "description": "Grants permission to send a request to an API asset", + "privilege": "SendApiAsset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assets*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a job", "privilege": "StartJob", "resource_types": [ { @@ -39328,7 +42689,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a specified resource.", + "description": "Grants permission to add one or more tags to a specified resource", "privilege": "TagResource", "resource_types": [ { @@ -39353,7 +42714,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a specified resource.", + "description": "Grants permission to remove one or more tags from a specified resource", "privilege": "UntagResource", "resource_types": [ { @@ -39377,7 +42738,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to get update information about an asset.", + "description": "Grants permission to get update information about an asset", "privilege": "UpdateAsset", "resource_types": [ { @@ -39389,7 +42750,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update information about a data set.", + "description": "Grants permission to update information about a data set", "privilege": "UpdateDataSet", "resource_types": [ { @@ -39401,7 +42762,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to update information about a revision.", + "description": "Grants permission to update information for an event action", + "privilege": "UpdateEventAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information about a revision", "privilege": "UpdateRevision", "resource_types": [ { @@ -39434,6 +42807,11 @@ "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", "condition_keys": [], "resource": "assets" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}", + "condition_keys": [], + "resource": "event-actions" } ], "service_name": "AWS Data Exchange" @@ -44269,6 +47647,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations in your organization", + "privilege": "DescribeOrganizationHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations within a time range in your organization", + "privilege": "DescribeOrganizationOverview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations for each AWS CloudFormation stack or AWS Services or accounts specified in DevOps Guru in your organization", + "privilege": "DescribeOrganizationResourceCollectionHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view the health of operations for each AWS CloudFormation stack specified in DevOps Guru", @@ -44365,6 +47779,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list insights in your organization", + "privilege": "ListOrganizationInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list a specified insight's recommendations", @@ -44416,6 +47842,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to search insights in your organization", + "privilege": "SearchOrganizationInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to start the creation of an estimate of the monthly cost", @@ -44442,7 +47880,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to enable or disable a service that integrates with DevOps Guru", + "description": "Grants permission to enable or disable a service that integrates with DevOps Guru", "privilege": "UpdateServiceIntegration", "resource_types": [ { @@ -44466,17 +47904,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by actions based on the presence of tag keys in the request", "type": "String" } ], @@ -44484,7 +47922,7 @@ "privileges": [ { "access_level": "Write", - "description": "Accepts a proposal request to attach a virtual private gateway to a Direct Connect gateway.", + "description": "Grants permission to accept a proposal request to attach a virtual private gateway to a Direct Connect gateway", "privilege": "AcceptDirectConnectGatewayAssociationProposal", "resource_types": [ { @@ -44496,7 +47934,7 @@ }, { "access_level": "Write", - "description": "Creates a hosted connection on an interconnect.", + "description": "Grants permission to create a hosted connection on an interconnect", "privilege": "AllocateConnectionOnInterconnect", "resource_types": [ { @@ -44508,7 +47946,7 @@ }, { "access_level": "Write", - "description": "Creates a new hosted connection between a AWS Direct Connect partner's network and a specific AWS Direct Connect location.", + "description": "Grants permission to create a new hosted connection between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", "privilege": "AllocateHostedConnection", "resource_types": [ { @@ -44533,7 +47971,7 @@ }, { "access_level": "Write", - "description": "Provisions a private virtual interface to be owned by a different customer.", + "description": "Grants permission to provision a private virtual interface to be owned by a different customer", "privilege": "AllocatePrivateVirtualInterface", "resource_types": [ { @@ -44558,7 +47996,7 @@ }, { "access_level": "Write", - "description": "Provisions a public virtual interface to be owned by a different customer.", + "description": "Grants permission to provision a public virtual interface to be owned by a different customer", "privilege": "AllocatePublicVirtualInterface", "resource_types": [ { @@ -44583,7 +48021,7 @@ }, { "access_level": "Write", - "description": "Provisions a transit virtual interface to be owned by a different customer.", + "description": "Grants permission to provision a transit virtual interface to be owned by a different customer", "privilege": "AllocateTransitVirtualInterface", "resource_types": [ { @@ -44608,7 +48046,7 @@ }, { "access_level": "Write", - "description": "Associates a connection with a LAG.", + "description": "Grants permission to associate a connection with a LAG", "privilege": "AssociateConnectionWithLag", "resource_types": [ { @@ -44625,7 +48063,7 @@ }, { "access_level": "Write", - "description": "Associates a hosted connection and its virtual interfaces with a link aggregation group (LAG) or interconnect.", + "description": "Grants permission to associate a hosted connection and its virtual interfaces with a link aggregation group (LAG) or interconnect", "privilege": "AssociateHostedConnection", "resource_types": [ { @@ -44664,7 +48102,7 @@ }, { "access_level": "Write", - "description": "Associates a virtual interface with a specified link aggregation group (LAG) or connection.", + "description": "Grants permission to associate a virtual interface with a specified link aggregation group (LAG) or connection", "privilege": "AssociateVirtualInterface", "resource_types": [ { @@ -44686,7 +48124,7 @@ }, { "access_level": "Write", - "description": "Confirm the creation of a hosted connection on an interconnect.", + "description": "Grants permission to confirm the creation of a hosted connection on an interconnect", "privilege": "ConfirmConnection", "resource_types": [ { @@ -44698,7 +48136,19 @@ }, { "access_level": "Write", - "description": "Accept ownership of a private virtual interface created by another customer.", + "description": "Grants permission to confirm the the terms of agreement when creating the connection or link aggregation group (LAG)", + "privilege": "ConfirmCustomerAgreement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to accept ownership of a private virtual interface created by another customer", "privilege": "ConfirmPrivateVirtualInterface", "resource_types": [ { @@ -44710,7 +48160,7 @@ }, { "access_level": "Write", - "description": "Accept ownership of a public virtual interface created by another customer", + "description": "Grants permission to accept ownership of a public virtual interface created by another customer", "privilege": "ConfirmPublicVirtualInterface", "resource_types": [ { @@ -44722,7 +48172,7 @@ }, { "access_level": "Write", - "description": "Accept ownership of a transit virtual interface created by another customer", + "description": "Grants permission to accept ownership of a transit virtual interface created by another customer", "privilege": "ConfirmTransitVirtualInterface", "resource_types": [ { @@ -44734,7 +48184,7 @@ }, { "access_level": "Write", - "description": "Creates a BGP peer on the specified virtual interface.", + "description": "Grants permission to create a BGP peer on the specified virtual interface", "privilege": "CreateBGPPeer", "resource_types": [ { @@ -44746,7 +48196,7 @@ }, { "access_level": "Write", - "description": "Creates a new connection between the customer network and a specific AWS Direct Connect location.", + "description": "Grants permission to create a new connection between the customer network and a specific AWS Direct Connect location", "privilege": "CreateConnection", "resource_types": [ { @@ -44766,7 +48216,7 @@ }, { "access_level": "Write", - "description": "Creates a Direct Connect gateway, which is an intermediate object that enables you to connect a set of virtual interfaces and virtual private gateways.", + "description": "Grants permission to create a Direct Connect gateway, which is an intermediate object that enables you to connect a set of virtual interfaces and virtual private gateways", "privilege": "CreateDirectConnectGateway", "resource_types": [ { @@ -44778,7 +48228,7 @@ }, { "access_level": "Write", - "description": "Creates an association between a Direct Connect gateway and a virtual private gateway.", + "description": "Grants permission to create an association between a Direct Connect gateway and a virtual private gateway", "privilege": "CreateDirectConnectGatewayAssociation", "resource_types": [ { @@ -44790,7 +48240,7 @@ }, { "access_level": "Write", - "description": "Creates a proposal to associate the specified virtual private gateway with the specified Direct Connect gateway.", + "description": "Grants permission to create a proposal to associate the specified virtual private gateway with the specified Direct Connect gateway", "privilege": "CreateDirectConnectGatewayAssociationProposal", "resource_types": [ { @@ -44802,7 +48252,7 @@ }, { "access_level": "Write", - "description": "Creates a new interconnect between a AWS Direct Connect partner's network and a specific AWS Direct Connect location.", + "description": "Grants permission to create a new interconnect between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", "privilege": "CreateInterconnect", "resource_types": [ { @@ -44822,7 +48272,7 @@ }, { "access_level": "Write", - "description": "Creates a link aggregation group (LAG) with the specified number of bundled physical connections between the customer network and a specific AWS Direct Connect location.", + "description": "Grants permission to create a link aggregation group (LAG) with the specified number of bundled physical connections between the customer network and a specific AWS Direct Connect location", "privilege": "CreateLag", "resource_types": [ { @@ -44842,7 +48292,7 @@ }, { "access_level": "Write", - "description": "Creates a new private virtual interface.", + "description": "Grants permission to create a new private virtual interface", "privilege": "CreatePrivateVirtualInterface", "resource_types": [ { @@ -44867,7 +48317,7 @@ }, { "access_level": "Write", - "description": "Creates a new public virtual interface.", + "description": "Grants permission to create a new public virtual interface", "privilege": "CreatePublicVirtualInterface", "resource_types": [ { @@ -44892,7 +48342,7 @@ }, { "access_level": "Write", - "description": "Creates a new transit virtual interface.", + "description": "Grants permission to create a new transit virtual interface", "privilege": "CreateTransitVirtualInterface", "resource_types": [ { @@ -44917,7 +48367,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified BGP peer on the specified virtual interface with the specified customer address and ASN.", + "description": "Grants permission to delete the specified BGP peer on the specified virtual interface with the specified customer address and ASN", "privilege": "DeleteBGPPeer", "resource_types": [ { @@ -44929,7 +48379,7 @@ }, { "access_level": "Write", - "description": "Deletes the connection.", + "description": "Grants permission to delete the connection", "privilege": "DeleteConnection", "resource_types": [ { @@ -44941,7 +48391,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified Direct Connect gateway.", + "description": "Grants permission to delete the specified Direct Connect gateway", "privilege": "DeleteDirectConnectGateway", "resource_types": [ { @@ -44953,7 +48403,7 @@ }, { "access_level": "Write", - "description": "Deletes the association between the specified Direct Connect gateway and virtual private gateway.", + "description": "Grants permission to delete the association between the specified Direct Connect gateway and virtual private gateway", "privilege": "DeleteDirectConnectGatewayAssociation", "resource_types": [ { @@ -44965,7 +48415,7 @@ }, { "access_level": "Write", - "description": "Deletes the association proposal request between the specified Direct Connect gateway and virtual private gateway.", + "description": "Grants permission to delete the association proposal request between the specified Direct Connect gateway and virtual private gateway", "privilege": "DeleteDirectConnectGatewayAssociationProposal", "resource_types": [ { @@ -44977,7 +48427,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified interconnect.", + "description": "Grants permission to delete the specified interconnect", "privilege": "DeleteInterconnect", "resource_types": [ { @@ -44989,7 +48439,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified link aggregation group (LAG).", + "description": "Grants permission to delete the specified link aggregation group (LAG)", "privilege": "DeleteLag", "resource_types": [ { @@ -45001,7 +48451,7 @@ }, { "access_level": "Write", - "description": "Deletes a virtual interface.", + "description": "Grants permission to delete a virtual interface", "privilege": "DeleteVirtualInterface", "resource_types": [ { @@ -45013,7 +48463,7 @@ }, { "access_level": "Read", - "description": "Returns the LOA-CFA for a Connection.", + "description": "Grants permission to describe the LOA-CFA for a Connection", "privilege": "DescribeConnectionLoa", "resource_types": [ { @@ -45025,7 +48475,7 @@ }, { "access_level": "Read", - "description": "Displays all connections in this region.", + "description": "Grants permission to describe all connections in this region", "privilege": "DescribeConnections", "resource_types": [ { @@ -45037,7 +48487,7 @@ }, { "access_level": "Read", - "description": "Return a list of connections that have been provisioned on the given interconnect.", + "description": "Grants permission to describe a list of connections that have been provisioned on the given interconnect", "privilege": "DescribeConnectionsOnInterconnect", "resource_types": [ { @@ -45049,7 +48499,19 @@ }, { "access_level": "Read", - "description": "Describes one or more association proposals for connection between a virtual private gateway and a Direct Connect gateway.", + "description": "Grants permission to view a list of customer agreements, along with their signed status and whether the customer is an NNIPartner, NNIPartnerV2, or a nonPartner", + "privilege": "DescribeCustomerMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more association proposals for connection between a virtual private gateway and a Direct Connect gateway", "privilege": "DescribeDirectConnectGatewayAssociationProposals", "resource_types": [ { @@ -45061,7 +48523,7 @@ }, { "access_level": "Read", - "description": "Lists the associations between your Direct Connect gateways and virtual private gateways.", + "description": "Grants permission to describe the associations between your Direct Connect gateways and virtual private gateways", "privilege": "DescribeDirectConnectGatewayAssociations", "resource_types": [ { @@ -45073,7 +48535,7 @@ }, { "access_level": "Read", - "description": "Lists the attachments between your Direct Connect gateways and virtual interfaces.", + "description": "Grants permission to describe the attachments between your Direct Connect gateways and virtual interfaces", "privilege": "DescribeDirectConnectGatewayAttachments", "resource_types": [ { @@ -45085,7 +48547,7 @@ }, { "access_level": "Read", - "description": "Lists all your Direct Connect gateways or only the specified Direct Connect gateway.", + "description": "Grants permission to describe all your Direct Connect gateways or only the specified Direct Connect gateway", "privilege": "DescribeDirectConnectGateways", "resource_types": [ { @@ -45097,7 +48559,7 @@ }, { "access_level": "Read", - "description": "Lists the hosted connections that have been provisioned on the specified interconnect or link aggregation group (LAG).", + "description": "Grants permission to describe the hosted connections that have been provisioned on the specified interconnect or link aggregation group (LAG)", "privilege": "DescribeHostedConnections", "resource_types": [ { @@ -45114,7 +48576,7 @@ }, { "access_level": "Read", - "description": "Returns the LOA-CFA for an Interconnect.", + "description": "Grants permission to describe the LOA-CFA for an Interconnect", "privilege": "DescribeInterconnectLoa", "resource_types": [ { @@ -45126,7 +48588,7 @@ }, { "access_level": "Read", - "description": "Returns a list of interconnects owned by the AWS account.", + "description": "Grants permission to describe a list of interconnects owned by the AWS account", "privilege": "DescribeInterconnects", "resource_types": [ { @@ -45138,7 +48600,7 @@ }, { "access_level": "Read", - "description": "Describes all your link aggregation groups (LAG) or the specified LAG.", + "description": "Grants permission to describe all your link aggregation groups (LAG) or the specified LAG", "privilege": "DescribeLags", "resource_types": [ { @@ -45150,7 +48612,7 @@ }, { "access_level": "Read", - "description": "Gets the LOA-CFA for a connection, interconnect, or link aggregation group (LAG).", + "description": "Grants permission to describe the LOA-CFA for a connection, interconnect, or link aggregation group (LAG)", "privilege": "DescribeLoa", "resource_types": [ { @@ -45166,8 +48628,8 @@ ] }, { - "access_level": "List", - "description": "Returns the list of AWS Direct Connect locations in the current AWS region.", + "access_level": "Read", + "description": "Grants permission to describe the list of AWS Direct Connect locations in the current AWS region", "privilege": "DescribeLocations", "resource_types": [ { @@ -45179,7 +48641,19 @@ }, { "access_level": "Read", - "description": "Describes the tags associated with the specified AWS Direct Connect resources.", + "description": "Grants permission to describe Details about the router for a virtual interface", + "privilege": "DescribeRouterConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the tags associated with the specified AWS Direct Connect resources", "privilege": "DescribeTags", "resource_types": [ { @@ -45201,7 +48675,7 @@ }, { "access_level": "Read", - "description": "Returns a list of virtual private gateways owned by the AWS account.", + "description": "Grants permission to describe a list of virtual private gateways owned by the AWS account", "privilege": "DescribeVirtualGateways", "resource_types": [ { @@ -45213,7 +48687,7 @@ }, { "access_level": "Read", - "description": "Displays all virtual interfaces for an AWS account.", + "description": "Grants permission to describe all virtual interfaces for an AWS account", "privilege": "DescribeVirtualInterfaces", "resource_types": [ { @@ -45235,7 +48709,7 @@ }, { "access_level": "Write", - "description": "Disassociates a connection from a link aggregation group (LAG).", + "description": "Grants permission to disassociate a connection from a link aggregation group (LAG)", "privilege": "DisassociateConnectionFromLag", "resource_types": [ { @@ -45269,7 +48743,7 @@ }, { "access_level": "List", - "description": "Lists the virtual interface failover test history.", + "description": "Grants permission to list the virtual interface failover test history", "privilege": "ListVirtualInterfaceTestHistory", "resource_types": [ { @@ -45281,7 +48755,7 @@ }, { "access_level": "Write", - "description": "Starts the virtual interface failover test that verifies your configuration meets your resiliency requirements by placing the BGP peering session in the DOWN state. You can then send traffic to verify that there are no outages.", + "description": "Grants permission to start the virtual interface failover test that verifies your configuration meets your resiliency requirements by placing the BGP peering session in the DOWN state. You can then send traffic to verify that there are no outages", "privilege": "StartBgpFailoverTest", "resource_types": [ { @@ -45293,7 +48767,7 @@ }, { "access_level": "Write", - "description": "Stops the virtual interface failover test.", + "description": "Grants permission to stop the virtual interface failover test", "privilege": "StopBgpFailoverTest", "resource_types": [ { @@ -45305,7 +48779,7 @@ }, { "access_level": "Tagging", - "description": "Adds the specified tags to the specified AWS Direct Connect resource. Each resource can have a maximum of 50 tags.", + "description": "Grants permission to add the specified tags to the specified AWS Direct Connect resource. Each resource can have a maximum of 50 tags", "privilege": "TagResource", "resource_types": [ { @@ -45335,7 +48809,7 @@ }, { "access_level": "Tagging", - "description": "Removes one or more tags from the specified AWS Direct Connect resource.", + "description": "Grants permission to remove one or more tags from the specified AWS Direct Connect resource", "privilege": "UntagResource", "resource_types": [ { @@ -45376,7 +48850,19 @@ }, { "access_level": "Write", - "description": "Updates the specified attributes of the Direct Connect gateway association.", + "description": "Grants permission to update the name of a Direct Connect gateway", + "privilege": "UpdateDirectConnectGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified attributes of the Direct Connect gateway association", "privilege": "UpdateDirectConnectGatewayAssociation", "resource_types": [ { @@ -45388,7 +48874,7 @@ }, { "access_level": "Write", - "description": "Updates the attributes of the specified link aggregation group (LAG).", + "description": "Grants permission to update the attributes of the specified link aggregation group (LAG)", "privilege": "UpdateLag", "resource_types": [ { @@ -45400,7 +48886,7 @@ }, { "access_level": "Write", - "description": "Updates the specified attributes of the specified virtual private interface.", + "description": "Grants permission to update the specified attributes of the specified virtual private interface", "privilege": "UpdateVirtualInterfaceAttributes", "resource_types": [ { @@ -46839,73 +50325,77 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "", + "description": "Filters access by the presence of tag keys in the request", + "type": "String" + }, + { + "condition": "drs:EC2InstanceARN", + "description": "Filters access by the EC2 instance the request originated from", "type": "String" } ], - "prefix": "ds", + "prefix": "drs", "privileges": [ { "access_level": "Write", - "description": "Accepts a directory sharing request that was sent from the directory owner account.", - "privilege": "AcceptSharedDirectory", + "description": "Grants permission to get associate failback client to recovery instance", + "privilege": "AssociateFailbackClientToRecoveryInstanceForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Adds a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services", - "privilege": "AddIpRoutes", + "description": "Grants permission to batch create volume snapshot group", + "privilege": "BatchCreateVolumeSnapshotGroupForDrs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DescribeSecurityGroups" - ], - "resource_type": "directory*" + "dependent_actions": [], + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Adds two domain controllers in the specified Region for the specified directory.", - "privilege": "AddRegion", + "description": "Grants permission to batch delete snapshot request", + "privilege": "BatchDeleteSnapshotRequestForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Adds or overwrites one or more tags for the specified Amazon Directory Services directory.", - "privilege": "AddTagsToResource", + "access_level": "Write", + "description": "Grants permission to create recovery instance", + "privilege": "CreateRecoveryInstanceForDrs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "directory*" + "dependent_actions": [], + "resource_type": "SourceServerResource*" }, { "condition_keys": [ @@ -46919,32 +50409,23 @@ }, { "access_level": "Write", - "description": "Authorizes an application for your AWS Directory.", - "privilege": "AuthorizeApplication", + "description": "Grants permission to create replication configuration template", + "privilege": "CreateReplicationConfigurationTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Cancels an in-progress schema extension to a Microsoft AD directory.", - "privilege": "CancelSchemaExtension", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Verifies that the alias is available for use.", - "privilege": "CheckAlias", + "description": "Grants permission to create a session", + "privilege": "CreateSessionForDrs", "resource_types": [ { "condition_keys": [], @@ -46954,546 +50435,559 @@ ] }, { - "access_level": "Tagging", - "description": "Creates an AD Connector to connect to an on-premises directory.", - "privilege": "ConnectDirectory", + "access_level": "Write", + "description": "Grants permission to create a source server", + "privilege": "CreateSourceServerForDrs", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Creates an alias for a directory and assigns the alias to the directory.", - "privilege": "CreateAlias", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "JobResource*" } ] }, { "access_level": "Write", - "description": "Creates a computer account in the specified directory, and joins the computer to the directory.", - "privilege": "CreateComputer", + "description": "Grants permission to delete recovery instance", + "privilege": "DeleteRecoveryInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Creates a conditional forwarder associated with your AWS directory.", - "privilege": "CreateConditionalForwarder", + "description": "Grants permission to delete replication configuration template", + "privilege": "DeleteReplicationConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "ReplicationConfigurationTemplateResource*" } ] }, { - "access_level": "Tagging", - "description": "Creates a Simple AD directory.", - "privilege": "CreateDirectory", + "access_level": "Write", + "description": "Grants permission to delete source server", + "privilege": "DeleteSourceServer", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Tagging", - "description": "Creates a IdentityPool Directory in the AWS cloud.", - "privilege": "CreateIdentityPoolDirectory", + "access_level": "Read", + "description": "Grants permission to describe job log items", + "privilege": "DescribeJobLogItems", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobResource*" } ] }, { - "access_level": "Write", - "description": "Creates a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account.", - "privilege": "CreateLogSubscription", + "access_level": "Read", + "description": "Grants permission to describe jobs", + "privilege": "DescribeJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Creates a Microsoft AD in the AWS cloud.", - "privilege": "CreateMicrosoftAD", + "access_level": "Read", + "description": "Grants permission to describe recovery instances", + "privilege": "DescribeRecoveryInstances", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" + "ec2:DescribeInstances" ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud.", - "privilege": "CreateSnapshot", + "access_level": "Read", + "description": "Grants permission to describe recovery snapshots", + "privilege": "DescribeRecoverySnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Initiates the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain.", - "privilege": "CreateTrust", + "access_level": "Read", + "description": "Grants permission to describe replication configuration template", + "privilege": "DescribeReplicationConfigurationTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Deletes a conditional forwarder that has been set up for your AWS directory.", - "privilege": "DeleteConditionalForwarder", + "access_level": "Read", + "description": "Grants permission to describe replication server associations", + "privilege": "DescribeReplicationServerAssociationsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Deletes an AWS Directory Service directory.", - "privilege": "DeleteDirectory", + "access_level": "Read", + "description": "Grants permission to describe snapshot requests", + "privilege": "DescribeSnapshotRequestsForDrs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeNetworkInterfaces", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "resource_type": "directory*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Deletes the specified log subscription.", - "privilege": "DeleteLogSubscription", + "access_level": "Read", + "description": "Grants permission to describe source servers", + "privilege": "DescribeSourceServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Deletes a directory snapshot.", - "privilege": "DeleteSnapshot", + "description": "Grants permission to disconnect recovery instance", + "privilege": "DisconnectRecoveryInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Deletes an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain.", - "privilege": "DeleteTrust", + "description": "Grants permission to disconnect source server", + "privilege": "DisconnectSourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Deletes from the system the certificate that was registered for a secured LDAP connection.", - "privilege": "DeregisterCertificate", + "access_level": "Read", + "description": "Grants permission to get agent command", + "privilege": "GetAgentCommandForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Removes the specified directory as a publisher to the specified SNS topic.", - "privilege": "DeregisterEventTopic", + "access_level": "Read", + "description": "Grants permission to get agent confirmed resume info", + "privilege": "GetAgentConfirmedResumeInfoForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Displays information about the certificate registered for a secured LDAP connection.", - "privilege": "DescribeCertificate", + "description": "Grants permission to get agent installation assets", + "privilege": "GetAgentInstallationAssetsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Obtains information about the conditional forwarders for this account.", - "privilege": "DescribeConditionalForwarders", + "description": "Grants permission to get agent replication info", + "privilege": "GetAgentReplicationInfoForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Obtains information about the directories that belong to this account.", - "privilege": "DescribeDirectories", + "access_level": "Read", + "description": "Grants permission to get agent runtime configuration", + "privilege": "GetAgentRuntimeConfigurationForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Provides information about any domain controllers in your directory.", - "privilege": "DescribeDomainControllers", + "description": "Grants permission to get agent snapshot credits", + "privilege": "GetAgentSnapshotCreditsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Obtains information about which SNS topics receive status messages from the specified directory.", - "privilege": "DescribeEventTopics", + "description": "Grants permission to get channel commands", + "privilege": "GetChannelCommandsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Describes the status of LDAP security for the specified directory.", - "privilege": "DescribeLDAPSSettings", + "description": "Grants permission to get failback command", + "privilege": "GetFailbackCommandForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Read", - "description": "Provides information about the Regions that are configured for multi-Region replication.", - "privilege": "DescribeRegions", + "description": "Grants permission to get failback launch requested", + "privilege": "GetFailbackLaunchRequestedForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Read", - "description": "Returns the shared directories in your account.", - "privilege": "DescribeSharedDirectories", + "description": "Grants permission to get failback replication configuration", + "privilege": "GetFailbackReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Read", - "description": "Obtains information about the directory snapshots that belong to this account.", - "privilege": "DescribeSnapshots", + "description": "Grants permission to get launch configuration", + "privilege": "GetLaunchConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Obtains information about the trust relationships for this account.", - "privilege": "DescribeTrusts", + "description": "Grants permission to get replication configuration", + "privilege": "GetReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Disables alternative client authentication methods for the specified directory.", - "privilege": "DisableClientAuthentication", + "access_level": "Read", + "description": "Grants permission to get suggested failback client device mapping", + "privilege": "GetSuggestedFailbackClientDeviceMappingForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Deactivates LDAP secure calls for the specified directory.", - "privilege": "DisableLDAPS", + "description": "Grants permission to initialize service", + "privilege": "InitializeService", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateServiceLinkedRole", + "iam:GetInstanceProfile" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.", - "privilege": "DisableRadius", + "description": "Grants permission to issue an agent certificate", + "privilege": "IssueAgentCertificateForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Disables single-sign on for a directory.", - "privilege": "DisableSso", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Enables alternative client authentication methods for the specified directory.", - "privilege": "EnableClientAuthentication", + "description": "Grants permission to notify agent authentication", + "privilege": "NotifyAgentAuthenticationForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Activates the switch for the specific directory to always use LDAP secure calls.", - "privilege": "EnableLDAPS", + "description": "Grants permission to notify agent is connected", + "privilege": "NotifyAgentConnectedForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.", - "privilege": "EnableRadius", + "description": "Grants permission to notify agent is disconnected", + "privilege": "NotifyAgentDisconnectedForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Enables single-sign on for a directory.", - "privilege": "EnableSso", + "description": "Grants permission to notify agent replication progress", + "privilege": "NotifyAgentReplicationProgressForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "", - "privilege": "GetAuthorizedApplicationDetails", - "resource_types": [ + "resource_type": "RecoveryInstanceResource*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Obtains directory limit information for the current region.", - "privilege": "GetDirectoryLimits", + "access_level": "Write", + "description": "Grants permission to notify consistency attained", + "privilege": "NotifyConsistencyAttainedForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "Read", - "description": "Obtains the manual snapshot limits for a directory.", - "privilege": "GetSnapshotLimits", + "access_level": "Write", + "description": "Grants permission to notify replication server authentication", + "privilege": "NotifyReplicationServerAuthenticationForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "Read", - "description": "Obtains the aws applications authorized for a directory.", - "privilege": "ListAuthorizedApplications", + "access_level": "Write", + "description": "Grants permission to retry data replication", + "privilege": "RetryDataReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "For the specified directory, lists all the certificates registered for a secured LDAP connection.", - "privilege": "ListCertificates", + "access_level": "Write", + "description": "Grants permission to send agent logs", + "privilege": "SendAgentLogsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Lists the address blocks that you have added to a directory.", - "privilege": "ListIpRoutes", + "access_level": "Write", + "description": "Grants permission to send agent metrics", + "privilege": "SendAgentMetricsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Lists the active log subscriptions for the AWS account.", - "privilege": "ListLogSubscriptions", + "access_level": "Write", + "description": "Grants permission to send channel command result", + "privilege": "SendChannelCommandResultForDrs", "resource_types": [ { "condition_keys": [], @@ -47503,106 +50997,164 @@ ] }, { - "access_level": "List", - "description": "Lists all schema extensions applied to a Microsoft AD Directory.", - "privilege": "ListSchemaExtensions", + "access_level": "Write", + "description": "Grants permission to send client logs", + "privilege": "SendClientLogsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Lists all tags on an Amazon Directory Services directory.", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to send client metrics", + "privilege": "SendClientMetricsForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Registers a certificate for secured LDAP connection.", - "privilege": "RegisterCertificate", + "description": "Grants permission to start failback launch", + "privilege": "StartFailbackLaunch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Associates a directory with an SNS topic.", - "privilege": "RegisterEventTopic", + "description": "Grants permission to start recovery", + "privilege": "StartRecovery", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "sns:GetTopicAttributes" + "drs:CreateRecoveryInstanceForDrs", + "drs:ListTagsForResource", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteSnapshot", + "ec2:DeleteVolume", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyLaunchTemplate", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "iam:PassRole" ], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Rejects a directory sharing request that was sent from the directory owner account.", - "privilege": "RejectSharedDirectory", + "description": "Grants permission to stop failback", + "privilege": "StopFailback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "Write", - "description": "Removes IP address blocks from a directory.", - "privilege": "RemoveIpRoutes", + "access_level": "Tagging", + "description": "Grants permission to assign a resource tag", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation.", - "privilege": "RemoveRegion", + "description": "Grants permission to terminate recovery instances", + "privilege": "TerminateRecoveryInstances", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteVolume", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:TerminateInstances" + ], + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Removes tags from an Amazon Directory Services directory.", - "privilege": "RemoveTagsFromResource", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteTags" - ], - "resource_type": "directory*" - }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -47612,247 +51164,283 @@ }, { "access_level": "Write", - "description": "Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory.", - "privilege": "ResetUserPassword", + "description": "Grants permission to update agent backlog", + "privilege": "UpdateAgentBacklogForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Restores a directory using an existing directory snapshot.", - "privilege": "RestoreFromSnapshot", + "description": "Grants permission to update agent conversion info", + "privilege": "UpdateAgentConversionInfoForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Shares a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region.", - "privilege": "ShareDirectory", + "description": "Grants permission to update agent replication info", + "privilege": "UpdateAgentReplicationInfoForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Applies a schema extension to a Microsoft AD directory.", - "privilege": "StartSchemaExtension", + "description": "Grants permission to update agent replication process state", + "privilege": "UpdateAgentReplicationProcessStateForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Unauthorizes an application from your AWS Directory.", - "privilege": "UnauthorizeApplication", + "description": "Grants permission to update agent source properties", + "privilege": "UpdateAgentSourcePropertiesForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Stops the directory sharing between the directory owner and consumer accounts.", - "privilege": "UnshareDirectory", + "description": "Grants permission to update failback client device mapping", + "privilege": "UpdateFailbackClientDeviceMappingForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Updates a conditional forwarder that has been set up for your AWS directory.", - "privilege": "UpdateConditionalForwarder", + "description": "Grants permission to update failback client last seen", + "privilege": "UpdateFailbackClientLastSeenForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.", - "privilege": "UpdateNumberOfDomainControllers", + "description": "Grants permission to update failback replication configuration", + "privilege": "UpdateFailbackReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { "access_level": "Write", - "description": "Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory.", - "privilege": "UpdateRadius", + "description": "Grants permission to update launch configuration", + "privilege": "UpdateLaunchConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Updates the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory.", - "privilege": "UpdateTrust", + "description": "Grants permission to update a replication certificate", + "privilege": "UpdateReplicationCertificateForDrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "Read", - "description": "Verifies a trust relationship between your Microsoft AD in the AWS cloud and an external domain.", - "privilege": "VerifyTrust", + "access_level": "Write", + "description": "Grants permission to update replication configuration", + "privilege": "UpdateReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update replication configuration template", + "privilege": "UpdateReplicationConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationConfigurationTemplateResource*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}", + "arn": "arn:${Partition}:drs:${Region}:${Account}:job/${JobID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "directory" - } - ], - "service_name": "AWS Directory Service" - }, - { - "conditions": [ - { - "condition": "dynamodb:Attributes", - "description": "Filter based on the attribute (field or column) names of the table.", - "type": "String" + "resource": "JobResource" }, { - "condition": "dynamodb:EnclosingOperation", - "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa.", - "type": "String" + "arn": "arn:${Partition}:drs:${Region}:${Account}:recovery-instance/${RecoveryInstanceID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "drs:EC2InstanceARN" + ], + "resource": "RecoveryInstanceResource" }, { - "condition": "dynamodb:FullTableScan", - "description": "Used to block full table scan.", - "type": "Bool" + "arn": "arn:${Partition}:drs:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ReplicationConfigurationTemplateResource" }, { - "condition": "dynamodb:LeadingKeys", - "description": "Filters based on the partition key of the table.", - "type": "String" - }, + "arn": "arn:${Partition}:drs:${Region}:${Account}:source-server/${SourceServerID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "SourceServerResource" + } + ], + "service_name": "AWS Elastic Disaster Recovery" + }, + { + "conditions": [ { - "condition": "dynamodb:ReturnConsumedCapacity", - "description": "Filter based on the ReturnConsumedCapacity parameter of a request. Contains either \"TOTAL\" or \"NONE\".", + "condition": "aws:RequestTag/${TagKey}", + "description": "", "type": "String" }, { - "condition": "dynamodb:ReturnValues", - "description": "Filter based on the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\".", + "condition": "aws:ResourceTag/${TagKey}", + "description": "", "type": "String" }, { - "condition": "dynamodb:Select", - "description": "Filter based on the Select parameter of a Query or Scan request.", + "condition": "aws:TagKeys", + "description": "", "type": "String" } ], - "prefix": "dynamodb", + "prefix": "ds", "privileges": [ { - "access_level": "Read", - "description": "Returns the attributes of one or more items from one or more tables", - "privilege": "BatchGetItem", + "access_level": "Write", + "description": "Accepts a directory sharing request that was sent from the directory owner account.", + "privilege": "AcceptSharedDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Adds a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services", + "privilege": "AddIpRoutes", + "resource_types": [ { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:Select" + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeSecurityGroups" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Puts or deletes multiple items in one or more tables", - "privilege": "BatchWriteItem", + "description": "Adds two domain controllers in the specified Region for the specified directory.", + "privilege": "AddRegion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "The ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key", - "privilege": "ConditionCheckItem", + "access_level": "Tagging", + "description": "Adds or overwrites one or more tags for the specified Amazon Directory Services directory.", + "privilege": "AddTagsToResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "directory*" }, { "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -47861,79 +51449,1021 @@ }, { "access_level": "Write", - "description": "Creates a backup for an existing table", - "privilege": "CreateBackup", + "description": "Authorizes an application for your AWS Directory.", + "privilege": "AuthorizeApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Enables the user to create a global table from an existing table", - "privilege": "CreateGlobalTable", + "description": "Cancels an in-progress schema extension to a Microsoft AD directory.", + "privilege": "CancelSchemaExtension", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Verifies that the alias is available for use.", + "privilege": "CheckAlias", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "The CreateTable operation adds a new table to your account", - "privilege": "CreateTable", + "access_level": "Tagging", + "description": "Creates an AD Connector to connect to an on-premises directory.", + "privilege": "ConnectDirectory", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Adds a new replica table", - "privilege": "CreateTableReplica", + "description": "Creates an alias for a directory and assigns the alias to the directory.", + "privilege": "CreateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Deletes an existing backup of a table", - "privilege": "DeleteBackup", + "description": "Creates a computer account in the specified directory, and joins the computer to the directory.", + "privilege": "CreateComputer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Deletes a single item in a table by primary key", - "privilege": "DeleteItem", + "description": "Creates a conditional forwarder associated with your AWS directory.", + "privilege": "CreateConditionalForwarder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Creates a Simple AD directory.", + "privilege": "CreateDirectory", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Creates a IdentityPool Directory in the AWS cloud.", + "privilege": "CreateIdentityPoolDirectory", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account.", + "privilege": "CreateLogSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Creates a Microsoft AD in the AWS cloud.", + "privilege": "CreateMicrosoftAD", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud.", + "privilege": "CreateSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Initiates the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain.", + "privilege": "CreateTrust", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes a conditional forwarder that has been set up for your AWS directory.", + "privilege": "DeleteConditionalForwarder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes an AWS Directory Service directory.", + "privilege": "DeleteDirectory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeNetworkInterfaces", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the specified log subscription.", + "privilege": "DeleteLogSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes a directory snapshot.", + "privilege": "DeleteSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain.", + "privilege": "DeleteTrust", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes from the system the certificate that was registered for a secured LDAP connection.", + "privilege": "DeregisterCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Removes the specified directory as a publisher to the specified SNS topic.", + "privilege": "DeregisterEventTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Displays information about the certificate registered for a secured LDAP connection.", + "privilege": "DescribeCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains information about the conditional forwarders for this account.", + "privilege": "DescribeConditionalForwarders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "List", + "description": "Obtains information about the directories that belong to this account.", + "privilege": "DescribeDirectories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Provides information about any domain controllers in your directory.", + "privilege": "DescribeDomainControllers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains information about which SNS topics receive status messages from the specified directory.", + "privilege": "DescribeEventTopics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Describes the status of LDAP security for the specified directory.", + "privilege": "DescribeLDAPSSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Provides information about the Regions that are configured for multi-Region replication.", + "privilege": "DescribeRegions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Returns the shared directories in your account.", + "privilege": "DescribeSharedDirectories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains information about the directory snapshots that belong to this account.", + "privilege": "DescribeSnapshots", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains information about the trust relationships for this account.", + "privilege": "DescribeTrusts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Disables alternative client authentication methods for the specified directory.", + "privilege": "DisableClientAuthentication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Deactivates LDAP secure calls for the specified directory.", + "privilege": "DisableLDAPS", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.", + "privilege": "DisableRadius", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Disables single-sign on for a directory.", + "privilege": "DisableSso", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Enables alternative client authentication methods for the specified directory.", + "privilege": "EnableClientAuthentication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Activates the switch for the specific directory to always use LDAP secure calls.", + "privilege": "EnableLDAPS", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory.", + "privilege": "EnableRadius", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Enables single-sign on for a directory.", + "privilege": "EnableSso", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "", + "privilege": "GetAuthorizedApplicationDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains directory limit information for the current region.", + "privilege": "GetDirectoryLimits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains the manual snapshot limits for a directory.", + "privilege": "GetSnapshotLimits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Obtains the aws applications authorized for a directory.", + "privilege": "ListAuthorizedApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "List", + "description": "For the specified directory, lists all the certificates registered for a secured LDAP connection.", + "privilege": "ListCertificates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Lists the address blocks that you have added to a directory.", + "privilege": "ListIpRoutes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Lists the active log subscriptions for the AWS account.", + "privilege": "ListLogSubscriptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists all schema extensions applied to a Microsoft AD Directory.", + "privilege": "ListSchemaExtensions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Lists all tags on an Amazon Directory Services directory.", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Registers a certificate for secured LDAP connection.", + "privilege": "RegisterCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Associates a directory with an SNS topic.", + "privilege": "RegisterEventTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sns:GetTopicAttributes" + ], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Rejects a directory sharing request that was sent from the directory owner account.", + "privilege": "RejectSharedDirectory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Removes IP address blocks from a directory.", + "privilege": "RemoveIpRoutes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation.", + "privilege": "RemoveRegion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Removes tags from an Amazon Directory Services directory.", + "privilege": "RemoveTagsFromResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteTags" + ], + "resource_type": "directory*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Resets the password for any user in your AWS Managed Microsoft AD or Simple AD directory.", + "privilege": "ResetUserPassword", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Restores a directory using an existing directory snapshot.", + "privilege": "RestoreFromSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Shares a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region.", + "privilege": "ShareDirectory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Applies a schema extension to a Microsoft AD directory.", + "privilege": "StartSchemaExtension", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Unauthorizes an application from your AWS Directory.", + "privilege": "UnauthorizeApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Stops the directory sharing between the directory owner and consumer accounts.", + "privilege": "UnshareDirectory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates a conditional forwarder that has been set up for your AWS directory.", + "privilege": "UpdateConditionalForwarder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.", + "privilege": "UpdateNumberOfDomainControllers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory.", + "privilege": "UpdateRadius", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory.", + "privilege": "UpdateTrust", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Verifies a trust relationship between your Microsoft AD in the AWS cloud and an external domain.", + "privilege": "VerifyTrust", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "directory" + } + ], + "service_name": "AWS Directory Service" + }, + { + "conditions": [ + { + "condition": "dynamodb:Attributes", + "description": "Filter based on the attribute (field or column) names of the table", + "type": "String" + }, + { + "condition": "dynamodb:EnclosingOperation", + "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", + "type": "String" + }, + { + "condition": "dynamodb:FullTableScan", + "description": "Used to block full table scan", + "type": "Bool" + }, + { + "condition": "dynamodb:LeadingKeys", + "description": "Filters based on the partition key of the table", + "type": "String" + }, + { + "condition": "dynamodb:ReturnConsumedCapacity", + "description": "Filter based on the ReturnConsumedCapacity parameter of a request. Contains either \"TOTAL\" or \"NONE\"", + "type": "String" + }, + { + "condition": "dynamodb:ReturnValues", + "description": "Filter based on the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\"", + "type": "String" + }, + { + "condition": "dynamodb:Select", + "description": "Filter based on the Select parameter of a Query or Scan request", + "type": "String" + } + ], + "prefix": "dynamodb", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to return the attributes of one or more items from one or more tables", + "privilege": "BatchGetItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:Select" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put or delete multiple items in one or more tables", + "privilege": "BatchWriteItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to the ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key", + "privilege": "ConditionCheckItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a backup for an existing table", + "privilege": "CreateBackup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a global table from an existing table", + "privilege": "CreateGlobalTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the CreateTable operation adds a new table to your account", + "privilege": "CreateTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a new replica table", + "privilege": "CreateTableReplica", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing backup of a table", + "privilege": "DeleteBackup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deletes a single item in a table by primary key", + "privilege": "DeleteItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [ "dynamodb:Attributes", @@ -47949,7 +52479,7 @@ }, { "access_level": "Write", - "description": "The DeleteTable operation deletes a table and all of its items", + "description": "Grants permission to the DeleteTable operation which deletes a table and all of its items", "privilege": "DeleteTable", "resource_types": [ { @@ -47961,7 +52491,7 @@ }, { "access_level": "Write", - "description": "Deletes a replica table and all of its items", + "description": "Grants permission to delete a replica table and all of its items", "privilege": "DeleteTableReplica", "resource_types": [ { @@ -47973,7 +52503,7 @@ }, { "access_level": "Read", - "description": "Describes an existing backup of a table", + "description": "Grants permission to describe an existing backup of a table", "privilege": "DescribeBackup", "resource_types": [ { @@ -47985,7 +52515,7 @@ }, { "access_level": "Read", - "description": "Checks the status of the backup restore settings on the specified table", + "description": "Grants permission to check the status of the backup restore settings on the specified table", "privilege": "DescribeContinuousBackups", "resource_types": [ { @@ -47997,7 +52527,7 @@ }, { "access_level": "Read", - "description": "Describes the contributor insights status and related details for a given table or global secondary index", + "description": "Grants permission to describe the contributor insights status and related details for a given table or global secondary index", "privilege": "DescribeContributorInsights", "resource_types": [ { @@ -48014,7 +52544,7 @@ }, { "access_level": "Read", - "description": "Describes an existing Export of a table", + "description": "Grants permission to describe an existing Export of a table", "privilege": "DescribeExport", "resource_types": [ { @@ -48026,7 +52556,7 @@ }, { "access_level": "Read", - "description": "Returns information about the specified global table", + "description": "Grants permission to return information about the specified global table", "privilege": "DescribeGlobalTable", "resource_types": [ { @@ -48038,7 +52568,7 @@ }, { "access_level": "Read", - "description": "Returns settings information about the specified global table", + "description": "Grants permission to return settings information about the specified global table", "privilege": "DescribeGlobalTableSettings", "resource_types": [ { @@ -48050,7 +52580,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the status of Kinesis streaming and related details for a given table", + "description": "Grants permission to grant permission to describe the status of Kinesis streaming and related details for a given table", "privilege": "DescribeKinesisStreamingDestination", "resource_types": [ { @@ -48062,7 +52592,7 @@ }, { "access_level": "Read", - "description": "Returns the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there", + "description": "Grants permission to return the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there", "privilege": "DescribeLimits", "resource_types": [ { @@ -48074,7 +52604,7 @@ }, { "access_level": "Read", - "description": "Describes one or more of the Reserved Capacity purchased", + "description": "Grants permission to describe one or more of the Reserved Capacity purchased", "privilege": "DescribeReservedCapacity", "resource_types": [ { @@ -48086,7 +52616,7 @@ }, { "access_level": "Read", - "description": "Describes Reserved Capacity offerings that are available for purchase", + "description": "Grants permission to describe Reserved Capacity offerings that are available for purchase", "privilege": "DescribeReservedCapacityOfferings", "resource_types": [ { @@ -48098,7 +52628,7 @@ }, { "access_level": "Read", - "description": "Returns information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table", + "description": "Grants permission to return information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table", "privilege": "DescribeStream", "resource_types": [ { @@ -48110,7 +52640,7 @@ }, { "access_level": "Read", - "description": "Returns information about the table", + "description": "Grants permission to return information about the table", "privilege": "DescribeTable", "resource_types": [ { @@ -48122,7 +52652,7 @@ }, { "access_level": "Read", - "description": "Describes the auto scaling settings across all replicas of the global table", + "description": "Grants permission to describe the auto scaling settings across all replicas of the global table", "privilege": "DescribeTableReplicaAutoScaling", "resource_types": [ { @@ -48134,7 +52664,7 @@ }, { "access_level": "Read", - "description": "Gives a description of the Time to Live (TTL) status on the specified table.", + "description": "Grants permission to give a description of the Time to Live (TTL) status on the specified table", "privilege": "DescribeTimeToLive", "resource_types": [ { @@ -48146,7 +52676,7 @@ }, { "access_level": "Write", - "description": "Grants permission to stop replication from the DynamoDB table to the Kinesis data stream", + "description": "Grants permission to grant permission to stop replication from the DynamoDB table to the Kinesis data stream", "privilege": "DisableKinesisStreamingDestination", "resource_types": [ { @@ -48158,7 +52688,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow", + "description": "Grants permission to grant permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow", "privilege": "EnableKinesisStreamingDestination", "resource_types": [ { @@ -48170,7 +52700,7 @@ }, { "access_level": "Write", - "description": "Initiates an Export of a DynamoDB table to S3", + "description": "Grants permission to initiate an Export of a DynamoDB table to S3", "privilege": "ExportTableToPointInTime", "resource_types": [ { @@ -48182,7 +52712,7 @@ }, { "access_level": "Read", - "description": "The GetItem operation returns a set of attributes for the item with the given primary key", + "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", "privilege": "GetItem", "resource_types": [ { @@ -48205,7 +52735,7 @@ }, { "access_level": "Read", - "description": "Retrieves the stream records from a given shard", + "description": "Grants permission to retrieve the stream records from a given shard", "privilege": "GetRecords", "resource_types": [ { @@ -48217,7 +52747,7 @@ }, { "access_level": "Read", - "description": "Returns a shard iterator", + "description": "Grants permission to return a shard iterator", "privilege": "GetShardIterator", "resource_types": [ { @@ -48229,7 +52759,7 @@ }, { "access_level": "List", - "description": "List backups associated with the account and endpoint", + "description": "Grants permission to list backups associated with the account and endpoint", "privilege": "ListBackups", "resource_types": [ { @@ -48241,7 +52771,7 @@ }, { "access_level": "List", - "description": "Lists the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint", + "description": "Grants permission to list the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint", "privilege": "ListContributorInsights", "resource_types": [ { @@ -48253,7 +52783,7 @@ }, { "access_level": "List", - "description": "List exports associated with the account and endpoint", + "description": "Grants permission to list exports associated with the account and endpoint", "privilege": "ListExports", "resource_types": [ { @@ -48265,7 +52795,7 @@ }, { "access_level": "List", - "description": "Lists all global tables that have a replica in the specified region", + "description": "Grants permission to list all global tables that have a replica in the specified region", "privilege": "ListGlobalTables", "resource_types": [ { @@ -48277,7 +52807,7 @@ }, { "access_level": "Read", - "description": "Returns an array of stream ARNs associated with the current account and endpoint", + "description": "Grants permission to return an array of stream ARNs associated with the current account and endpoint", "privilege": "ListStreams", "resource_types": [ { @@ -48289,7 +52819,7 @@ }, { "access_level": "List", - "description": "Returns an array of table names associated with the current account and endpoint", + "description": "Grants permission to return an array of table names associated with the current account and endpoint", "privilege": "ListTables", "resource_types": [ { @@ -48301,7 +52831,7 @@ }, { "access_level": "Read", - "description": "List all tags on an Amazon DynamoDB resource", + "description": "Grants permission to list all tags on an Amazon DynamoDB resource", "privilege": "ListTagsOfResource", "resource_types": [ { @@ -48406,7 +52936,7 @@ }, { "access_level": "Write", - "description": "Purchases Reserved Capacity for use with your account", + "description": "Grants permission to purchases reserved capacity for use with your account", "privilege": "PurchaseReservedCapacityOfferings", "resource_types": [ { @@ -48418,7 +52948,7 @@ }, { "access_level": "Write", - "description": "Creates a new item, or replaces an old item with a new item", + "description": "Grants permission to create a new item, or replace an old item with a new item", "privilege": "PutItem", "resource_types": [ { @@ -48441,7 +52971,7 @@ }, { "access_level": "Read", - "description": "Uses the primary key of a table or a secondary index to directly access items from that table or index", + "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", "privilege": "Query", "resource_types": [ { @@ -48469,7 +52999,19 @@ }, { "access_level": "Write", - "description": "Creates a new table from an existing backup", + "description": "Grants permission to create a new table from recovery point on AWS Backup", + "privilege": "RestoreTableFromAwsBackup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new table from an existing backup", "privilege": "RestoreTableFromBackup", "resource_types": [ { @@ -48486,7 +53028,7 @@ }, { "access_level": "Write", - "description": "Restores a table to a point in time", + "description": "Grants permission to restore a table to a point in time", "privilege": "RestoreTableToPointInTime", "resource_types": [ { @@ -48498,7 +53040,7 @@ }, { "access_level": "Read", - "description": "Returns one or more items and item attributes by accessing every item in a table or a secondary index", + "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", "privilege": "Scan", "resource_types": [ { @@ -48523,9 +53065,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a backup on AWS Backup with advanced features enabled", + "privilege": "StartAwsBackupJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Tagging", - "description": "Associate a set of tags with an Amazon DynamoDB resource", + "description": "Grants permission to associate a set of tags with an Amazon DynamoDB resource", "privilege": "TagResource", "resource_types": [ { @@ -48537,7 +53091,7 @@ }, { "access_level": "Tagging", - "description": "Removes the association of tags from an Amazon DynamoDB resource.", + "description": "Grants permission to remove the association of tags from an Amazon DynamoDB resource", "privilege": "UntagResource", "resource_types": [ { @@ -48549,7 +53103,7 @@ }, { "access_level": "Write", - "description": "Enables or disables continuous backups", + "description": "Grants permission to enable or disable continuous backups", "privilege": "UpdateContinuousBackups", "resource_types": [ { @@ -48561,7 +53115,7 @@ }, { "access_level": "Write", - "description": "Updates the status for contributor insights for a specific table or global secondary index", + "description": "Grants permission to update the status for contributor insights for a specific table or global secondary index", "privilege": "UpdateContributorInsights", "resource_types": [ { @@ -48578,7 +53132,7 @@ }, { "access_level": "Write", - "description": "Enables the user to add or remove replicas in the specified global table", + "description": "Grants permission to add or remove replicas in the specified global table", "privilege": "UpdateGlobalTable", "resource_types": [ { @@ -48595,7 +53149,7 @@ }, { "access_level": "Write", - "description": "Enables the user to update settings of the specified global table", + "description": "Grants permission to update settings of the specified global table", "privilege": "UpdateGlobalTableSettings", "resource_types": [ { @@ -48612,7 +53166,7 @@ }, { "access_level": "Write", - "description": "Edits an existing item's attributes, or adds a new item to the table if it does not already exist", + "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", "privilege": "UpdateItem", "resource_types": [ { @@ -48635,7 +53189,7 @@ }, { "access_level": "Write", - "description": "Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table", + "description": "Grants permission to modify the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table", "privilege": "UpdateTable", "resource_types": [ { @@ -48647,7 +53201,7 @@ }, { "access_level": "Write", - "description": "Updates auto scaling settings on your replica table", + "description": "Grants permission to update auto scaling settings on your replica table", "privilege": "UpdateTableReplicaAutoScaling", "resource_types": [ { @@ -48659,7 +53213,7 @@ }, { "access_level": "Write", - "description": "Enables or disables TTL for the specified table", + "description": "Grants permission to enable or disable TTL for the specified table", "privilege": "UpdateTimeToLive", "resource_types": [ { @@ -48692,7 +53246,7 @@ "resource": "backup" }, { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/export/${exportName}", + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/export/${ExportName}", "condition_keys": [], "resource": "export" }, @@ -48723,17 +53277,17 @@ }, { "condition": "ebs:Description", - "description": "Filters access by the description of the snapshot being created.", + "description": "Filters access by the description of the snapshot being created", "type": "String" }, { "condition": "ebs:ParentSnapshot", - "description": "Filters access by the ID of the parent snapshot.", + "description": "Filters access by the ID of the parent snapshot", "type": "String" }, { "condition": "ebs:VolumeSize", - "description": "Filters access by the size of the volume for the snapshot being created, in GiB.", + "description": "Filters access by the size of the volume for the snapshot being created, in GiB", "type": "Numeric" } ], @@ -48741,7 +53295,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it.", + "description": "Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it", "privilege": "CompleteSnapshot", "resource_types": [ { @@ -48798,7 +53352,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot.", + "description": "Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot", "privilege": "ListSnapshotBlocks", "resource_types": [ { @@ -48817,7 +53371,7 @@ }, { "access_level": "Write", - "description": "Grants permission to write a block of data to a snapshot created by the StartSnapshot operation.", + "description": "Grants permission to write a block of data to a snapshot created by the StartSnapshot operation", "privilege": "PutSnapshotBlock", "resource_types": [ { @@ -48836,7 +53390,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new EBS snapshot.", + "description": "Grants permission to create a new EBS snapshot", "privilege": "StartSnapshot", "resource_types": [ { @@ -48882,11 +53436,6 @@ "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, - { - "condition": "aws:ResourceTag/", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - }, { "condition": "aws:ResourceTag/${TagKey}", "description": "Filters access by a tag key and value pair of a resource", @@ -48902,6 +53451,11 @@ "description": "Filters access by the ARN of an accepter VPC in a VPC peering connection", "type": "ARN" }, + { + "condition": "ec2:AllocationId", + "description": "Filters access by the Allocation Id of the Elastic Ip", + "type": "String" + }, { "condition": "ec2:AssociatePublicIpAddress", "description": "Filters access by whether the user wants to associate a public IP address with the instance", @@ -48937,6 +53491,11 @@ "description": "Filters access by the name of an Availability Zone in an AWS Region", "type": "String" }, + { + "condition": "ec2:CapacityReservationFleet", + "description": "Filters access by the ARN of the Capacity Reservation Fleet", + "type": "ARN" + }, { "condition": "ec2:ClientRootCertificateChainArn", "description": "Filters access by the ARN of the client root certificate chain", @@ -48967,6 +53526,11 @@ "description": "Filters access by the ARN of the directory", "type": "ARN" }, + { + "condition": "ec2:Domain", + "description": "Filters access by the domain of the Elastic Ip Address", + "type": "String" + }, { "condition": "ec2:EbsOptimized", "description": "Filters access by whether the instance is enabled for EBS optimization", @@ -49029,7 +53593,17 @@ }, { "condition": "ec2:KeyPairName", - "description": "Filters access by key pair name", + "description": "Filters access by a key pair name", + "type": "String" + }, + { + "condition": "ec2:KeyPairType", + "description": "Filters access by a key pair type", + "type": "String" + }, + { + "condition": "ec2:KmsKeyId", + "description": "Filters access by an Id of your AWS Key Management Service", "type": "String" }, { @@ -49083,7 +53657,7 @@ "type": "String" }, { - "condition": "ec2:Phase1DHGroupNumbers", + "condition": "ec2:Phase1DHGroup", "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 1 IKE negotiations", "type": "Numeric" }, @@ -49103,7 +53677,7 @@ "type": "Numeric" }, { - "condition": "ec2:Phase2DHGroupNumbers", + "condition": "ec2:Phase2DHGroup", "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 2 IKE negotiations", "type": "Numeric" }, @@ -49133,7 +53707,7 @@ "type": "String" }, { - "condition": "ec2:PresharedKeys", + "condition": "ec2:PreSharedKeys", "description": "Filters access by the pre-shared key (PSK) used to establish the initial IKE security association between a virtual private gateway and a customer gateway", "type": "String" }, @@ -49147,6 +53721,11 @@ "description": "Filters access by whether the image has public launch permissions", "type": "Bool" }, + { + "condition": "ec2:PublicIpAddress", + "description": "Filters access by the Public Ip", + "type": "String" + }, { "condition": "ec2:Quantity", "description": "Filters access by the number of Dedicated Hosts in a request", @@ -49286,17 +53865,9 @@ "privilege": "AcceptReservedInstancesExchangeQuote", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances*" + "resource_type": "" } ] }, @@ -49305,17 +53876,6 @@ "description": "Grants permission to accept a request to associate subnets with a transit gateway multicast domain", "privilege": "AcceptTransitGatewayMulticastDomainAssociations", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -49380,16 +53940,6 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" - ], - "dependent_actions": [], "resource_type": "vpc-endpoint-service*" } ] @@ -49442,8 +53992,17 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -49468,7 +54027,9 @@ "ec2:Quantity", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "dedicated-host*" } ] @@ -49497,8 +54058,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group*" @@ -49507,8 +54067,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc*" @@ -49523,8 +54082,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49544,8 +54101,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49565,6 +54120,9 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -49576,8 +54134,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49590,8 +54152,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49626,10 +54186,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet*" @@ -49641,6 +54199,15 @@ "description": "Grants permission to associate or disassociate a set of DHCP options with a VPC", "privilege": "AssociateDhcpOptions", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dhcp-options*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -49680,8 +54247,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:NewInstanceProfile", "ec2:PlacementGroup", "ec2:Region", @@ -49709,44 +54280,14 @@ ], "dependent_actions": [], "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "dedicated-host" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate a subnet or gateway with a route table", - "privilege": "AssociateRouteTable", - "resource_types": [ + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a subnet or gateway with a route table", + "privilege": "AssociateRouteTable", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -49915,8 +54456,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49984,8 +54529,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -49998,8 +54547,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -50021,8 +54568,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -50110,7 +54661,9 @@ "ec2:ResourceTag/${TagKey}", "ec2:Vpc" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "security-group*" } ] @@ -50127,7 +54680,9 @@ "ec2:ResourceTag/${TagKey}", "ec2:Vpc" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "security-group*" } ] @@ -50138,20 +54693,9 @@ "privilege": "BundleInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, @@ -50175,6 +54719,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:CapacityReservationFleet", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -50183,6 +54728,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel one or more Capacity Reservation Fleets", + "privilege": "CancelCapacityReservationFleets", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to cancel an active conversion task", @@ -50295,20 +54856,9 @@ "privilege": "ConfirmProductInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, @@ -50355,7 +54905,9 @@ "ec2:Region", "ec2:SourceOutpostArn" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "snapshot*" } ] @@ -50369,13 +54921,34 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:CapacityReservationFleet", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "capacity-reservation*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Capacity Reservation Fleet", + "privilege": "CreateCapacityReservationFleet", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "capacity-reservation-fleet*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers", @@ -50385,11 +54958,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Tenancy", - "ec2:Vpc" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "carrier-gateway*" }, { @@ -50421,15 +54994,16 @@ "ec2:SamlProviderArn", "ec2:ServerCertificateArn" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "client-vpn-endpoint*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group" @@ -50438,8 +55012,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc" @@ -50469,10 +55042,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet*" @@ -50490,7 +55061,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "customer-gateway*" } ] @@ -50530,7 +55103,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "dhcp-options*" } ] @@ -50546,7 +55121,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "egress-only-internet-gateway*" }, { @@ -50572,9 +55149,27 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "fleet*" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -50592,6 +55187,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -50621,6 +55217,16 @@ "dependent_actions": [], "resource_type": "network-interface" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupStrategy", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -50669,6 +55275,7 @@ "ec2:Region" ], "dependent_actions": [ + "ec2:CreateTags", "iam:PassRole" ], "resource_type": "vpc-flow-log*" @@ -50676,8 +55283,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -50723,7 +55328,9 @@ "ec2:Public", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "fpga-image*" } ] @@ -50737,13 +55344,13 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:ImageType", "ec2:Owner", "ec2:Public", - "ec2:Region", - "ec2:RootDeviceType" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "image*" }, { @@ -50751,8 +55358,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -50761,6 +55372,21 @@ ], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" } ] }, @@ -50775,7 +55401,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "instance-event-window*" } ] @@ -50791,7 +55419,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "export-instance-task*" }, { @@ -50799,9 +55429,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:PlacementGroup", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", @@ -50823,7 +55456,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "internet-gateway*" } ] @@ -50837,10 +55472,12 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "key-pair*" } ] @@ -50856,112 +55493,10 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], - "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "dedicated-host" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "key-pair" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupStrategy", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "placement-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "security-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "launch-template*" } ] }, @@ -50978,110 +55513,6 @@ ], "dependent_actions": [], "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "dedicated-host" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "key-pair" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupStrategy", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "placement-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "security-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" } ] }, @@ -51121,15 +55552,16 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Tenancy" + "ec2:Region" ], "dependent_actions": [], "resource_type": "local-gateway-route-table-vpc-association*" @@ -51157,7 +55589,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "prefix-list*" } ] @@ -51167,22 +55601,15 @@ "description": "Grants permission to create a NAT gateway in a subnet", "privilege": "CreateNatGateway", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "natgateway*" }, { @@ -51195,6 +55622,18 @@ ], "dependent_actions": [], "resource_type": "subnet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" } ] }, @@ -51207,10 +55646,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Vpc" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "network-acl*" }, { @@ -51253,8 +55693,87 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "network-insights-path*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AssociatePublicIpAddress", + "ec2:AuthorizedService", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AccepterVpc", + "ec2:Region", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" } ] }, @@ -51267,14 +55786,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:Subnet", - "ec2:Vpc" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "network-interface*" }, { @@ -51308,9 +55824,10 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", "ec2:AuthorizedService", + "ec2:AuthorizedUser", "ec2:AvailabilityZone", + "ec2:Permission", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Subnet", @@ -51333,7 +55850,9 @@ "ec2:PlacementGroupStrategy", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "placement-group*" } ] @@ -51348,15 +55867,21 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "instance*" }, { @@ -51398,17 +55923,9 @@ "privilege": "CreateReservedInstancesListing", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances*" + "resource_type": "" } ] }, @@ -51421,13 +55938,12 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:ImageType", "ec2:Owner", - "ec2:Public", - "ec2:Region", - "ec2:RootDeviceType" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "image*" } ] @@ -51458,10 +55974,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Vpc" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "route-table*" }, { @@ -51487,7 +56004,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "security-group*" }, { @@ -51512,24 +56031,22 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:OutpostArn", - "ec2:Owner", "ec2:ParentVolume", "ec2:Region", - "ec2:SnapshotTime", "ec2:SourceOutpostArn", "ec2:VolumeSize" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "snapshot*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Encrypted", - "ec2:ParentSnapshot", "ec2:Region", "ec2:ResourceTag/${TagKey}", - "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", "ec2:VolumeType" @@ -51557,7 +56074,9 @@ "ec2:RootDeviceType", "ec2:Tenancy" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "instance*" }, { @@ -51565,10 +56084,8 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:OutpostArn", - "ec2:Owner", "ec2:ParentVolume", "ec2:Region", - "ec2:SnapshotTime", "ec2:SourceOutpostArn", "ec2:VolumeSize" ], @@ -51579,10 +56096,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Encrypted", - "ec2:ParentSnapshot", "ec2:Region", "ec2:ResourceTag/${TagKey}", - "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", "ec2:VolumeType" @@ -51633,11 +56148,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:Vpc" + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "subnet*" }, { @@ -51678,6 +56193,15 @@ "dependent_actions": [], "resource_type": "capacity-reservation" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -51747,6 +56271,9 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -51836,8 +56363,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -51887,6 +56418,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -51933,8 +56465,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "local-gateway-route-table-vpc-association" @@ -51981,7 +56512,9 @@ "aws:ResourceTag/${TagKey}", "ec2:AssociatePublicIpAddress", "ec2:AuthorizedService", + "ec2:AuthorizedUser", "ec2:AvailabilityZone", + "ec2:Permission", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Subnet", @@ -52063,6 +56596,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", @@ -52247,15 +56782,15 @@ "ec2:GatewayType", "ec2:IKEVersions", "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", @@ -52294,7 +56829,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "traffic-mirror-filter*" } ] @@ -52312,13 +56849,6 @@ ], "dependent_actions": [], "resource_type": "traffic-mirror-filter*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter-rule*" } ] }, @@ -52330,15 +56860,12 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "network-interface*" }, { @@ -52381,19 +56908,16 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "traffic-mirror-target*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "network-interface" @@ -52411,7 +56935,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway*" } ] @@ -52427,7 +56953,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway-attachment*" } ] @@ -52437,6 +56965,17 @@ "description": "Grants permission to create a Connect peer between a transit gateway and an appliance", "privilege": "CreateTransitGatewayConnectPeer", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway-attachment*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -52444,7 +56983,7 @@ "ec2:Region" ], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "resource_type": "transit-gateway-connect-peer*" } ] }, @@ -52459,7 +56998,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway*" }, { @@ -52484,7 +57025,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway*" }, { @@ -52568,7 +57111,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway*" }, { @@ -52593,7 +57138,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "transit-gateway*" }, { @@ -52639,14 +57186,16 @@ "aws:TagKeys", "ec2:AvailabilityZone", "ec2:Encrypted", + "ec2:KmsKeyId", "ec2:ParentSnapshot", "ec2:Region", - "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", "ec2:VolumeType" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "volume*" } ] @@ -52662,7 +57211,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "vpc*" }, { @@ -52685,10 +57236,10 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [ + "ec2:CreateTags", "route53:AssociateVPCWithHostedZone" ], "resource_type": "vpc*" @@ -52708,8 +57259,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "route-table" @@ -52718,8 +57268,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group" @@ -52727,10 +57276,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet" @@ -52750,16 +57297,6 @@ ], "dependent_actions": [], "resource_type": "vpc-endpoint" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service" } ] }, @@ -52775,7 +57312,9 @@ "ec2:Region", "ec2:VpceServicePrivateDnsName" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "vpc-endpoint-service*" } ] @@ -52792,7 +57331,9 @@ "ec2:ResourceTag/${TagKey}", "ec2:Tenancy" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "vpc*" }, { @@ -52819,7 +57360,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "customer-gateway*" }, { @@ -52831,15 +57374,15 @@ "ec2:GatewayType", "ec2:IKEVersions", "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", @@ -52876,25 +57419,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection*" @@ -52912,7 +57438,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "vpn-gateway*" } ] @@ -52926,9 +57454,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "carrier-gateway*" @@ -53090,7 +57616,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified event window.", + "description": "Grants permission to delete the specified event window", "privilege": "DeleteInstanceEventWindow", "resource_types": [ { @@ -53129,6 +57655,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53149,7 +57676,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "launch-template*" } ] }, @@ -53165,7 +57692,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "launch-template*" } ] }, @@ -53194,8 +57721,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "local-gateway-route-table-vpc-association*" @@ -53308,8 +57834,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -53327,9 +57851,18 @@ "privilege": "DeleteNetworkInterfacePermission", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AssociatePublicIpAddress", + "ec2:AuthorizedService", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "network-interface" } ] }, @@ -53339,9 +57872,14 @@ "privilege": "DeletePlacementGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupStrategy", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "placement-group" } ] }, @@ -53351,17 +57889,9 @@ "privilege": "DeleteQueuedReservedInstances", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances*" + "resource_type": "" } ] }, @@ -53506,14 +58036,17 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "client-vpn-endpoint" @@ -53530,11 +58063,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53562,7 +58090,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ElasticGpuType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53608,8 +58135,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:Public", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53628,12 +58153,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "image" @@ -53659,15 +58180,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "instance" @@ -53711,7 +58225,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53758,8 +58271,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "local-gateway-route-table-vpc-association" @@ -53795,8 +58307,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "network-acl" @@ -53804,13 +58315,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "network-interface" @@ -53818,7 +58324,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupStrategy", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -53846,12 +58351,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "reserved-instances" @@ -53860,8 +58361,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "route-table" @@ -53870,8 +58370,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group" @@ -53888,12 +58387,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "snapshot" @@ -53919,10 +58414,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet" @@ -54002,15 +58495,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "volume" @@ -54019,8 +58505,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc" @@ -54038,8 +58523,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service" @@ -54056,9 +58540,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", "ec2:Region", - "ec2:RequesterVpc", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -54067,25 +58549,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection" @@ -54222,7 +58687,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a transit gateway multicast domain", + "description": "Grants permission to delete a transit gateway multicast domain", "privilege": "DeleteTransitGatewayMulticastDomain", "resource_types": [ { @@ -54377,17 +58842,16 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint*" + "resource_type": "vpc-endpoint" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "resource_type": "vpc-endpoint-service" } ] }, @@ -54400,8 +58864,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -54451,25 +58914,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection*" @@ -54484,25 +58930,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection*" @@ -54577,8 +59006,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -54607,8 +59034,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -54659,9 +59084,16 @@ "privilege": "DescribeAddressesAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "elastic-ip" } ] }, @@ -54713,6 +59145,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Capacity Reservation Fleets", + "privilege": "DescribeCapacityReservationFleets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more Capacity Reservations", @@ -54755,9 +59199,19 @@ "privilege": "DescribeClientVpnAuthorizationRules", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "client-vpn-endpoint" } ] }, @@ -54767,9 +59221,19 @@ "privilege": "DescribeClientVpnConnections", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "client-vpn-endpoint" } ] }, @@ -54779,9 +59243,19 @@ "privilege": "DescribeClientVpnEndpoints", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "client-vpn-endpoint" } ] }, @@ -54791,9 +59265,19 @@ "privilege": "DescribeClientVpnRoutes", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "client-vpn-endpoint" } ] }, @@ -54803,9 +59287,19 @@ "privilege": "DescribeClientVpnTargetNetworks", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "client-vpn-endpoint" } ] }, @@ -54923,9 +59417,13 @@ "privilege": "DescribeFleetHistory", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" } ] }, @@ -54935,9 +59433,13 @@ "privilege": "DescribeFleetInstances", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" } ] }, @@ -54947,9 +59449,13 @@ "privilege": "DescribeFleets", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" } ] }, @@ -54971,9 +59477,16 @@ "privilege": "DescribeFpgaImageAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "fpga-image*" } ] }, @@ -55067,9 +59580,17 @@ "privilege": "DescribeImageAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "image" } ] }, @@ -55115,9 +59636,24 @@ "privilege": "DescribeInstanceAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceMarketType", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance" } ] }, @@ -55751,9 +60287,17 @@ "privilege": "DescribeStoreImageTasks", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "image" } ] }, @@ -56139,8 +60683,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -56198,8 +60746,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -56212,8 +60764,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -56251,8 +60801,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -56310,6 +60864,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", @@ -56447,6 +61003,9 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -56457,24 +61016,6 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Subnet", @@ -56534,8 +61075,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -56560,36 +61105,6 @@ ], "dependent_actions": [], "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "dedicated-host" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" } ] }, @@ -56718,9 +61233,14 @@ "privilege": "DisassociateVpcCidrBlock", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "vpc" } ] }, @@ -56744,6 +61264,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", @@ -56951,7 +61473,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "export-image-task*" }, { @@ -56975,13 +61499,9 @@ "privilege": "ExportTransitGatewayRoutes", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "" } ] }, @@ -57003,13 +61523,9 @@ "privilege": "GetAssociatedIpv6PoolCidrs", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv6pool-ec2*" + "resource_type": "" } ] }, @@ -57051,8 +61567,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57070,20 +61590,9 @@ "privilege": "GetConsoleScreenshot", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, @@ -57161,18 +61670,9 @@ "privilege": "GetHostReservationPurchasePreview", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-host*" + "resource_type": "" } ] }, @@ -57186,8 +61686,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57241,8 +61745,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57260,17 +61768,9 @@ "privilege": "GetReservedInstancesExchangeQuote", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances" + "resource_type": "" } ] }, @@ -57304,13 +61804,9 @@ "privilege": "GetTransitGatewayAttachmentPropagations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "resource_type": "" } ] }, @@ -57320,13 +61816,9 @@ "privilege": "GetTransitGatewayMulticastDomainAssociations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" + "resource_type": "" } ] }, @@ -57336,13 +61828,9 @@ "privilege": "GetTransitGatewayPrefixListReferences", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "" } ] }, @@ -57352,13 +61840,9 @@ "privilege": "GetTransitGatewayRouteTableAssociations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "" } ] }, @@ -57367,6 +61851,44 @@ "description": "Grants permission to get information about the route table propagations for a transit gateway route table", "privilege": "GetTransitGatewayRouteTablePropagations", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device", + "privilege": "GetVpnConnectionDeviceSampleConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:PreSharedKeys", + "ec2:Region", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ResourceTag/${TagKey}", + "ec2:RoutingType" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57374,7 +61896,19 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "vpn-connection-device-type" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to obtain a list of customer gateway devices for which sample configuration files can be provided", + "privilege": "GetVpnConnectionDeviceTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -57415,9 +61949,20 @@ "ec2:Region", "ec2:RootDeviceType" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "image*" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "import-image-task*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57438,6 +61983,38 @@ "description": "Grants permission to create an import instance task using metadata from a disk image", "privilege": "ImportInstance", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57470,10 +62047,11 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:KeyPairName", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "key-pair*" } ] @@ -57483,6 +62061,17 @@ "description": "Grants permission to import a disk into an EBS snapshot", "privilege": "ImportSnapshot", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "import-snapshot-task*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -57494,7 +62083,7 @@ "ec2:VolumeSize" ], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "snapshot*" } ] }, @@ -57504,9 +62093,20 @@ "privilege": "ImportVolume", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, @@ -57516,9 +62116,17 @@ "privilege": "ModifyAddressAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "elastic-ip*" } ] }, @@ -57543,6 +62151,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", + "ec2:CapacityReservationFleet", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -57551,6 +62160,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify a Capacity Reservation Fleet", + "privilege": "ModifyCapacityReservationFleet", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a Client VPN endpoint", @@ -57576,8 +62202,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group" @@ -57586,8 +62211,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc" @@ -57743,11 +62367,6 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -57812,8 +62431,12 @@ "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57862,8 +62485,12 @@ "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57895,8 +62522,12 @@ "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57917,15 +62548,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "instance*" @@ -57959,8 +62583,12 @@ "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57983,8 +62611,12 @@ "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -57997,11 +62629,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -58062,9 +62689,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", "ec2:Attribute/${AttributeName}", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58079,8 +62704,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58202,6 +62831,17 @@ ], "dependent_actions": [], "resource_type": "launch-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" } ] }, @@ -58381,10 +63021,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet" @@ -58476,8 +63114,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "route-table" @@ -58486,8 +63123,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "security-group" @@ -58495,10 +63131,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "subnet" @@ -58525,8 +63159,7 @@ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -58561,8 +63194,7 @@ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -58620,15 +63252,15 @@ "ec2:GatewayType", "ec2:IKEVersions", "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", @@ -58637,33 +63269,6 @@ ], "dependent_actions": [], "resource_type": "vpn-connection*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "customer-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway" } ] }, @@ -58676,25 +63281,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection*" @@ -58710,25 +63298,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute/${AttributeName}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpn-connection*" @@ -58749,15 +63320,15 @@ "ec2:GatewayType", "ec2:IKEVersions", "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", @@ -58779,8 +63350,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58824,15 +63399,12 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "dedicated-host*" } ] @@ -58843,17 +63415,9 @@ "privilege": "PurchaseReservedInstancesOffering", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances*" + "resource_type": "" } ] }, @@ -58879,8 +63443,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58898,9 +63466,30 @@ "privilege": "RegisterImage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" } ] }, @@ -58924,8 +63513,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58954,8 +63541,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -58981,17 +63566,6 @@ "description": "Grants permission to reject requests to associate cross-account subnets with a transit gateway multicast domain", "privilege": "RejectTransitGatewayMulticastDomainAssociations", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -59056,16 +63630,6 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" - ], - "dependent_actions": [], "resource_type": "vpc-endpoint-service*" } ] @@ -59096,6 +63660,9 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59112,11 +63679,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59135,8 +63697,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:NewInstanceProfile", "ec2:PlacementGroup", "ec2:Region", @@ -59236,8 +63802,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -59351,6 +63921,17 @@ ], "dependent_actions": [], "resource_type": "route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" } ] }, @@ -59385,20 +63966,9 @@ "privilege": "ReportInstanceStatus", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, @@ -59407,6 +63977,39 @@ "description": "Grants permission to create a Spot Fleet request", "privilege": "RequestSpotFleet", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -59416,6 +64019,16 @@ "dependent_actions": [], "resource_type": "launch-template" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupStrategy", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -59425,6 +64038,32 @@ ], "dependent_actions": [], "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" } ] }, @@ -59439,7 +64078,9 @@ "aws:TagKeys", "ec2:Region" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "spot-instances-request*" }, { @@ -59459,12 +64100,39 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "key-pair" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AssociatePublicIpAddress", + "ec2:AuthorizedService", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:Permission", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupStrategy", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -59475,6 +64143,21 @@ "dependent_actions": [], "resource_type": "security-group" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -59494,9 +64177,17 @@ "privilege": "ResetAddressAttribute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "elastic-ip*" } ] }, @@ -59520,6 +64211,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:Owner", "ec2:Public", "ec2:Region", @@ -59538,6 +64230,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ImageType", "ec2:Owner", "ec2:Public", @@ -59560,9 +64253,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:PlacementGroup", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", @@ -59581,8 +64277,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -59602,6 +64296,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", @@ -59707,13 +64402,17 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ImageType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Owner", "ec2:Public", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "image*" }, { @@ -59722,8 +64421,14 @@ "aws:TagKeys", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:RootDeviceType", @@ -59739,6 +64444,8 @@ "ec2:AssociatePublicIpAddress", "ec2:AuthorizedService", "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:Subnet", "ec2:Vpc" @@ -59749,6 +64456,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Vpc" @@ -59760,6 +64469,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Vpc" @@ -59773,6 +64484,8 @@ "aws:TagKeys", "ec2:AvailabilityZone", "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:ParentSnapshot", "ec2:Region", "ec2:VolumeIops", @@ -59786,6 +64499,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59796,6 +64511,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ElasticGpuType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59810,7 +64527,10 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59820,6 +64540,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59829,6 +64551,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:PlacementGroupStrategy", "ec2:Region", "ec2:ResourceTag/${TagKey}" @@ -59839,6 +64563,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", @@ -59873,6 +64599,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:KeyPairName", + "ec2:KeyPairType", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -59945,13 +64672,9 @@ "privilege": "SearchLocalGatewayRoutes", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "" } ] }, @@ -59961,13 +64684,9 @@ "privilege": "SearchTransitGatewayMulticastGroups", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" + "resource_type": "" } ] }, @@ -59997,9 +64716,38 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:PlacementGroup", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to interrupt a Spot Instance", + "privilege": "SendSpotInstanceInterruptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceMarketType", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", @@ -60020,6 +64768,7 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", "ec2:PlacementGroup", @@ -60044,7 +64793,9 @@ "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "network-insights-analysis*" }, { @@ -60067,8 +64818,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -60085,6 +64835,7 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", "ec2:PlacementGroup", @@ -60117,32 +64868,6 @@ ], "dependent_actions": [], "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", - "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" - ], - "dependent_actions": [], - "resource_type": "vpn-connection" } ] }, @@ -60156,8 +64881,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60177,8 +64906,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60198,8 +64925,6 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", "ec2:AvailabilityZone", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60221,8 +64946,12 @@ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60288,17 +65017,37 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:AllocationId", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], "resource": "elastic-ip" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-fleet/${CapacityReservationFleetId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "capacity-reservation-fleet" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation/${CapacityReservationId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", + "ec2:CapacityReservationFleet", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60328,6 +65077,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:ClientRootCertificateChainArn", "ec2:CloudwatchLogGroupArn", "ec2:CloudwatchLogStreamArn", @@ -60356,10 +65106,13 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AutoPlacement", "ec2:AvailabilityZone", "ec2:HostRecovery", "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Quantity", "ec2:Region", "ec2:ResourceTag/${TagKey}" @@ -60395,6 +65148,8 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:ElasticGpuType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60433,6 +65188,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60444,6 +65200,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Owner", "ec2:Public", "ec2:Region", @@ -60468,7 +65225,10 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:ImageType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Owner", "ec2:Public", "ec2:Region", @@ -60516,10 +65276,18 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceMarketType", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", "ec2:PlacementGroup", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60567,7 +65335,10 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:IsLaunchTemplateResource", "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60579,6 +65350,9 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60613,8 +65387,7 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "resource": "local-gateway-route-table-vpc-association" }, @@ -60703,8 +65476,13 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AssociatePublicIpAddress", + "ec2:Attribute/${AttributeName}", "ec2:AuthorizedService", + "ec2:AuthorizedUser", "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Permission", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Subnet", @@ -60718,6 +65496,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:PlacementGroupStrategy", "ec2:Region", "ec2:ResourceTag/${TagKey}" @@ -60730,6 +65510,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60752,6 +65533,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:InstanceType", "ec2:Region", @@ -60784,6 +65566,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Vpc" @@ -60807,6 +65591,11 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:OutpostArn", "ec2:Owner", "ec2:ParentVolume", @@ -60824,6 +65613,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60846,7 +65636,10 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Vpc" @@ -60859,6 +65652,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60867,6 +65661,7 @@ { "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter-rule/${TrafficMirrorFilterRuleId}", "condition_keys": [ + "ec2:Attribute/${AttributeName}", "ec2:Region" ], "resource": "traffic-mirror-filter-rule" @@ -60877,6 +65672,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60899,6 +65695,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60921,6 +65718,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60943,6 +65741,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -60954,8 +65753,12 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:KmsKeyId", + "ec2:LaunchTemplate", "ec2:ParentSnapshot", "ec2:Region", "ec2:ResourceTag/${TagKey}", @@ -60972,8 +65775,11 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServiceName", + "ec2:VpceServiceOwner" ], "resource": "vpc-endpoint" }, @@ -60983,6 +65789,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:VpceServicePrivateDnsName" @@ -61006,6 +65813,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Tenancy" @@ -61019,32 +65827,45 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AccepterVpc", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:RequesterVpc", "ec2:ResourceTag/${TagKey}" ], "resource": "vpc-peering-connection" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection-device-type/${VpnConnectionDeviceTypeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "vpn-connection-device-type" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection/${VpnConnectionId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:AuthenticationType", "ec2:DPDTimeoutSeconds", "ec2:GatewayType", "ec2:IKEVersions", "ec2:InsideTunnelCidr", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", @@ -61215,22 +66036,22 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the tags", + "description": "Filters access by the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request", + "description": "Filters access by the presence of mandatory tags in the request", "type": "String" }, { "condition": "ecr:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by tag-value associated with the resource", "type": "String" } ], @@ -61272,6 +66093,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve repository scanning configuration for a list of repositories", + "privilege": "BatchGetRepositoryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed", @@ -61284,6 +66117,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create new pull-through cache rule", + "privilege": "CreatePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an image repository", @@ -61318,6 +66163,18 @@ }, { "access_level": "Write", + "description": "Grants permission to delete the pull-through cache rule", + "privilege": "DeletePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", "description": "Grants permission to delete the registry policy", "privilege": "DeleteRegistryPolicy", "resource_types": [ @@ -61341,7 +66198,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to delete the repository policy from a specified repository", "privilege": "DeleteRepositoryPolicy", "resource_types": [ @@ -61352,6 +66209,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve replication status about an image in a registry, including failure reason if replication fails", + "privilege": "DescribeImageReplicationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the image scan findings for the specified image", @@ -61365,7 +66234,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date", "privilege": "DescribeImages", "resource_types": [ @@ -61376,6 +66245,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe the pull-through cache rules", + "privilege": "DescribePullThroughCacheRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the registry settings", @@ -61389,7 +66270,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to describe image repositories in a registry", "privilege": "DescribeRepositories", "resource_types": [ @@ -61460,6 +66341,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve registry scanning configuration", + "privilege": "GetRegistryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the repository policy for a specified repository", @@ -61497,7 +66390,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list the tags for an Amazon ECR resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -61557,7 +66450,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to update the registry policy", "privilege": "PutRegistryPolicy", "resource_types": [ @@ -61568,6 +66461,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update registry scanning configuration", + "privilege": "PutRegistryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the replication configuration for the registry", @@ -63276,6 +68181,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeregisterCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve descriptive information about an Amazon EKS add-on", @@ -63788,7 +68705,7 @@ { "condition": "aws:TagKeys", "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" + "type": "ArrayOfString" }, { "condition": "elasticache:AtRestEncryptionEnabled", @@ -64627,7 +69544,7 @@ }, { "access_level": "List", - "description": "Grants permission list available cache engines and their versions", + "description": "Grants permission to list available cache engines and their versions", "privilege": "DescribeCacheEngineVersions", "resource_types": [ { @@ -67993,27 +72910,27 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on whether the tag and value pair is provided with the action", + "description": "Filters access by whether the tag and value pair is provided with the action", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tag and value pair associated with an Amazon EMR resource", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on whether the tag keys are provided with the action regardless of tag value", + "description": "Filters access by whether the tag keys are provided with the action regardless of tag value", "type": "String" }, { "condition": "elasticmapreduce:RequestTag/${TagKey}", - "description": "Filters actions based on whether the tag and value pair is provided with the action", + "description": "Filters access by whether the tag and value pair is provided with the action", "type": "String" }, { "condition": "elasticmapreduce:ResourceTag/${TagKey}", - "description": "Filters actions based on the tag and value pair associated with an Amazon EMR resource", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", "type": "String" } ], @@ -68021,7 +72938,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to add an instance fleet to a running cluster.", + "description": "Grants permission to add an instance fleet to a running cluster", "privilege": "AddInstanceFleet", "resource_types": [ { @@ -68033,7 +72950,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add instance groups to a running cluster.", + "description": "Grants permission to add instance groups to a running cluster", "privilege": "AddInstanceGroups", "resource_types": [ { @@ -68045,7 +72962,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add new steps to a running cluster.", + "description": "Grants permission to add new steps to a running cluster", "privilege": "AddJobFlowSteps", "resource_types": [ { @@ -68057,7 +72974,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon EMR resource.", + "description": "Grants permission to add tags to an Amazon EMR resource", "privilege": "AddTags", "resource_types": [ { @@ -68083,7 +73000,19 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel a pending step or steps in a running cluster.", + "description": "Grants permission to attach an EMR notebook to a compute engine", + "privilege": "AttachEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a pending step or steps in a running cluster", "privilege": "CancelSteps", "resource_types": [ { @@ -68095,7 +73024,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an EMR notebook.", + "description": "Grants permission to create an EMR notebook", "privilege": "CreateEditor", "resource_types": [ { @@ -68116,7 +73045,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create an EMR Notebook repository", + "description": "Grants permission to create a persistent application history server", + "privilege": "CreatePersistentAppUI", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR notebook repository", "privilege": "CreateRepository", "resource_types": [ { @@ -68128,7 +73069,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a security configuration.", + "description": "Grants permission to create a security configuration", "privilege": "CreateSecurityConfiguration", "resource_types": [ { @@ -68140,7 +73081,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an EMR studio.", + "description": "Grants permission to create an EMR Studio", "privilege": "CreateStudio", "resource_types": [ { @@ -68156,7 +73097,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create an EMR studio session mapping.", + "description": "Grants permission to launch an EMR Studio using IAM authentication mode", + "privilege": "CreateStudioPresignedUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR Studio session mapping", "privilege": "CreateStudioSessionMapping", "resource_types": [ { @@ -68168,7 +73121,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EMR notebook.", + "description": "Grants permission to delete an EMR notebook", "privilege": "DeleteEditor", "resource_types": [ { @@ -68180,7 +73133,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EMR Notebook repository.", + "description": "Grants permission to delete an EMR notebook repository", "privilege": "DeleteRepository", "resource_types": [ { @@ -68192,7 +73145,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a security configuration.", + "description": "Grants permission to delete a security configuration", "privilege": "DeleteSecurityConfiguration", "resource_types": [ { @@ -68204,7 +73157,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EMR studio.", + "description": "Grants permission to delete an EMR Studio", "privilege": "DeleteStudio", "resource_types": [ { @@ -68216,7 +73169,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EMR studio session mapping.", + "description": "Grants permission to delete an EMR Studio session mapping", "privilege": "DeleteStudioSessionMapping", "resource_types": [ { @@ -68228,7 +73181,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on.", + "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on", "privilege": "DescribeCluster", "resource_types": [ { @@ -68240,7 +73193,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more.", + "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more", "privilege": "DescribeEditor", "resource_types": [ { @@ -68252,7 +73205,7 @@ }, { "access_level": "Read", - "description": "This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead.", + "description": "Grants permission to describe details of clusters (job flows). This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead", "privilege": "DescribeJobFlows", "resource_types": [ { @@ -68264,7 +73217,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about a notebook execution.", + "description": "Grants permission to view information about a notebook execution", "privilege": "DescribeNotebookExecution", "resource_types": [ { @@ -68275,8 +73228,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe a persistent application history server", + "privilege": "DescribePersistentAppUI", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about an EMR release, such as which applications are supported", "privilege": "DescribeReleaseLabel", "resource_types": [ { @@ -68288,7 +73253,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe an EMR Notebook repository.", + "description": "Grants permission to describe an EMR notebook repository", "privilege": "DescribeRepository", "resource_types": [ { @@ -68300,7 +73265,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details of a security configuration.", + "description": "Grants permission to get details of a security configuration", "privilege": "DescribeSecurityConfiguration", "resource_types": [ { @@ -68312,7 +73277,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about a cluster step.", + "description": "Grants permission to get details about a cluster step", "privilege": "DescribeStep", "resource_types": [ { @@ -68324,7 +73289,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about an EMR studio.", + "description": "Grants permission to view information about an EMR Studio", "privilege": "DescribeStudio", "resource_types": [ { @@ -68335,20 +73300,32 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to detach an EMR notebook from a compute engine", + "privilege": "DetachEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the auto-termination policy associated with a cluster", "privilege": "GetAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region.", + "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region", "privilege": "GetBlockPublicAccessConfiguration", "resource_types": [ { @@ -68360,7 +73337,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the managed scaling policy associated with a cluster.", + "description": "Grants permission to retrieve the managed scaling policy associated with a cluster", "privilege": "GetManagedScalingPolicy", "resource_types": [ { @@ -68370,9 +73347,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to get a presigned URL for an application history server running on the cluster", + "privilege": "GetOnClusterAppUIPresignedURL", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to get a presigned URL for a persistent application history server", + "privilege": "GetPersistentAppUIPresignedURL", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to view information about an EMR studio session mapping.", + "description": "Grants permission to view information about an EMR Studio session mapping", "privilege": "GetStudioSessionMapping", "resource_types": [ { @@ -68384,7 +73385,7 @@ }, { "access_level": "Write", - "description": "Grants permission to link an EMR Notebook repository to EMR notebooks.", + "description": "Grants permission to link an EMR notebook repository to EMR notebooks", "privilege": "LinkRepository", "resource_types": [ { @@ -68396,7 +73397,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about the bootstrap actions associated with a cluster.", + "description": "Grants permission to get details about the bootstrap actions associated with a cluster", "privilege": "ListBootstrapActions", "resource_types": [ { @@ -68408,7 +73409,7 @@ }, { "access_level": "List", - "description": "Grants permission to get the status of accessible clusters.", + "description": "Grants permission to get the status of accessible clusters", "privilege": "ListClusters", "resource_types": [ { @@ -68420,7 +73421,7 @@ }, { "access_level": "List", - "description": "Grants permission to list summary information for accessible EMR notebooks.", + "description": "Grants permission to list summary information for accessible EMR notebooks", "privilege": "ListEditors", "resource_types": [ { @@ -68432,7 +73433,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details of instance fleets in a cluster.", + "description": "Grants permission to get details of instance fleets in a cluster", "privilege": "ListInstanceFleets", "resource_types": [ { @@ -68444,7 +73445,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details of instance groups in a cluster.", + "description": "Grants permission to get details of instance groups in a cluster", "privilege": "ListInstanceGroups", "resource_types": [ { @@ -68456,7 +73457,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about the Amazon EC2 instances in a cluster.", + "description": "Grants permission to get details about the Amazon EC2 instances in a cluster", "privilege": "ListInstances", "resource_types": [ { @@ -68468,7 +73469,7 @@ }, { "access_level": "List", - "description": "Grants permission to list summary information for notebook executions.", + "description": "Grants permission to list summary information for notebook executions", "privilege": "ListNotebookExecutions", "resource_types": [ { @@ -68479,8 +73480,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list and filter the available EMR releases in the current region", "privilege": "ListReleaseLabels", "resource_types": [ { @@ -68492,7 +73493,7 @@ }, { "access_level": "List", - "description": "Grants permission to list existing EMR Notebook repositories.", + "description": "Grants permission to list existing EMR notebook repositories", "privilege": "ListRepositories", "resource_types": [ { @@ -68504,7 +73505,7 @@ }, { "access_level": "List", - "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times.", + "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times", "privilege": "ListSecurityConfigurations", "resource_types": [ { @@ -68516,7 +73517,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list steps associated with a cluster.", + "description": "Grants permission to list steps associated with a cluster", "privilege": "ListSteps", "resource_types": [ { @@ -68528,7 +73529,7 @@ }, { "access_level": "List", - "description": "Grants permission to list summary information about EMR studio session mappings.", + "description": "Grants permission to list summary information about EMR Studio session mappings", "privilege": "ListStudioSessionMappings", "resource_types": [ { @@ -68540,7 +73541,7 @@ }, { "access_level": "List", - "description": "Grants permission to list summary information about EMR studios.", + "description": "Grants permission to list summary information about EMR Studios", "privilege": "ListStudios", "resource_types": [ { @@ -68552,7 +73553,7 @@ }, { "access_level": "Write", - "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster.", + "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster", "privilege": "ModifyCluster", "resource_types": [ { @@ -68564,7 +73565,7 @@ }, { "access_level": "Write", - "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet.", + "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet", "privilege": "ModifyInstanceFleet", "resource_types": [ { @@ -68576,7 +73577,7 @@ }, { "access_level": "Write", - "description": "Grants permission to change the number and configuration of EC2 instances for an instance group.", + "description": "Grants permission to change the number and configuration of EC2 instances for an instance group", "privilege": "ModifyInstanceGroups", "resource_types": [ { @@ -68588,7 +73589,7 @@ }, { "access_level": "Write", - "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console.", + "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console", "privilege": "OpenEditorInConsole", "resource_types": [ { @@ -68605,7 +73606,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group.", + "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group", "privilege": "PutAutoScalingPolicy", "resource_types": [ { @@ -68616,20 +73617,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to create or update the auto-termination policy associated with a cluster", "privilege": "PutAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region.", + "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region", "privilege": "PutBlockPublicAccessConfiguration", "resource_types": [ { @@ -68641,7 +73642,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update the managed scaling policy associated with a cluster.", + "description": "Grants permission to create or update the managed scaling policy associated with a cluster", "privilege": "PutManagedScalingPolicy", "resource_types": [ { @@ -68653,7 +73654,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove an automatic scaling policy from an instance group.", + "description": "Grants permission to remove an automatic scaling policy from an instance group", "privilege": "RemoveAutoScalingPolicy", "resource_types": [ { @@ -68664,20 +73665,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to remove the auto-termination policy associated with a cluster", "privilege": "RemoveAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the managed scaling policy associated with a cluster.", + "description": "Grants permission to remove the managed scaling policy associated with a cluster", "privilege": "RemoveManagedScalingPolicy", "resource_types": [ { @@ -68689,7 +73690,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon EMR resource.", + "description": "Grants permission to remove tags from an Amazon EMR resource", "privilege": "RemoveTags", "resource_types": [ { @@ -68713,7 +73714,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create and launch a cluster (job flow).", + "description": "Grants permission to create and launch a cluster (job flow)", "privilege": "RunJobFlow", "resource_types": [ { @@ -68729,7 +73730,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add and remove termination protection for a cluster.", + "description": "Grants permission to add and remove termination protection for a cluster", "privilege": "SetTerminationProtection", "resource_types": [ { @@ -68753,7 +73754,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start an EMR notebook.", + "description": "Grants permission to start an EMR notebook", "privilege": "StartEditor", "resource_types": [ { @@ -68770,7 +73771,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start an EMR notebook execution.", + "description": "Grants permission to start an EMR notebook execution", "privilege": "StartNotebookExecution", "resource_types": [ { @@ -68796,7 +73797,7 @@ }, { "access_level": "Write", - "description": "Grants permission to shut down an EMR notebook.", + "description": "Grants permission to shut down an EMR notebook", "privilege": "StopEditor", "resource_types": [ { @@ -68808,7 +73809,7 @@ }, { "access_level": "Write", - "description": "Grants permission to stop notebook execution.", + "description": "Grants permission to stop notebook execution", "privilege": "StopNotebookExecution", "resource_types": [ { @@ -68820,7 +73821,7 @@ }, { "access_level": "Write", - "description": "Grants permission to terminate a cluster (job flow).", + "description": "Grants permission to terminate a cluster (job flow)", "privilege": "TerminateJobFlows", "resource_types": [ { @@ -68832,7 +73833,7 @@ }, { "access_level": "Write", - "description": "Grants permission to unlink an EMR Notebook repository from EMR notebooks.", + "description": "Grants permission to unlink an EMR notebook repository from EMR notebooks", "privilege": "UnlinkRepository", "resource_types": [ { @@ -68844,7 +73845,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an EMR Notebook repository.", + "description": "Grants permission to update an EMR notebook repository", "privilege": "UpdateRepository", "resource_types": [ { @@ -68856,7 +73857,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about an EMR studio.", + "description": "Grants permission to update information about an EMR Studio", "privilege": "UpdateStudio", "resource_types": [ { @@ -68868,7 +73869,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an EMR studio session mapping.", + "description": "Grants permission to update an EMR Studio session mapping", "privilege": "UpdateStudioSessionMapping", "resource_types": [ { @@ -68880,7 +73881,7 @@ }, { "access_level": "List", - "description": "Grants permission to use the EMR management console to view events from all clusters.", + "description": "Grants permission to use the EMR console to view events from all clusters", "privilege": "ViewEventsFromAllClustersInConsole", "resource_types": [ { @@ -69885,7 +74886,7 @@ }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request", + "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request. This permission is deprecated. Use AcceptInboundConnection instead", "privilege": "AcceptInboundCrossClusterSearchConnection", "resource_types": [ { @@ -69897,7 +74898,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an Amazon OpenSearch domain", + "description": "Grants permission to attach resource tags to an OpenSearch Service domain", "privilege": "AddTags", "resource_types": [ { @@ -69917,7 +74918,7 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a package with an Amazon ES domain", + "description": "Grants permission to associate a package with an OpenSearch Service domain", "privilege": "AssociatePackage", "resource_types": [ { @@ -69929,7 +74930,7 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel elastic search software update of a domain to given version", + "description": "Grants permission to cancel a service software update of a domain. This permission is deprecated. Use CancelServiceSoftwareUpdate instead", "privilege": "CancelElasticsearchServiceSoftwareUpdate", "resource_types": [ { @@ -69941,7 +74942,7 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel OpenSearch software update of a domain to given version", + "description": "Grants permission to cancel a service software update of a domain", "privilege": "CancelServiceSoftwareUpdate", "resource_types": [ { @@ -69973,7 +74974,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon OpenSearch domain", + "description": "Grants permission to create an OpenSearch Service domain. This permission is deprecated. Use CreateDomain instead", "privilege": "CreateElasticsearchDomain", "resource_types": [ { @@ -69993,7 +74994,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create the service-linked role required for Amazon OpenSearch domains that use VPC access", + "description": "Grants permission to create the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. OpenSearch Service creates the service-linked role for you", "privilege": "CreateElasticsearchServiceRole", "resource_types": [ { @@ -70017,7 +75018,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain", + "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain. This permission is deprecated. Use CreateOutboundConnection instead", "privilege": "CreateOutboundCrossClusterSearchConnection", "resource_types": [ { @@ -70029,7 +75030,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add a package for use with Amazon ES domains", + "description": "Grants permission to add a package for use with OpenSearch Service domains", "privilege": "CreatePackage", "resource_types": [ { @@ -70041,7 +75042,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create the service-linked role required for Amazon OpenSearch domains that use VPC access", + "description": "Grants permission to create the service-linked role required for Amazon OpenSearch Service domains that use VPC access", "privilege": "CreateServiceRole", "resource_types": [ { @@ -70053,7 +75054,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch domain and all of its data", + "description": "Grants permission to delete an Amazon OpenSearch Service domain and all of its data", "privilege": "DeleteDomain", "resource_types": [ { @@ -70065,7 +75066,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch domain and all of its data", + "description": "Grants permission to delete an OpenSearch Service domain and all of its data. This permission is deprecated. Use DeleteDomain instead", "privilege": "DeleteElasticsearchDomain", "resource_types": [ { @@ -70077,7 +75078,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the service-linked role required for Amazon OpenSearch domains that use VPC access", + "description": "Grants permission to delete the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. Use the IAM API to delete service-linked roles", "privilege": "DeleteElasticsearchServiceRole", "resource_types": [ { @@ -70101,7 +75102,7 @@ }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection", + "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection. This permission is deprecated. Use DeleteInboundConnection instead", "privilege": "DeleteInboundCrossClusterSearchConnection", "resource_types": [ { @@ -70125,7 +75126,7 @@ }, { "access_level": "Write", - "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection", + "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection. This permission is deprecated. Use DeleteOutboundConnection instead", "privilege": "DeleteOutboundCrossClusterSearchConnection", "resource_types": [ { @@ -70137,7 +75138,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a package from Amazon ES. The package must not be associated with any Amazon ES domain", + "description": "Grants permission to delete a package from OpenSearch Service. The package cannot be associated with any domains", "privilege": "DeletePackage", "resource_types": [ { @@ -70149,7 +75150,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified Amazon OpenSearch domain, including the domain ID, domain service endpoint, and domain ARN", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN", "privilege": "DescribeDomain", "resource_types": [ { @@ -70161,7 +75162,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the AutoTune configuration of the domain for the specified Amazon OpenSearch domain, including the AutoTune state and maintenance schedules", + "description": "Grants permission to view the Auto-Tune configuration of the domain for the specified OpenSearch Service domain, including the Auto-Tune state and maintenance schedules", "privilege": "DescribeDomainAutoTunes", "resource_types": [ { @@ -70173,7 +75174,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view a description of the configuration options and status of an Amazon OpenSearch domain", + "description": "Grants permission to view a description of the configuration options and status of an OpenSearch Service domain", "privilege": "DescribeDomainConfig", "resource_types": [ { @@ -70185,7 +75186,7 @@ }, { "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domain", + "description": "Grants permission to view a description of the domain configuration for up to five specified OpenSearch Service domains", "privilege": "DescribeDomains", "resource_types": [ { @@ -70197,7 +75198,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified Amazon OpenSearch domain, including the domain ID, domain service endpoint, and domain ARN", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN. This permission is deprecated. Use DescribeDomain instead", "privilege": "DescribeElasticsearchDomain", "resource_types": [ { @@ -70209,7 +75210,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view a description of the configuration options and status of an Amazon OpenSearch domain", + "description": "Grants permission to view a description of the configuration and status of an OpenSearch Service domain. This permission is deprecated. Use DescribeDomainConfig instead", "privilege": "DescribeElasticsearchDomainConfig", "resource_types": [ { @@ -70221,7 +75222,7 @@ }, { "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains", + "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains. This permission is deprecated. Use DescribeDomains instead", "privilege": "DescribeElasticsearchDomains", "resource_types": [ { @@ -70233,7 +75234,7 @@ }, { "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type", + "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type. This permission is deprecated. Use DescribeInstanceTypeLimits instead", "privilege": "DescribeElasticsearchInstanceTypeLimits", "resource_types": [ { @@ -70257,7 +75258,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain", + "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain. This permission is deprecated. Use DescribeInboundConnections instead", "privilege": "DescribeInboundCrossClusterSearchConnections", "resource_types": [ { @@ -70269,7 +75270,7 @@ }, { "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type", + "description": "Grants permission to view the instance count, storage, and master node limits for a given engine version and instance type", "privilege": "DescribeInstanceTypeLimits", "resource_types": [ { @@ -70293,7 +75294,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain", + "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain. This permission is deprecated. Use DescribeOutboundConnections instead", "privilege": "DescribeOutboundCrossClusterSearchConnections", "resource_types": [ { @@ -70305,7 +75306,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe all packages available to Amazon ES domain", + "description": "Grants permission to describe all packages available to OpenSearch Service domains", "privilege": "DescribePackages", "resource_types": [ { @@ -70317,7 +75318,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch reserved instance offerings for OpenSearch", + "description": "Grants permission to fetch Reserved Instance offerings for Amazon OpenSearch Service. This permission is deprecated. Use DescribeReservedInstanceOfferings instead", "privilege": "DescribeReservedElasticsearchInstanceOfferings", "resource_types": [ { @@ -70329,7 +75330,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch OpenSearch reserved instances already purchased by customer", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased. This permission is deprecated. Use DescribeReservedInstances instead", "privilege": "DescribeReservedElasticsearchInstances", "resource_types": [ { @@ -70341,7 +75342,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch reserved instance offerings for OpenSearch", + "description": "Grants permission to fetch Reserved Instance offerings for OpenSearch Service", "privilege": "DescribeReservedInstanceOfferings", "resource_types": [ { @@ -70353,7 +75354,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch OpenSearch reserved instances already purchased by customer", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased", "privilege": "DescribeReservedInstances", "resource_types": [ { @@ -70365,7 +75366,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove a package from the specified Amazon ES domain", + "description": "Grants permission to disassociate a package from the specified OpenSearch Service domain", "privilege": "DissociatePackage", "resource_types": [ { @@ -70461,7 +75462,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch list of compatible elastic search versions to which Amazon OpenSearch domain can be upgraded", + "description": "Grants permission to fetch a list of compatible OpenSearch and Elasticsearch versions to which an OpenSearch Service domain can be upgraded. This permission is deprecated. Use GetCompatibleVersions instead", "privilege": "GetCompatibleElasticsearchVersions", "resource_types": [ { @@ -70473,7 +75474,7 @@ }, { "access_level": "List", - "description": "Grants permission to fetch list of compatible OpenSearch versions to which Amazon OpenSearch domain can be upgraded", + "description": "Grants permission to fetch list of compatible engine versions to which an OpenSearch Service domain can be upgraded", "privilege": "GetCompatibleVersions", "resource_types": [ { @@ -70497,7 +75498,7 @@ }, { "access_level": "Read", - "description": "Grants permission to fetch upgrade history for given OpenSearch domain", + "description": "Grants permission to fetch the upgrade history of a given OpenSearch Service domain", "privilege": "GetUpgradeHistory", "resource_types": [ { @@ -70509,7 +75510,7 @@ }, { "access_level": "Read", - "description": "Grants permission to fetch upgrade status for given OpenSearch domain", + "description": "Grants permission to fetch the upgrade status of a given OpenSearch Service domain", "privilege": "GetUpgradeStatus", "resource_types": [ { @@ -70521,7 +75522,7 @@ }, { "access_level": "List", - "description": "Grants permission to display the names of all Amazon OpenSearch domains that the current user owns", + "description": "Grants permission to display the names of all OpenSearch Service domains that the current user owns", "privilege": "ListDomainNames", "resource_types": [ { @@ -70533,7 +75534,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all Amazon ES domains that a package is associated with", + "description": "Grants permission to list all OpenSearch Service domains that a package is associated with", "privilege": "ListDomainsForPackage", "resource_types": [ { @@ -70545,7 +75546,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch version", + "description": "Grants permission to list all instance types and available features for a given OpenSearch version. This permission is deprecated. Use ListInstanceTypeDetails instead", "privilege": "ListElasticsearchInstanceTypeDetails", "resource_types": [ { @@ -70557,7 +75558,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all OpenSearch instance types that are supported for a given OpenSearch version", + "description": "Grants permission to list all EC2 instance types that are supported for a given OpenSearch version", "privilege": "ListElasticsearchInstanceTypes", "resource_types": [ { @@ -70569,7 +75570,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch", + "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch Service. This permission is deprecated. Use ListVersions instead", "privilege": "ListElasticsearchVersions", "resource_types": [ { @@ -70581,7 +75582,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch version", + "description": "Grants permission to list all instance types and available features for a given OpenSearch or Elasticsearch version", "privilege": "ListInstanceTypeDetails", "resource_types": [ { @@ -70593,19 +75594,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all OpenSearch instance types that are supported for a given OpenSearch version", - "privilege": "ListInstanceTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all packages associated with the Amazon ES domain", + "description": "Grants permission to list all packages associated with the OpenSearch Service domain", "privilege": "ListPackagesForDomain", "resource_types": [ { @@ -70617,7 +75606,7 @@ }, { "access_level": "Read", - "description": "Grants permission to display all of the tags for an Amazon OpenSearch domain", + "description": "Grants permission to display all resource tags for an OpenSearch Service domain", "privilege": "ListTags", "resource_types": [ { @@ -70629,7 +75618,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch", + "description": "Grants permission to list all supported OpenSearch and Elasticsearch versions in Amazon OpenSearch Service", "privilege": "ListVersions", "resource_types": [ { @@ -70641,7 +75630,7 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase OpenSearch reserved instances", + "description": "Grants permission to purchase OpenSearch Service Reserved Instances. This permission is deprecated. Use PurchaseReservedInstanceOffering instead", "privilege": "PurchaseReservedElasticsearchInstanceOffering", "resource_types": [ { @@ -70677,7 +75666,7 @@ }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request", + "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request. This permission is deprecated. Use RejectInboundConnection instead", "privilege": "RejectInboundCrossClusterSearchConnection", "resource_types": [ { @@ -70689,7 +75678,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from Amazon OpenSearch domains", + "description": "Grants permission to remove resource tags from an OpenSearch Service domain", "privilege": "RemoveTags", "resource_types": [ { @@ -70708,7 +75697,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start elastic search software update of a domain to given version", + "description": "Grants permission to start a service software update of a domain. This permission is deprecated. Use StartServiceSoftwareUpdate instead", "privilege": "StartElasticsearchServiceSoftwareUpdate", "resource_types": [ { @@ -70720,7 +75709,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start OpenSearch software update of a domain to given version", + "description": "Grants permission to start a service software update of a domain", "privilege": "StartServiceSoftwareUpdate", "resource_types": [ { @@ -70732,7 +75721,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an Amazon OpenSearch domain, such as the instance type or number of instances", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances", "privilege": "UpdateDomainConfig", "resource_types": [ { @@ -70744,7 +75733,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an Amazon OpenSearch domain, such as the instance type or number of instances", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances. This permission is deprecated. Use UpdateDomainConfig instead", "privilege": "UpdateElasticsearchDomainConfig", "resource_types": [ { @@ -70756,7 +75745,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update a package for use with Amazon ES domains", + "description": "Grants permission to update a package for use with OpenSearch Service domains", "privilege": "UpdatePackage", "resource_types": [ { @@ -70768,7 +75757,7 @@ }, { "access_level": "Write", - "description": "Grants permission to initiate upgrade of open search domain to given version", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a given version", "privilege": "UpgradeDomain", "resource_types": [ { @@ -70780,7 +75769,7 @@ }, { "access_level": "Write", - "description": "Grants permission to initiate upgrade of elastic search domain to given version", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a specified version. This permission is deprecated. Use UpgradeDomain instead", "privilege": "UpgradeElasticsearchDomain", "resource_types": [ { @@ -70800,7 +75789,7 @@ "resource": "domain" }, { - "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService", + "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -70820,73 +75809,73 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access to event bus and rule actions based on the allowed set of values for each of the tags", + "description": "Filters access by the allowed set of values for each of the tags to event bus and rule actions", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access to event bus and rule actions based on tag-value associated with the resource", + "description": "Filters access by tag-value associated with the resource to event bus and rule actions", "type": "String" }, { "condition": "aws:SourceAccount", - "description": "Filters access to PutEvents actions based on whether the source of the request comes from a specific account", + "description": "Filters access by the source account of the request to PutEvents actions", "type": "String" }, { "condition": "aws:SourceArn", - "description": "Filters access to PutEvents actions based on the Amazon Resource Name (ARN) of the source making the request", + "description": "Filters access by the Amazon Resource Name (ARN) of the source making the request to PutEvents actions", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access to event bus and rule actions based on the presence of mandatory tags in the request", + "description": "Filters access by the tags in the request to event bus and rule actions", "type": "String" }, { "condition": "events:ManagedBy", - "description": "Used internally by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", + "description": "Filters access by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", "type": "String" }, { "condition": "events:TargetArn", - "description": "Filters access to PutTargets actions based on the ARN of a target that can be put to a rule", + "description": "Filters access by the ARN of a target that can be put to a rule to PutTargets actions", "type": "ARN" }, { "condition": "events:creatorAccount", - "description": "Filters access to rule actions based on the account the rule was created in", + "description": "Filters access by the account the rule was created in to rule actions", "type": "String" }, { "condition": "events:detail-type", - "description": "Filters access to PutEvents and PutRule actions based on the literal string of the detail-type of the event", + "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions", "type": "String" }, { "condition": "events:detail.eventTypeCode", - "description": "Filters access to PutRule actions based on the literal string for the detail.eventTypeCode field of the event", + "description": "Filters access by the literal string for the detail.eventTypeCode field of the event to PutRule actions", "type": "String" }, { "condition": "events:detail.service", - "description": "Filters access to PutRule actions based on the literal string for the detail.service field of the event", + "description": "Filters access by the literal string for the detail.service field of the event to PutRule actions", "type": "String" }, { "condition": "events:detail.userIdentity.principalId", - "description": "Filters access to PutRule actions based on the literal string for the detail.useridentity.principalid field of the event", + "description": "Filters access by the literal string for the detail.useridentity.principalid field of the event to PutRule actions", "type": "String" }, { "condition": "events:eventBusInvocation", - "description": "Filters access to PutEvents actions based on whether the event was generated via API or cross-account bus invocation", + "description": "Filters access by whether the event was generated via API or cross-account bus invocation to PutEvents actions", "type": "String" }, { "condition": "events:source", - "description": "Filters access to PutEvents and PutRule actions based on the AWS service or AWS partner event source that generated the event. Matches the literal string of the source field of the event", - "type": "String" + "description": "Filters access by the AWS service or AWS partner event source that generated the event to PutEvents and PutRule actions. Matches the literal string of the source field of the event", + "type": "ArrayOfString" } ], "prefix": "events", @@ -71084,7 +76073,8 @@ }, { "condition_keys": [ - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71211,7 +76201,8 @@ }, { "condition_keys": [ - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71220,7 +76211,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to enable rules", + "description": "Grants permission to enable rules", "privilege": "EnableRule", "resource_types": [ { @@ -71230,7 +76221,8 @@ }, { "condition_keys": [ - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71478,7 +76470,8 @@ "events:detail.eventTypeCode", "aws:RequestTag/${TagKey}", "aws:TagKeys", - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71498,7 +76491,8 @@ { "condition_keys": [ "events:TargetArn", - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71529,7 +76523,8 @@ }, { "condition_keys": [ - "events:creatorAccount" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -71576,7 +76571,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to test whether an event pattern matches the provided event", + "description": "Grants permission to test whether an event pattern matches the provided event", "privilege": "TestEventPattern", "resource_types": [ { @@ -71691,6 +76686,431 @@ ], "service_name": "Amazon EventBridge" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", + "type": "String" + } + ], + "prefix": "evidently", + "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "BatchEvaluateFeature", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an experiment", + "privilege": "CreateExperiment", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a feature", + "privilege": "CreateFeature", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a launch", + "privilege": "CreateLaunch", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a project", + "privilege": "CreateProject", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an experiment", + "privilege": "DeleteExperiment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a feature", + "privilege": "DeleteFeature", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a launch", + "privilege": "DeleteLaunch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "EvaluateFeature", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get experiment details", + "privilege": "GetExperiment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get experiment result", + "privilege": "GetExperimentResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get feature details", + "privilege": "GetFeature", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get launch details", + "privilege": "GetLaunch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get project details", + "privilege": "GetProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list experiments", + "privilege": "ListExperiments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list features", + "privilege": "ListFeatures", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list launches", + "privilege": "ListLaunches", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list projects", + "privilege": "ListProjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an experiment", + "privilege": "StartExperiment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a launch", + "privilege": "StartLaunch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop an experiment", + "privilege": "StopExperiment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a launch", + "privilege": "StopLaunch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update experiment", + "privilege": "UpdateExperiment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update feature", + "privilege": "UpdateFeature", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a launch", + "privilege": "UpdateLaunch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update project", + "privilege": "UpdateProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update project data delivery", + "privilege": "UpdateProjectDataDelivery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Project*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:evidently:${Region}:${OwnerAccountId}:project/${ProjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Project" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${OwnerAccountId}:project/${ProjectName}/feature/${FeatureName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Feature" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${OwnerAccountId}:project/${ProjectName}/experiment/${ExperimentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Experiment" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${OwnerAccountId}:project/${ProjectName}/launch/${LaunchName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Launch" + } + ], + "service_name": "Amazon CloudWatch Evidently" + }, { "conditions": [], "prefix": "execute-api", @@ -71742,107 +77162,230 @@ "service_name": "Amazon API Gateway" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "String" + } + ], "prefix": "finspace", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permissions to create a FinSpace environment", "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permissions to create a FinSpace user.", + "privilege": "CreateUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to delete a FinSpace environment.", "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permissions to delete a FinSpace user.", + "privilege": "DeleteUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permissions to describe a FinSpace environment.", "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permissions to request status of the loading of sample data bundle.", + "privilege": "GetLoadSampleDataSetGroupIntoEnvironmentStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permissions to describe a FinSpace user.", + "privilege": "GetUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permissions to list FinSpace environments in the AWS account.", "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permissions to return a list of tags for a resource.", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permissions to list FinSpace users in an environment.", + "privilege": "ListUsers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to load sample data bundle into your FinSpace environment.", + "privilege": "LoadSampleDataSetGroupIntoEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permissions to tag a resource.", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Tagging", + "description": "Grants permissions to untag a resource.", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permissions to update a FinSpace environment", "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] } ], - "resources": [], + "resources": [ + { + "arn": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:finspace:${Region}:${Account}:user/${userId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "user" + } + ], "service_name": "Amazon FinSpace" }, { @@ -72860,22 +78403,37 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], "prefix": "forecast", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an auto predictor", + "privilege": "CreateAutoPredictor", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a dataset", @@ -72936,6 +78494,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an explainability", + "privilege": "CreateExplainability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecast*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an explainability export using an explainability resource", + "privilege": "CreateExplainabilityExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a forecast", @@ -73052,6 +78650,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an explainability", + "privilege": "DeleteExplainability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an explainability export", + "privilege": "DeleteExplainabilityExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a forecast", @@ -73120,6 +78742,16 @@ "dependent_actions": [], "resource_type": "datasetImportJob*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + }, { "condition_keys": [], "dependent_actions": [], @@ -73142,6 +78774,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an auto predictor", + "privilege": "DescribeAutoPredictor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictor*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a dataset", @@ -73178,6 +78822,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an explainability export", + "privilege": "DescribeExplainabilityExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an explainability", + "privilege": "DescribeExplainablity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a forecast", @@ -73239,7 +78907,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the dataset groups", "privilege": "ListDatasetGroups", "resource_types": [ @@ -73251,7 +78919,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the dataset import jobs", "privilege": "ListDatasetImportJobs", "resource_types": [ @@ -73263,7 +78931,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the datasets", "privilege": "ListDatasets", "resource_types": [ @@ -73275,7 +78943,31 @@ ] }, { - "access_level": "List", + "access_level": "Read", + "description": "Grants permission to list all the explainabilities", + "privilege": "ListExplainabilities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the explainability exports", + "privilege": "ListExplainabilityExports", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", "description": "Grants permission to list all the forecast export jobs", "privilege": "ListForecastExportJobs", "resource_types": [ @@ -73287,7 +78979,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the forecasts", "privilege": "ListForecasts", "resource_types": [ @@ -73299,7 +78991,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the predictor backtest export jobs", "privilege": "ListPredictorBacktestExportJobs", "resource_types": [ @@ -73311,7 +79003,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all the predictors", "privilege": "ListPredictors", "resource_types": [ @@ -73342,6 +79034,16 @@ "dependent_actions": [], "resource_type": "datasetImportJob" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport" + }, { "condition_keys": [], "dependent_actions": [], @@ -73386,6 +79088,16 @@ "dependent_actions": [], "resource_type": "datasetImportJob*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + }, { "condition_keys": [], "dependent_actions": [], @@ -73436,6 +79148,16 @@ "dependent_actions": [], "resource_type": "datasetImportJob" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport" + }, { "condition_keys": [], "dependent_actions": [], @@ -73486,6 +79208,16 @@ "dependent_actions": [], "resource_type": "datasetImportJob" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport" + }, { "condition_keys": [], "dependent_actions": [], @@ -73587,6 +79319,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "forecastExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "explainability" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability-export/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "explainabilityExport" } ], "service_name": "Amazon Forecast" @@ -73638,6 +79384,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel the specified batch import job", + "privilege": "CancelBatchImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batch-import*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to cancel the specified batch prediction job", @@ -73650,6 +79408,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a batch import job", + "privilege": "CreateBatchImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batch-import*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a batch prediction job", @@ -73710,6 +79493,11 @@ "description": "Grants permission to create a model using the specified model type", "privilege": "CreateModel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, { "condition_keys": [], "dependent_actions": [], @@ -73780,6 +79568,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a batch import job", + "privilege": "DeleteBatchImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batch-import*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a batch prediction job", @@ -73852,6 +79652,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete events for the specified event type", + "privilege": "DeleteEventsByEventType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove a SageMaker model from Amazon Fraud Detector. You can remove an Amazon SageMaker model if it is not associated with a detector version", @@ -73960,6 +79772,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get all batch import jobs or a specific job if you specify a job ID", + "privilege": "GetBatchImportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batch-import" + } + ] + }, { "access_level": "List", "description": "Grants permission to get all batch prediction jobs or a specific job if you specify a job ID. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 1 and 50. To get the next page results, provide the pagination token from the GetBatchPredictionJobsResponse as part of your request. A null pagination token fetches the records from the beginning", @@ -73973,7 +79797,19 @@ ] }, { - "access_level": "List", + "access_level": "Read", + "description": "Grants permission to get a specific event type DeleteEventsByEventType API execution status", + "privilege": "GetDeleteEventsByEventTypeStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + } + ] + }, + { + "access_level": "Read", "description": "Grants permission to get a particular detector version", "privilege": "GetDetectorVersion", "resource_types": [ @@ -74008,6 +79844,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the details of the specified event", + "privilege": "GetEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to evaluate an event against a detector version. If a version ID is not provided, the detector\u2019s (ACTIVE) version is used", @@ -74079,7 +79927,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to get the details of the specified model version", "privilege": "GetModelVersion", "resource_types": [ @@ -74139,7 +79987,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list all tags associated with the resource. This is a paginated API. To get the next page results, provide the pagination token from the response as part of your request. A null pagination token fetches the records from the beginning", "privilege": "ListTagsForResource", "resource_types": [ @@ -74210,6 +80058,11 @@ "dependent_actions": [], "resource_type": "detector*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -74265,6 +80118,11 @@ "description": "Grants permission to create or update an Amazon SageMaker model endpoint. You can also use this action to update the configuration of the model endpoint, including the IAM role and/or the mapped variables", "privilege": "PutExternalModel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, { "condition_keys": [], "dependent_actions": [], @@ -74332,6 +80190,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to send event", + "privilege": "SendEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to assign tags to a resource", @@ -74518,6 +80396,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing event record's label value", + "privilege": "UpdateEventLabel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a model. You can update the description attribute using this action", @@ -74609,88 +80507,95 @@ ], "resources": [ { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "batch-prediction" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "detector" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "detector-version" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "entity-type" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "external-model" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "event-type" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "label" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "model" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "model-version" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "outcome" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "rule" }, { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${resourcePath}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "variable" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-import/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "batch-import" } ], "service_name": "Amazon Fraud Detector" @@ -74871,17 +80776,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" }, { @@ -74894,6 +80799,11 @@ "description": "Filters access by whether the backup is a source backup for a CopyBackup operation", "type": "Bool" }, + { + "condition": "fsx:ParentVolumeId", + "description": "Filters access by the containing parent volume for mutating volume operations", + "type": "String" + }, { "condition": "fsx:StorageVirtualMachineId", "description": "Filters access by the containing storage virtual machine for a volume for mutating volume operations", @@ -74992,6 +80902,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new data respository association for an Amazon FSx for Lustre file system", + "privilege": "CreateDataRepositoryAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "association*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new data respository task for an Amazon FSx for Lustre file system", @@ -75068,6 +81005,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new snapshot on a volume", + "privilege": "CreateSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "snapshot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system", @@ -75107,11 +81071,17 @@ ], "resource_type": "volume*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "fsx:StorageVirtualMachineId" + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -75153,7 +81123,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available.", + "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available", "privilege": "DeleteBackup", "resource_types": [ { @@ -75163,6 +81133,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a data repository association", + "privilege": "DeleteDataRepositoryAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system", @@ -75193,26 +81175,31 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a storage virtual machine, deleting its contents.", - "privilege": "DeleteStorageVirtualMachine", + "description": "Grants permission to delete a snapshot on a volume", + "privilege": "DeleteSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - }, + "resource_type": "snapshot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a storage virtual machine, deleting its contents", + "privilege": "DeleteStorageVirtualMachine", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storage-virtual-machine*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume.", + "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume", "privilege": "DeleteVolume", "resource_types": [ { @@ -75223,7 +81210,8 @@ { "condition_keys": [ "aws:TagKeys", - "fsx:StorageVirtualMachineId" + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -75256,7 +81244,19 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository task owned by your AWS account in the AWS Region of the endpoint that you're calling", + "description": "Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeDataRepositoryAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling", "privilege": "DescribeDataRepositoryTasks", "resource_types": [ { @@ -75290,6 +81290,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling", + "privilege": "DescribeSnapshots", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling", @@ -75343,6 +81355,11 @@ "description": "Grants permission to list tags for an Amazon FSx resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], @@ -75353,6 +81370,11 @@ "dependent_actions": [], "resource_type": "file-system" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], @@ -75382,11 +81404,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to restore volume state from a snapshot", + "privilege": "RestoreVolumeFromSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag an Amazon FSx resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], @@ -75397,6 +81441,11 @@ "dependent_actions": [], "resource_type": "file-system" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], @@ -75427,6 +81476,11 @@ "description": "Grants permission to remove a tag from an Amazon FSx resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], @@ -75437,6 +81491,11 @@ "dependent_actions": [], "resource_type": "file-system" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], @@ -75461,6 +81520,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update data repository association configuration", + "privilege": "UpdateDataRepositoryAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update file system configuration", @@ -75473,6 +81544,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update snapshot configuration", + "privilege": "UpdateSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update storage virtual machine configuration", @@ -75482,13 +81565,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "storage-virtual-machine*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -75504,8 +81580,8 @@ }, { "condition_keys": [ - "aws:TagKeys", - "fsx:StorageVirtualMachineId" + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -75542,12 +81618,26 @@ ], "resource": "task" }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:association/${DataRepositoryAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "association" + }, { "arn": "arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "volume" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "snapshot" } ], "service_name": "Amazon FSx" @@ -81366,7 +87456,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list workspaces", "privilege": "ListWorkspaces", "resource_types": [ @@ -81416,7 +87506,7 @@ ], "resources": [ { - "arn": "arn:${Partition}:grafana::${Region}:${Account}:/workspaces/${ResourceId}", + "arn": "arn:${Partition}:grafana:${Region}:${Account}:/workspaces/${ResourceId}", "condition_keys": [], "resource": "workspace" } @@ -81427,47 +87517,47 @@ "conditions": [ { "condition": "aws:CurrentTime", - "description": "Filters actions based on date/time conditions for the current date and time", + "description": "Filters access by checking date/time conditions for the current date and time", "type": "Date" }, { "condition": "aws:EpochTime", - "description": "Filters actions based on date/time conditions for the current date and time in epoch or Unix time", + "description": "Filters access by checking date/time conditions for the current date and time in epoch or Unix time", "type": "Date" }, { "condition": "aws:MultiFactorAuthAge", - "description": "Filters actions based on how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", + "description": "Filters access by checking how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", "type": "Numeric" }, { "condition": "aws:MultiFactorAuthPresent", - "description": "Filters actions based on whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", - "type": "Boolean" + "description": "Filters access by checking whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", + "type": "Bool" }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the mandatory tags", + "description": "Filters access by checking tag key/value pairs included in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tag value associated with the resource", + "description": "Filters access by checking tag key/value pairs associated with a specific resource", "type": "String" }, { "condition": "aws:SecureTransport", - "description": "Filters actions based on whether the request was sent using SSL", - "type": "Boolean" + "description": "Filters access by checking whether the request was sent using SSL", + "type": "Bool" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", + "description": "Filters access by checking tag keys passed in the request", "type": "String" }, { "condition": "aws:UserAgent", - "description": "Filters actions based on the requester's client application", + "description": "Filters access by the requester's client application", "type": "String" } ], @@ -81475,49 +87565,25 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", - "privilege": "AssociateRoleToGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Unknown", - "description": "", + "description": "Grants permission to associate a list of client devices with a core device", "privilege": "BatchAssociateClientDeviceWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to disassociate a list of client devices from a core device", "privilege": "BatchDisassociateClientDeviceFromCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, @@ -81562,60 +87628,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a connector definition", - "privilege": "CreateConnectorDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing connector definition", - "privilege": "CreateConnectorDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a core definition", - "privilege": "CreateCoreDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", - "privilege": "CreateCoreDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a deployment", @@ -81646,192 +87658,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a device definition", - "privilege": "CreateDeviceDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing device definition", - "privilege": "CreateDeviceDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", - "privilege": "CreateFunctionDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing Lambda function definition", - "privilege": "CreateFunctionDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a group.", - "privilege": "CreateGroup", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a CA for the group, or rotate the existing CA", - "privilege": "CreateGroupCertificateAuthority", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of a group that has already been defined", - "privilege": "CreateGroupVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a logger definition", - "privilege": "CreateLoggerDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing logger definition", - "privilege": "CreateLoggerDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", - "privilege": "CreateResourceDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing resource definition", - "privilege": "CreateResourceDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", - "privilege": "CreateSoftwareUpdateJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a subscription definition", - "privilege": "CreateSubscriptionDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing subscription definition", - "privilege": "CreateSubscriptionDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a component", @@ -81844,30 +87670,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a connector definition", - "privilege": "DeleteConnectorDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteCoreDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", @@ -81882,78 +87684,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteDeviceDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteFunctionDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a group that is not currently in use in a deployment", - "privilege": "DeleteGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteLoggerDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a resource definition", - "privilege": "DeleteResourceDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteSubscriptionDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to retrieve metadata for a version of a component", @@ -81966,66 +87696,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to disassociate the role from a group", - "privilege": "DisassociateRoleFromGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", - "privilege": "DisassociateServiceRoleFromAccount", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information required to connect to a Greengrass core", - "privilege": "Discover", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the role associated with a group", - "privilege": "GetAssociatedRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the status of a bulk deployment", - "privilege": "GetBulkDeploymentStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bulkDeployment*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get the recipe for a version of a component", @@ -82052,91 +87722,91 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the connectivity information for a core", - "privilege": "GetConnectivityInfo", + "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", + "privilege": "GetCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectivityInfo*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition", - "privilege": "GetConnectorDefinition", + "description": "Grants permission to get a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition*" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "deployment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition version", - "privilege": "GetConnectorDefinitionVersion", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of client devices associated to a AWS IoT Greengrass core device", + "privilege": "ListClientDevicesAssociatedWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinitionVersion*" + "resource_type": "coreDevice*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition", - "privilege": "GetCoreDefinition", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of all versions for a component", + "privilege": "ListComponentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "component*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition version", - "privilege": "GetCoreDefinitionVersion", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of component summaries", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinitionVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", - "privilege": "GetCoreDevice", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", + "privilege": "ListCoreDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a deployment", - "privilege": "GetDeployment", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployments", + "privilege": "ListDeployments", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + }, { "condition_keys": [], "dependent_actions": [ @@ -82145,562 +87815,644 @@ "iot:DescribeThingGroup", "iot:GetThingShadow" ], - "resource_type": "deployment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the status of a deployment", - "privilege": "GetDeploymentStatus", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", + "privilege": "ListEffectiveDeployments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "deployment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "coreDevice*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition", - "privilege": "GetDeviceDefinition", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", + "privilege": "ListInstalledComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition version", - "privilege": "GetDeviceDefinitionVersion", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "component" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", - "privilege": "GetFunctionDefinition", - "resource_types": [ + "resource_type": "componentVersion" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", - "privilege": "GetFunctionDefinitionVersion", - "resource_types": [ + "resource_type": "coreDevice" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "deployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group", - "privilege": "GetGroup", - "resource_types": [ + "resource_type": "bulkDeployment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the public key of the CA associated with a group", - "privilege": "GetGroupCertificateAuthority", - "resource_types": [ + "resource_type": "connectorDefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificateAuthority*" + "resource_type": "coreDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the current configuration for the CA used by a group", - "privilege": "GetGroupCertificateConfiguration", - "resource_types": [ + "resource_type": "deviceDefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group version", - "privilege": "GetGroupVersion", - "resource_types": [ + "resource_type": "functionDefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "groupVersion*" + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition", - "privilege": "GetLoggerDefinition", + "access_level": "List", + "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", + "privilege": "ResolveComponentCandidates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "componentVersion*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition version", - "privilege": "GetLoggerDefinitionVersion", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "component" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", - "privilege": "GetResourceDefinition", - "resource_types": [ + "resource_type": "componentVersion" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", - "privilege": "GetResourceDefinitionVersion", - "resource_types": [ + "resource_type": "coreDevice" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "deployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the service role that is attached to an account", - "privilege": "GetServiceRoleForAccount", - "resource_types": [ + "resource_type": "bulkDeployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition", - "privilege": "GetSubscriptionDefinition", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition version", - "privilege": "GetSubscriptionDefinitionVersion", - "resource_types": [ + "resource_type": "component" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "componentVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinitionVersion*" + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bulkDeployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve runtime configuration of a thing", - "privilege": "GetThingRuntimeConfiguration", + "access_level": "Write", + "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", + "privilege": "AssociateRoleToGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingRuntimeConfig*" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", - "privilege": "ListBulkDeploymentDetailedReports", + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of bulk deployments", - "privilege": "ListBulkDeployments", + "access_level": "Write", + "description": "Grants permission to create a connector definition", + "privilege": "CreateConnectorDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", - "privilege": "ListClientDevicesAssociatedWithCoreDevice", + "access_level": "Write", + "description": "Grants permission to create a version of an existing connector definition", + "privilege": "CreateConnectorDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connectorDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a core definition", + "privilege": "CreateCoreDefinition", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of all versions for a component", - "privilege": "ListComponentVersions", + "access_level": "Write", + "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", + "privilege": "CreateCoreDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "coreDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of component summaries", - "privilege": "ListComponents", + "access_level": "Write", + "description": "Grants permission to create a device definition", + "privilege": "CreateDeviceDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a connector definition", - "privilege": "ListConnectorDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to create a version of an existing device definition", + "privilege": "CreateDeviceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "deviceDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of connector definitions", - "privilege": "ListConnectorDefinitions", + "access_level": "Write", + "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", + "privilege": "CreateFunctionDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a core definition", - "privilege": "ListCoreDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to create a version of an existing Lambda function definition", + "privilege": "CreateFunctionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "functionDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of core definitions", - "privilege": "ListCoreDefinitions", + "access_level": "Write", + "description": "Grants permission to create a group.", + "privilege": "CreateGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", - "privilege": "ListCoreDevices", + "access_level": "Write", + "description": "Grants permission to create a CA for the group, or rotate the existing CA", + "privilege": "CreateGroupCertificateAuthority", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all deployments for a group", - "privilege": "ListDeployments", + "access_level": "Write", + "description": "Grants permission to create a version of a group that has already been defined", + "privilege": "CreateGroupVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "group*" - }, + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a logger definition", + "privilege": "CreateLoggerDefinition", + "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a device definition", - "privilege": "ListDeviceDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to create a version of an existing logger definition", + "privilege": "CreateLoggerDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "loggerDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of device definitions", - "privilege": "ListDeviceDefinitions", + "access_level": "Write", + "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", + "privilege": "CreateResourceDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", - "privilege": "ListEffectiveDeployments", + "access_level": "Write", + "description": "Grants permission to create a version of an existing resource definition", + "privilege": "CreateResourceDefinitionVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "coreDevice*" + "dependent_actions": [], + "resource_type": "resourceDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a Lambda function definition", - "privilege": "ListFunctionDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", + "privilege": "CreateSoftwareUpdateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of Lambda function definitions", - "privilege": "ListFunctionDefinitions", + "access_level": "Write", + "description": "Grants permission to create a subscription definition", + "privilege": "CreateSubscriptionDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of current CAs for a group", - "privilege": "ListGroupCertificateAuthorities", + "access_level": "Write", + "description": "Grants permission to create a version of an existing subscription definition", + "privilege": "CreateSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "subscriptionDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a group", - "privilege": "ListGroupVersions", + "access_level": "Write", + "description": "Grants permission to delete a connector definition", + "privilege": "DeleteConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of groups", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", - "privilege": "ListInstalledComponents", + "access_level": "Write", + "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "deviceDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a logger definition", - "privilege": "ListLoggerDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "functionDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of logger definitions", - "privilege": "ListLoggerDefinitions", + "access_level": "Write", + "description": "Grants permission to delete a group that is not currently in use in a deployment", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a resource definition", - "privilege": "ListResourceDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "loggerDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of resource definitions", - "privilege": "ListResourceDefinitions", + "access_level": "Write", + "description": "Grants permission to delete a resource definition", + "privilege": "DeleteResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a subscription definition", - "privilege": "ListSubscriptionDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteSubscriptionDefinition", "resource_types": [ { "condition_keys": [], @@ -82710,101 +88462,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of subscription definitions", - "privilege": "ListSubscriptionDefinitions", + "access_level": "Write", + "description": "Grants permission to disassociate the role from a group", + "privilege": "DisassociateRoleFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", + "privilege": "DisassociateServiceRoleFromAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information required to connect to a Greengrass core", + "privilege": "Discover", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset a group's deployments", - "privilege": "ResetDeployments", + "access_level": "Read", + "description": "Grants permission to retrieve the role associated with a group", + "privilege": "GetAssociatedRole", "resource_types": [ { "condition_keys": [], @@ -82814,287 +88510,682 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", - "privilege": "ResolveComponentCandidates", + "access_level": "Read", + "description": "Grants permission to return the status of a bulk deployment", + "privilege": "GetBulkDeploymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deploy multiple groups in one operation", - "privilege": "StartBulkDeployment", + "access_level": "Read", + "description": "Grants permission to retrieve the connectivity information for a core", + "privilege": "GetConnectivityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectivityInfo*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the execution of a bulk deployment", - "privilege": "StopBulkDeployment", + "access_level": "Read", + "description": "Grants permission to retrieve information about a connector definition", + "privilege": "GetConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve information about a connector definition version", + "privilege": "GetConnectorDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" + "resource_type": "connectorDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition" - }, + "resource_type": "connectorDefinitionVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a core definition", + "privilege": "GetCoreDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition" - }, + "resource_type": "coreDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a core definition version", + "privilege": "GetCoreDefinitionVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition" + "resource_type": "coreDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition" - }, + "resource_type": "coreDefinitionVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the status of a deployment", + "privilege": "GetDeploymentStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" + "resource_type": "deployment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition" - }, + "resource_type": "group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a device definition", + "privilege": "GetDeviceDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition" - }, + "resource_type": "deviceDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a device definition version", + "privilege": "GetDeviceDefinitionVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition" + "resource_type": "deviceDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, + "resource_type": "deviceDefinitionVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", + "privilege": "GetFunctionDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion" - }, + "resource_type": "functionDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", + "privilege": "GetFunctionDefinitionVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice" + "resource_type": "functionDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinitionVersion*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve information about a group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, + "resource_type": "group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the public key of the CA associated with a group", + "privilege": "GetGroupCertificateAuthority", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition" + "resource_type": "certificateAuthority*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition" - }, + "resource_type": "group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current configuration for the CA used by a group", + "privilege": "GetGroupCertificateConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition" - }, + "resource_type": "group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a group version", + "privilege": "GetGroupVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" + "resource_type": "group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition" - }, + "resource_type": "groupVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a logger definition", + "privilege": "GetLoggerDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition" - }, + "resource_type": "loggerDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a logger definition version", + "privilege": "GetLoggerDefinitionVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition" + "resource_type": "loggerDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, + "resource_type": "loggerDefinitionVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", + "privilege": "GetResourceDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion" - }, + "resource_type": "resourceDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", + "privilege": "GetResourceDefinitionVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice" + "resource_type": "resourceDefinition*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinitionVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", - "privilege": "UpdateConnectivityInfo", + "access_level": "Read", + "description": "Grants permission to retrieve the service role that is attached to an account", + "privilege": "GetServiceRoleForAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectivityInfo*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a connector definition", - "privilege": "UpdateConnectorDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve information about a subscription definition", + "privilege": "GetSubscriptionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "subscriptionDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a core definition", - "privilege": "UpdateCoreDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve information about a subscription definition version", + "privilege": "GetSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "subscriptionDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinitionVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a device definition", - "privilege": "UpdateDeviceDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve runtime configuration of a thing", + "privilege": "GetThingRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "thingRuntimeConfig*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a Lambda function definition", - "privilege": "UpdateFunctionDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", + "privilege": "ListBulkDeploymentDetailedReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a group", - "privilege": "UpdateGroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of bulk deployments", + "privilege": "ListBulkDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the certificate expiry time for a group", - "privilege": "UpdateGroupCertificateConfiguration", + "access_level": "List", + "description": "Grants permission to list the versions of a connector definition", + "privilege": "ListConnectorDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a logger definition", + "access_level": "List", + "description": "Grants permission to retrieve a list of connector definitions", + "privilege": "ListConnectorDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a core definition", + "privilege": "ListCoreDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of core definitions", + "privilege": "ListCoreDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a device definition", + "privilege": "ListDeviceDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of device definitions", + "privilege": "ListDeviceDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a Lambda function definition", + "privilege": "ListFunctionDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of Lambda function definitions", + "privilege": "ListFunctionDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of current CAs for a group", + "privilege": "ListGroupCertificateAuthorities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a group", + "privilege": "ListGroupVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of groups", + "privilege": "ListGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a logger definition", + "privilege": "ListLoggerDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of logger definitions", + "privilege": "ListLoggerDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a resource definition", + "privilege": "ListResourceDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of resource definitions", + "privilege": "ListResourceDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions of a subscription definition", + "privilege": "ListSubscriptionDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of subscription definitions", + "privilege": "ListSubscriptionDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset a group's deployments", + "privilege": "ResetDeployments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deploy multiple groups in one operation", + "privilege": "StartBulkDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop the execution of a bulk deployment", + "privilege": "StopBulkDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bulkDeployment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", + "privilege": "UpdateConnectivityInfo", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectivityInfo*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a connector definition", + "privilege": "UpdateConnectorDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a core definition", + "privilege": "UpdateCoreDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a device definition", + "privilege": "UpdateDeviceDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a Lambda function definition", + "privilege": "UpdateFunctionDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a group", + "privilege": "UpdateGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the certificate expiry time for a group", + "privilege": "UpdateGroupCertificateConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a logger definition", "privilege": "UpdateLoggerDefinition", "resource_types": [ { @@ -83143,22 +89234,43 @@ ], "resources": [ { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", - "condition_keys": [], - "resource": "connectivityInfo" + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "component" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", - "condition_keys": [], - "resource": "certificateAuthority" + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentVersion" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "coreDevice" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "deployment" }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "condition_keys": [], + "resource": "connectivityInfo" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", + "condition_keys": [], + "resource": "certificateAuthority" + }, { "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/bulk/deployments/${BulkDeploymentId}", "condition_keys": [ @@ -83271,27 +89383,6 @@ "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/runtimeconfig", "condition_keys": [], "resource": "thingRuntimeConfig" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "coreDevice" } ], "service_name": "AWS IoT Greengrass" @@ -89489,6 +95580,425 @@ "resources": [], "service_name": "Amazon Inspector" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "String" + } + ], + "prefix": "inspector2", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate an account with an Amazon Inspector administrator account", + "privilege": "AssociateMember", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about Amazon Inspector accounts for an account", + "privilege": "BatchGetAccountStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account", + "privilege": "BatchGetFreeTrialInfo", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel the generation of a findings report", + "privilege": "CancelFindingsReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and define the settings for a findings filter", + "privilege": "CreateFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Filter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request the generation of a findings report", + "privilege": "CreateFindingsReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a findings filter", + "privilege": "DeleteFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Filter*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization", + "privilege": "DescribeOrganizationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable an Amazon Inspector account", + "privilege": "Disable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "DisableDelegatedAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account", + "privilege": "DisassociateMember", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable and specify the configuration settings for a new Amazon Inspector account", + "privilege": "Enable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "EnableDelegatedAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Inspector administrator account for an account", + "privilege": "GetDelegatedAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve status for a requested findings report", + "privilege": "GetFindingsReportStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account", + "privilege": "GetMember", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization", + "privilege": "ListAccountPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors", + "privilege": "ListCoverage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors", + "privilege": "ListCoverageStatistics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "ListDelegatedAdminAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about all findings filters", + "privilege": "ListFilters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve statistical data and other information about Amazon Inspector findings", + "privilege": "ListFindingAggregations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about one or more findings", + "privilege": "ListFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account", + "privilege": "ListMembers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the tags for an Amazon Inspector resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve aggregated usage data for an account", + "privilege": "ListUsageTotals", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or update the tags for an Amazon Inspector resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon Inspector resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the settings for a findings filter", + "privilege": "UpdateFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Filter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon Inspector configuration settings for an AWS organization", + "privilege": "UpdateOrganizationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/filter/${FilterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Filter" + }, + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:finding/${FindingId}", + "condition_keys": [], + "resource": "Finding" + } + ], + "service_name": "Amazon Inspector2" + }, { "conditions": [ { @@ -91006,6 +97516,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a managed job template", + "privilege": "DescribeManagedJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a mitigation action", @@ -91751,6 +98273,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list managed job templates", + "privilege": "ListManagedJobTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get a list of all mitigation actions that match the specified filter criteria", @@ -92298,6 +98832,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "PutVerificationStateOnViolation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to receive from the specified topic", @@ -93711,27 +100257,1602 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list placements in a project", + "privilege": "ListPlacements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all projects", + "privilege": "ListProjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to lists the tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to unclaim a device", + "privilege": "UnclaimDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update device state", + "privilege": "UpdateDeviceState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a placement", + "privilege": "UpdatePlacement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Update a project", + "privilege": "UpdateProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iot1click:${Region}:${Account}:devices/${DeviceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" + }, + { + "arn": "arn:${Partition}:iot1click:${Region}:${Account}:projects/${ProjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" + } + ], + "service_name": "AWS IoT 1-Click" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "A tag key that is present in the request that the user makes to IoT Analytics.", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "The list of all the tag key names associated with the IoT Analytics resource in the request.", + "type": "String" + }, + { + "condition": "iotanalytics:ResourceTag/${TagKey}", + "description": "The preface string for a tag key and value pair attached to an IoT Analytics resource.", + "type": "String" + } + ], + "prefix": "iotanalytics", + "privileges": [ + { + "access_level": "Write", + "description": "Puts a batch of messages into the specified channel.", + "privilege": "BatchPutMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Cancels reprocessing for the specified pipeline.", + "privilege": "CancelPipelineReprocessing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a channel.", + "privilege": "CreateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a dataset.", + "privilege": "CreateDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Generates content of the specified dataset (by executing the dataset actions).", + "privilege": "CreateDatasetContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a datastore.", + "privilege": "CreateDatastore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a pipeline.", + "privilege": "CreatePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the specified channel.", + "privilege": "DeleteChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the specified dataset.", + "privilege": "DeleteDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the content of the specified dataset.", + "privilege": "DeleteDatasetContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the specified datastore.", + "privilege": "DeleteDatastore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the specified pipeline.", + "privilege": "DeletePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Describes the specified channel.", + "privilege": "DescribeChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Read", + "description": "Describes the specified dataset.", + "privilege": "DescribeDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Describes the specified datastore.", + "privilege": "DescribeDatastore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Read", + "description": "Describes logging options for the the account.", + "privilege": "DescribeLoggingOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Describes the specified pipeline.", + "privilege": "DescribePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Gets the content of the specified dataset.", + "privilege": "GetDatasetContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "List", + "description": "Lists the channels for the account.", + "privilege": "ListChannels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists information about dataset contents that have been created.", + "privilege": "ListDatasetContents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "List", + "description": "Lists the datasets for the account.", + "privilege": "ListDatasets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists the datastores for the account.", + "privilege": "ListDatastores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists the pipelines for the account.", + "privilege": "ListPipelines", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Lists the tags (metadata) which you have assigned to the resource.", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + } + ] + }, + { + "access_level": "Write", + "description": "Puts logging options for the the account.", + "privilege": "PutLoggingOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Runs the specified pipeline activity.", + "privilege": "RunPipelineActivity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Samples the specified channel's data.", + "privilege": "SampleChannelData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Starts reprocessing for the specified pipeline.", + "privilege": "StartPipelineReprocessing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource.", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Removes the given tags (metadata) from the resource.", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the specified channel.", + "privilege": "UpdateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the specified dataset.", + "privilege": "UpdateDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the specified datastore.", + "privilege": "UpdateDatastore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Write", + "description": "Updates the specified pipeline.", + "privilege": "UpdatePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:channel/${ChannelName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "channel" + }, + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:dataset/${DatasetName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "dataset" + }, + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:datastore/${DatastoreName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "datastore" + }, + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:pipeline/${PipelineName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + } + ], + "service_name": "AWS IoT Analytics" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "iotdeviceadvisor", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a suite definition", + "privilege": "CreateSuiteDefinition", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a suite definition", + "privilege": "DeleteSuiteDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition*" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a suite definition", + "privilege": "GetSuiteDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a suite run", + "privilege": "GetSuiteRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the qualification report for a suite run", + "privilege": "GetSuiteRunReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list suite definitions", + "privilege": "ListSuiteDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list suite runs", + "privilege": "ListSuiteRuns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) assigned to a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a suite run", + "privilege": "StartSuiteRun", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a suite run", + "privilege": "StopSuiteRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add to or modify the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suiterun" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a suite definition", + "privilege": "UpdateSuiteDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suitedefinition*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${suiteDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "suitedefinition" + }, + { + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${suiteDefinitionId}/${suiteRunId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "suiterun" + } + ], + "service_name": "AWS IoT Core Device Advisor" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions by the tag keys in the request", + "type": "String" + }, + { + "condition": "iotevents:keyValue", + "description": "Filters access by the instanceId (key-value) of the message", + "type": "String" + } + ], + "prefix": "iotevents", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to send one or more acknowledge action requests to AWS IoT Events", + "privilege": "BatchAcknowledgeAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable one or more alarm instances", + "privilege": "BatchDisableAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable one or more alarm instances", + "privilege": "BatchEnableAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a set of messages to the AWS IoT Events system", + "privilege": "BatchPutMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset one or more alarm instances", + "privilege": "BatchResetAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change one or more alarm instances to the snooze mode", + "privilege": "BatchSnoozeAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a detector instance within the AWS IoT Events system", + "privilege": "BatchUpdateDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an alarm model to monitor an AWS IoT Events input attribute or an AWS IoT SiteWise asset property", + "privilege": "CreateAlarmModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a detector model to monitor an AWS IoT Events input attribute", + "privilege": "CreateDetectorModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Input in IotEvents", + "privilege": "CreateInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an alarm model", + "privilege": "DeleteAlarmModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a detector model", + "privilege": "DeleteDetectorModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an input", + "privilege": "DeleteInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an alarm instance", + "privilege": "DescribeAlarm", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an alarm model", + "privilege": "DescribeAlarmModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retriev information about a detector instance", + "privilege": "DescribeDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a detector model", + "privilege": "DescribeDetectorModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the detector model analysis information", + "privilege": "DescribeDetectorModelAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an information about Input", + "privilege": "DescribeInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current settings of the AWS IoT Events logging options", + "privilege": "DescribeLoggingOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the detector model analysis results", + "privilege": "GetDetectorModelAnalysisResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the versions of an alarm model", + "privilege": "ListAlarmModelVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the alarm models that you created", + "privilege": "ListAlarmModels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about all alarm instances per alarmModel", + "privilege": "ListAlarms", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the versions of a detector model", + "privilege": "ListDetectorModelVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the detector models that you created", + "privilege": "ListDetectorModels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about all detector instances per detectormodel", + "privilege": "ListDetectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list one or more input routings", + "privilege": "ListInputRoutings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to lists the inputs you have created", + "privilege": "ListInputs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set or update the AWS IoT Events logging options", + "privilege": "PutLoggingOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the detector model analysis", + "privilege": "StartDetectorModelAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to adds to or modifies the tags of the given resource.Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from the resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an alarm model", + "privilege": "UpdateAlarmModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a detector model", + "privilege": "UpdateDetectorModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an input", + "privilege": "UpdateInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update input routing", + "privilege": "UpdateInputRouting", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:detectorModel/${DetectorModelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "detectorModel" + }, + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:alarmModel/${AlarmModelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "alarmModel" + }, + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:input/${inputName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "input" + } + ], + "service_name": "AWS IoT Events" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions by the tag keys in the request", + "type": "String" + } + ], + "prefix": "iotfleethub", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sso:CreateManagedApplicationInstance", + "sso:DescribeRegisteredRegions" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" + ], + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to list placements in a project", - "privilege": "ListPlacements", + "description": "Grants permission to describe an application", + "privilege": "DescribeApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application*" } ] }, { "access_level": "List", - "description": "Grants permission to list all projects", - "privilege": "ListProjects", + "description": "Grants permission to list all applications", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], @@ -93742,72 +101863,45 @@ }, { "access_level": "Read", - "description": "Grants permission to lists the tags for a resource", + "description": "Grants permission to list all tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" + "resource_type": "application" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add or modify the tags of a resource", + "description": "Grants permission to tag a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" + "resource_type": "application" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] }, - { - "access_level": "Read", - "description": "Grants permission to unclaim a device", - "privilege": "UnclaimDevice", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device*" - } - ] - }, { "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from a resource", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" + "resource_type": "application" }, { "condition_keys": [ @@ -93820,355 +101914,291 @@ }, { "access_level": "Write", - "description": "Grants permission to update device state", - "privilege": "UpdateDeviceState", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a placement", - "privilege": "UpdatePlacement", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Update a project", - "privilege": "UpdateProject", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iot1click:${Region}:${Account}:devices/${DeviceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "device" - }, - { - "arn": "arn:${Partition}:iot1click:${Region}:${Account}:projects/${ProjectName}", + "arn": "arn:${Partition}:iotfleethub::${Account}:application/${ApplicationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "project" + "resource": "application" } ], - "service_name": "AWS IoT 1-Click" + "service_name": "AWS IoT Fleet Hub for Device Management" }, { "conditions": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "A tag key that is present in the request that the user makes to IoT Analytics.", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "The list of all the tag key names associated with the IoT Analytics resource in the request.", + "condition": "iotfleetwise:UpdateToDecoderManifestArn", + "description": "Filters access by a list of IoT FleetWise Decoder Manifest ARNs", "type": "String" }, { - "condition": "iotanalytics:ResourceTag/${TagKey}", - "description": "The preface string for a tag key and value pair attached to an IoT Analytics resource.", + "condition": "iotfleetwise:UpdateToModelManifestArn", + "description": "Filters access by a list of IoT FleetWise Model Manifest ARNs", "type": "String" } ], - "prefix": "iotanalytics", + "prefix": "iotfleetwise", "privileges": [ { "access_level": "Write", - "description": "Puts a batch of messages into the specified channel.", - "privilege": "BatchPutMessage", + "description": "Grants permission to associate the given vehicle to a fleet", + "privilege": "AssociateVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Cancels reprocessing for the specified pipeline.", - "privilege": "CancelPipelineReprocessing", - "resource_types": [ + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "vehicle*" } ] }, { "access_level": "Write", - "description": "Creates a channel.", - "privilege": "CreateChannel", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "fleet*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle*" } ] }, { "access_level": "Write", - "description": "Creates a dataset.", - "privilege": "CreateDataset", + "description": "Grants permission to create a decoder manifest for an existing model", + "privilege": "CreateDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "modelmanifest*" } ] }, { "access_level": "Write", - "description": "Generates content of the specified dataset (by executing the dataset actions).", - "privilege": "CreateDatasetContent", + "description": "Grants permission to create a fleet", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "signalcatalog*" } ] }, { "access_level": "Write", - "description": "Creates a datastore.", - "privilege": "CreateDatastore", + "description": "Grants permission to create a model manifest definition", + "privilege": "CreateModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { "access_level": "Write", - "description": "Creates a pipeline.", - "privilege": "CreatePipeline", + "description": "Grants permission to create a signal catalog", + "privilege": "CreateSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Deletes the specified channel.", - "privilege": "DeleteChannel", + "description": "Grants permission to create a vehicle", + "privilege": "CreateVehicle", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:CreateThing", + "iot:DescribeThing" + ], + "resource_type": "decodermanifest*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "modelmanifest*" } ] }, { "access_level": "Write", - "description": "Deletes the specified dataset.", - "privilege": "DeleteDataset", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Deletes the content of the specified dataset.", - "privilege": "DeleteDatasetContent", + "description": "Grants permission to delete the given decoder manifest", + "privilege": "DeleteDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "decodermanifest*" } ] }, { "access_level": "Write", - "description": "Deletes the specified datastore.", - "privilege": "DeleteDatastore", + "description": "Grants permission to delete a fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Deletes the specified pipeline.", - "privilege": "DeletePipeline", + "description": "Grants permission to delete the given model manifest", + "privilege": "DeleteModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "modelmanifest*" } ] }, { - "access_level": "Read", - "description": "Describes the specified channel.", - "privilege": "DescribeChannel", + "access_level": "Write", + "description": "Grants permission to delete a specific signal catalog", + "privilege": "DeleteSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "Read", - "description": "Describes the specified dataset.", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to delete a vehicle", + "privilege": "DeleteVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "vehicle*" } ] }, { - "access_level": "Read", - "description": "Describes the specified datastore.", - "privilege": "DescribeDatastore", + "access_level": "Write", + "description": "Grants permission to disassociate a vehicle from an existing fleet", + "privilege": "DisassociateVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Describes logging options for the the account.", - "privilege": "DescribeLoggingOptions", - "resource_types": [ + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { "access_level": "Read", - "description": "Describes the specified pipeline.", - "privilege": "DescribePipeline", + "description": "Grants permission to get summary information for a given campaign", + "privilege": "GetCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "campaign*" } ] }, { "access_level": "Read", - "description": "Gets the content of the specified dataset.", - "privilege": "GetDatasetContent", + "description": "Grants permission to get summary information for a given decoder manifest definition", + "privilege": "GetDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "List", - "description": "Lists the channels for the account.", - "privilege": "ListChannels", + "access_level": "Read", + "description": "Grants permission to get summary information for a fleet", + "privilege": "GetFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Lists information about dataset contents that have been created.", - "privilege": "ListDatasetContents", + "access_level": "Read", + "description": "Grants permission to get summary information for a given model manifest definition", + "privilege": "GetModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "modelmanifest*" } ] }, { - "access_level": "List", - "description": "Lists the datasets for the account.", - "privilege": "ListDatasets", + "access_level": "Read", + "description": "Grants permission to get the account registration status with IoT FleetWise", + "privilege": "GetRegisterAccountStatus", "resource_types": [ { "condition_keys": [], @@ -94178,60 +102208,45 @@ ] }, { - "access_level": "List", - "description": "Lists the datastores for the account.", - "privilege": "ListDatastores", + "access_level": "Read", + "description": "Grants permission to get summary information for a specific signal catalog", + "privilege": "GetSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "List", - "description": "Lists the pipelines for the account.", - "privilege": "ListPipelines", + "access_level": "Read", + "description": "Grants permission to get summary information for a vehicle", + "privilege": "GetVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { "access_level": "Read", - "description": "Lists the tags (metadata) which you have assigned to the resource.", - "privilege": "ListTagsForResource", + "description": "Grants permission to get the status of the campaigns running on a specific vehicle", + "privilege": "GetVehicleStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "vehicle*" } ] }, { "access_level": "Write", - "description": "Puts logging options for the the account.", - "privilege": "PutLoggingOptions", + "description": "Grants permission to import an existing decoder manifest", + "privilege": "ImportDecoderManifest", "resource_types": [ { "condition_keys": [], @@ -94241,9 +102256,9 @@ ] }, { - "access_level": "Read", - "description": "Runs the specified pipeline activity.", - "privilege": "RunPipelineActivity", + "access_level": "Write", + "description": "Grants permission to create a signal catalog by importing existing definitions", + "privilege": "ImportSignalCatalog", "resource_types": [ { "condition_keys": [], @@ -94254,582 +102269,469 @@ }, { "access_level": "Read", - "description": "Samples the specified channel's data.", - "privilege": "SampleChannelData", + "description": "Grants permission to list campaigns", + "privilege": "ListCampaigns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Starts reprocessing for the specified pipeline.", - "privilege": "StartPipelineReprocessing", + "access_level": "List", + "description": "Grants permission to list network interfaces associated to the existing decoder manifest", + "privilege": "ListDecoderManifestNetworkInterfaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "Tagging", - "description": "Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource.", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list decoder manifest signals", + "privilege": "ListDecoderManifestSignals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "Tagging", - "description": "Removes the given tags (metadata) from the resource.", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to list all decoder manifests, with an optional filter on model manifest", + "privilege": "ListDecoderManifests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Updates the specified channel.", - "privilege": "UpdateChannel", + "access_level": "Read", + "description": "Grants permission to list all fleets", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Updates the specified dataset.", - "privilege": "UpdateDataset", + "access_level": "Read", + "description": "Grants permission to list all the fleets that the given vehicle is associated with", + "privilege": "ListFleetsForVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "vehicle*" } ] }, { - "access_level": "Write", - "description": "Updates the specified datastore.", - "privilege": "UpdateDatastore", + "access_level": "List", + "description": "Grants permission to list all nodes for the given model manifest", + "privilege": "ListModelManifestNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "modelmanifest*" } ] }, { - "access_level": "Write", - "description": "Updates the specified pipeline.", - "privilege": "UpdatePipeline", + "access_level": "Read", + "description": "Grants permission to list all model manifests, with an optional filter on signal catalog", + "privilege": "ListModelManifests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:channel/${ChannelName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:dataset/${DatasetName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:datastore/${DatastoreName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "datastore" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:pipeline/${PipelineName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - } - ], - "service_name": "AWS IoT Analytics" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" - } - ], - "prefix": "iotdeviceadvisor", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a suite definition", - "privilege": "CreateSuiteDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a suite definition", - "privilege": "DeleteSuiteDefinition", + "access_level": "Read", + "description": "Grants permission to list all nodes for a given signal catalog", + "privilege": "ListSignalCatalogNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "signalcatalog*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a suite definition", - "privilege": "GetSuiteDefinition", + "description": "Grants permission to list all signal catalogs", + "privilege": "ListSignalCatalogs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a suite run", - "privilege": "GetSuiteRun", + "description": "Grants permission to list all vehicles, with an optional filter on model manifest", + "privilege": "ListVehicles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the qualification report for a suite run", - "privilege": "GetSuiteRunReport", + "description": "Grants permission to list vehicles in the given fleet", + "privilege": "ListVehiclesInFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Grants permission to list suite definitions", - "privilege": "ListSuiteDefinitions", + "access_level": "Write", + "description": "Grants permission to register an AWS account to IoT FleetWise", + "privilege": "RegisterAccount", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list suite runs", - "privilege": "ListSuiteRuns", + "access_level": "Write", + "description": "Grants permission to update the given campaign", + "privilege": "UpdateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags (metadata) assigned to a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a decoder manifest defnition", + "privilege": "UpdateDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "suiterun" + "resource_type": "decodermanifest*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a suite run", - "privilege": "StartSuiteRun", + "description": "Grants permission to update the fleet", + "privilege": "UpdateFleet", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a suite run", - "privilege": "StopSuiteRun", + "description": "Grants permission to update the given model manifest definition", + "privilege": "UpdateModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "modelmanifest*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add to or modify the tags of the given resource. Tags are metadata which can be used to manage a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a specific signal catalog definition", + "privilege": "UpdateSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "suiterun" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update the vehicle", + "privilege": "UpdateVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" + "resource_type": "vehicle*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun" + "resource_type": "decodermanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest" }, { "condition_keys": [ - "aws:TagKeys" + "iotfleetwise:UpdateToModelManifestArn", + "iotfleetwise:UpdateToDecoderManifestArn" ], "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a suite definition", - "privilege": "UpdateSuiteDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "suitedefinition*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${suiteDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "suitedefinition" + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:campaign/${CampaignName}", + "condition_keys": [], + "resource": "campaign" }, { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${suiteDefinitionId}/${suiteRunId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "suiterun" + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:decoder-manifest/${Name}", + "condition_keys": [], + "resource": "decodermanifest" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:fleet/${FleetId}", + "condition_keys": [], + "resource": "fleet" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:model-manifest/${Name}", + "condition_keys": [], + "resource": "modelmanifest" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:signal-catalog/${Name}", + "condition_keys": [], + "resource": "signalcatalog" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:vehicle/${VehicleId}", + "condition_keys": [], + "resource": "vehicle" } ], - "service_name": "AWS IoT Core Device Advisor" + "service_name": "AWS IoT FleetWise" }, { "conditions": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", + "condition": "iotroborunner:ActionResourceId", + "description": "Filters access by the action's identifier", "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", + "condition": "iotroborunner:ActionTemplateResourceId", + "description": "Filters access by the action template's identifier", "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", + "condition": "iotroborunner:ActivityResourceId", + "description": "Filters access by the activity's identifier", "type": "String" }, { - "condition": "iotevents:keyValue", - "description": "Filters access by the instanceId (key-value) of the message", + "condition": "iotroborunner:DestinationRelationshipResourceId", + "description": "Filters access by the destination relationship's identifier", + "type": "String" + }, + { + "condition": "iotroborunner:DestinationResourceId", + "description": "Filters access by the destination's identifier", + "type": "String" + }, + { + "condition": "iotroborunner:SiteResourceId", + "description": "Filters access by the site's identifier", + "type": "String" + }, + { + "condition": "iotroborunner:TaggingResourceTagKey", + "description": "Filters access by the metadata tag name", + "type": "String" + }, + { + "condition": "iotroborunner:TaskResourceId", + "description": "Filters access by the task's identifer", + "type": "String" + }, + { + "condition": "iotroborunner:WorkerFleetResourceId", + "description": "Filters access by the worker fleet's identifier", + "type": "String" + }, + { + "condition": "iotroborunner:WorkerResourceId", + "description": "Filters access by the workers identifier", "type": "String" } ], - "prefix": "iotevents", + "prefix": "iotroborunner", "privileges": [ { "access_level": "Write", - "description": "Grants permission to send one or more acknowledge action requests to AWS IoT Events", - "privilege": "BatchAcknowledgeAlarm", + "description": "Grants permission to create an action", + "privilege": "CreateAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable one or more alarm instances", - "privilege": "BatchDisableAlarm", + "description": "Grants permission to create an action template", + "privilege": "CreateActionTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable one or more alarm instances", - "privilege": "BatchEnableAlarm", + "description": "Grants permission to create an action template dependency", + "privilege": "CreateActionTemplateDependency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send a set of messages to the AWS IoT Events system", - "privilege": "BatchPutMessage", + "description": "Grants permission to create an activity", + "privilege": "CreateActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reset one or more alarm instances", - "privilege": "BatchResetAlarm", + "description": "Grants permission to create an activity dependency", + "privilege": "CreateActivityDependency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change one or more alarm instances to the snooze mode", - "privilege": "BatchSnoozeAlarm", + "description": "Grants permission to create a destination", + "privilege": "CreateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a detector instance within the AWS IoT Events system", - "privilege": "BatchUpdateDetector", + "description": "Grants permission to create a destination relationship", + "privilege": "CreateDestinationRelationship", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an alarm model to monitor an AWS IoT Events input attribute or an AWS IoT SiteWise asset property", - "privilege": "CreateAlarmModel", + "description": "Grants permission to create a site", + "privilege": "CreateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a detector model to monitor an AWS IoT Events input attribute", - "privilege": "CreateDetectorModel", + "description": "Grants permission to create a task", + "privilege": "CreateTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Input in IotEvents", - "privilege": "CreateInput", + "description": "Grants permission to create a task dependency", + "privilege": "CreateTaskDependency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a worker", + "privilege": "CreateWorker", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -94837,128 +102739,128 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an alarm model", - "privilege": "DeleteAlarmModel", + "description": "Grants permission to create a worker fleet", + "privilege": "CreateWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a detector model", - "privilege": "DeleteDetectorModel", + "description": "Grants permission to delete an action", + "privilege": "DeleteAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "ActionResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an input", - "privilege": "DeleteInput", + "description": "Grants permission to delete an action template", + "privilege": "DeleteActionTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "ActionTemplateResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an alarm instance", - "privilege": "DescribeAlarm", + "access_level": "Write", + "description": "Grants permission to delete an action template dependency", + "privilege": "DeleteActionTemplateDependency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an alarm model", - "privilege": "DescribeAlarmModel", + "access_level": "Write", + "description": "Grants permission to delete an activity", + "privilege": "DeleteActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "ActivityResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retriev information about a detector instance", - "privilege": "DescribeDetector", + "access_level": "Write", + "description": "Grants permission to delete an activity dependency", + "privilege": "DeleteActivityDependency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a detector model", - "privilege": "DescribeDetectorModel", + "access_level": "Write", + "description": "Grants permission to delete a destination", + "privilege": "DeleteDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "DestinationResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the detector model analysis information", - "privilege": "DescribeDetectorModelAnalysis", + "access_level": "Write", + "description": "Grants permission to delete a destination relationship", + "privilege": "DeleteDestinationRelationship", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DestinationRelationshipResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an information about Input", - "privilege": "DescribeInput", + "access_level": "Write", + "description": "Grants permission to delete a site", + "privilege": "DeleteSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current settings of the AWS IoT Events logging options", - "privilege": "DescribeLoggingOptions", + "access_level": "Write", + "description": "Grants permission to delete a task", + "privilege": "DeleteTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "TaskResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the detector model analysis results", - "privilege": "GetDetectorModelAnalysisResults", + "access_level": "Write", + "description": "Grants permission to delete a task dependency", + "privilege": "DeleteTaskDependency", "resource_types": [ { "condition_keys": [], @@ -94968,134 +102870,141 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the versions of an alarm model", - "privilege": "ListAlarmModelVersions", + "access_level": "Write", + "description": "Grants permission to delete a worker", + "privilege": "DeleteWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "WorkerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the alarm models that you created", - "privilege": "ListAlarmModels", + "access_level": "Write", + "description": "Grants permission to delete a worker fleet", + "privilege": "DeleteWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkerFleetResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all alarm instances per alarmModel", - "privilege": "ListAlarms", + "access_level": "Read", + "description": "Grants permission to get an action", + "privilege": "GetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "ActionResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the versions of a detector model", - "privilege": "ListDetectorModelVersions", + "access_level": "Read", + "description": "Grants permission to get an action template", + "privilege": "GetActionTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "ActionTemplateResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the detector models that you created", - "privilege": "ListDetectorModels", + "access_level": "Read", + "description": "Grants permission to get an activity", + "privilege": "GetActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ActivityResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all detector instances per detectormodel", - "privilege": "ListDetectors", + "access_level": "Read", + "description": "Grants permission to get a destination", + "privilege": "GetDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "DestinationResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list one or more input routings", - "privilege": "ListInputRoutings", + "access_level": "Read", + "description": "Grants permission to get a destination relationship", + "privilege": "GetDestinationRelationship", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DestinationRelationshipResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists the inputs you have created", - "privilege": "ListInputs", + "access_level": "Read", + "description": "Grants permission to get a site", + "privilege": "GetSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SiteResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get a task", + "privilege": "GetTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" - }, + "resource_type": "TaskResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a worker", + "privilege": "GetWorker", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" + "resource_type": "WorkerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set or update the AWS IoT Events logging options", - "privilege": "PutLoggingOptions", + "access_level": "Read", + "description": "Grants permission to get a worker fleet", + "privilege": "GetWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkerFleetResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the detector model analysis", - "privilege": "StartDetectorModelAnalysis", + "access_level": "Read", + "description": "Grants permission to list action templates", + "privilege": "ListActionTemplates", "resource_types": [ { "condition_keys": [], @@ -95105,278 +103014,259 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds to or modifies the tags of the given resource.Tags are metadata which can be used to manage a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list actions", + "privilege": "ListActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from the resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to list activities", + "privilege": "ListActivities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list destination relationships", + "privilege": "ListDestinationRelationships", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an alarm model", - "privilege": "UpdateAlarmModel", + "access_level": "Read", + "description": "Grants permission to list destinations", + "privilege": "ListDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a detector model", - "privilege": "UpdateDetectorModel", + "access_level": "Read", + "description": "Grants permission to list sites", + "privilege": "ListSites", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an input", - "privilege": "UpdateInput", + "access_level": "Read", + "description": "Grants permission to list tasks", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update input routing", - "privilege": "UpdateInputRouting", + "access_level": "Read", + "description": "Grants permission to list worker fleets", + "privilege": "ListWorkerFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:detectorModel/${DetectorModelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detectorModel" - }, - { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:alarmModel/${AlarmModelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "alarmModel" - }, - { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:input/${inputName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "input" - } - ], - "service_name": "AWS IoT Events" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", - "type": "String" - } - ], - "prefix": "iotfleethub", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "access_level": "Read", + "description": "Grants permission to list workers", + "privilege": "ListWorkers", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "description": "Grants permission to update an action's state", + "privilege": "UpdateActionState", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "application*" + "dependent_actions": [], + "resource_type": "ActionResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an application", - "privilege": "DescribeApplication", + "access_level": "Write", + "description": "Grants permission to update an activity", + "privilege": "UpdateActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "ActivityResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all applications", - "privilege": "ListApplications", + "access_level": "Write", + "description": "Grants permission to update a destination", + "privilege": "UpdateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DestinationResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a site", + "privilege": "UpdateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a task", + "privilege": "UpdateTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "TaskResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a worker", + "privilege": "UpdateWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", + "description": "Grants permission to update a worker fleet", + "privilege": "UpdateWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "WorkerFleetResource*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotfleethub::${Account}:application/${ApplicationId}", + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:action/${ActionId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "iotroborunner:ActionResourceId" ], - "resource": "application" + "resource": "ActionResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:action-template/${ActionTemplateId}", + "condition_keys": [ + "iotroborunner:ActionTemplateResourceId" + ], + "resource": "ActionTemplateResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:activity/${ActivityId}", + "condition_keys": [ + "iotroborunner:ActivityResourceId" + ], + "resource": "ActivityResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:destination-relationship/${DestinationRelationshipId}", + "condition_keys": [ + "iotroborunner:DestinationRelationshipResourceId" + ], + "resource": "DestinationRelationshipResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:destination/${DestinationId}", + "condition_keys": [ + "iotroborunner:DestinationResourceId" + ], + "resource": "DestinationResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}", + "condition_keys": [ + "iotroborunner:SiteResourceId" + ], + "resource": "SiteResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:tag/${TagKey}", + "condition_keys": [ + "iotroborunner:TaggingResourceTagKey" + ], + "resource": "TaggingResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:task/${TaskId}", + "condition_keys": [ + "iotroborunner:TaskResourceId" + ], + "resource": "TaskResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:worker-fleet/${WorkerFleetId}", + "condition_keys": [ + "iotroborunner:WorkerFleetResourceId" + ], + "resource": "WorkerFleetResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:worker/${WorkerId}", + "condition_keys": [ + "iotroborunner:WorkerResourceId" + ], + "resource": "WorkerResource" } ], - "service_name": "AWS IoT Fleet Hub for Device Management" + "service_name": "AWS IoT RoboRunner" }, { "conditions": [ @@ -95392,7 +103282,7 @@ }, { "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", + "description": "Filters access by the tag keys in the request", "type": "String" }, { @@ -95402,7 +103292,7 @@ }, { "condition": "iotsitewise:childAssetId", - "description": "Filters access by the ID of a child asset being associated to a parent asset", + "description": "Filters access by the ID of a child asset being associated whith a parent asset", "type": "String" }, { @@ -95415,6 +103305,11 @@ "description": "Filters access by the ID of an AWS IAM identity", "type": "String" }, + { + "condition": "iotsitewise:isAssociatedWithAssetProperty", + "description": "Filters access by data streams associated with or not associated with asset properties", + "type": "String" + }, { "condition": "iotsitewise:portal", "description": "Filters access by the ID of a portal", @@ -95425,6 +103320,11 @@ "description": "Filters access by the ID of a project", "type": "String" }, + { + "condition": "iotsitewise:propertyAlias", + "description": "Filters access by the property alias", + "type": "String" + }, { "condition": "iotsitewise:propertyId", "description": "Filters access by the ID of an asset property", @@ -95440,7 +103340,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a child asset to a parent asset by a hierarchy", + "description": "Grants permission to associate a child asset with a parent asset through a hierarchy", "privilege": "AssociateAssets", "resource_types": [ { @@ -95450,6 +103350,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a time series with an asset property", + "privilege": "AssociateTimeSeriesToAssetProperty", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate assets to a project", @@ -95482,7 +103399,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" } ] }, @@ -95705,6 +103627,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a time series", + "privilege": "DeleteTimeSeries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an access policy", @@ -95849,6 +103788,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a time series", + "privilege": "DescribeTimeSeries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a child asset from a parent asset by a hierarchy", @@ -95861,6 +103817,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a time series from an asset property", + "privilege": "DisassociateTimeSeriesFromAssetProperty", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve computed aggregates for an asset property", @@ -95869,7 +103842,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" } ] }, @@ -95881,7 +103859,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" } ] }, @@ -95893,19 +103876,29 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve interpolated values for an asset property", "privilege": "GetInterpolatedAssetPropertyValues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" } ] }, @@ -95964,7 +103957,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all assets associated to an asset by a hierarchy", + "description": "Grants permission to list all assets associated with an asset through a hierarchy", "privilege": "ListAssociatedAssets", "resource_types": [ { @@ -96083,6 +104076,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list time series", + "privilege": "ListTimeSeries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set the default encryption configuration for the AWS account", @@ -96109,7 +104114,7 @@ }, { "access_level": "Write", - "description": "Grants permission to set storage configuration for the AWS account", + "description": "Grants permission to configure storage settings for the AWS account", "privilege": "PutStorageConfiguration", "resource_types": [ { @@ -96354,6 +104359,11 @@ ], "resource": "asset-model" }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:time-series/${TimeSeriesId}", + "condition_keys": [], + "resource": "time-series" + }, { "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:gateway/${GatewayId}", "condition_keys": [ @@ -96878,6 +104888,547 @@ ], "service_name": "AWS IoT Things Graph" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "String" + } + ], + "prefix": "iottwinmaker", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to set values for multiple time series properties", + "privilege": "BatchPutPropertyValues", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a componentType", + "privilege": "CreateComponentType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an entity", + "privilege": "CreateEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a scene", + "privilege": "CreateScene", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a workspace", + "privilege": "CreateWorkspace", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a componentType", + "privilege": "DeleteComponentType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an entity", + "privilege": "DeleteEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a scene", + "privilege": "DeleteScene", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a workspace", + "privilege": "DeleteWorkspace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a componentType", + "privilege": "GetComponentType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an entity", + "privilege": "GetEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the property values", + "privilege": "GetPropertyValue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the time series value history", + "privilege": "GetPropertyValueHistory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a scene", + "privilege": "GetScene", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a workspace", + "privilege": "GetWorkspace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all componentTypes in a workspace", + "privilege": "ListComponentTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all entities in a workspace", + "privilege": "ListEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all scenes in a workspace", + "privilege": "ListScenes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all workspaces", + "privilege": "ListWorkspaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a componentType", + "privilege": "UpdateComponentType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an entity", + "privilege": "UpdateEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a scene", + "privilege": "UpdateScene", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a workspace", + "privilege": "UpdateWorkspace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workspace" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/entity/${EntityId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entity" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/component-type/${ComponentTypeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentType" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/scene/${SceneId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "scene" + } + ], + "service_name": "AWS IoT TwinMaker" + }, { "conditions": [ { @@ -96892,7 +105443,7 @@ }, { "condition": "aws:TagKeys", - "description": "Filters access based on the list of all the tag key names associated with the resource in the request", + "description": "Filters access by the list of all the tag key names associated with the resource in the request", "type": "String" } ], @@ -96913,6 +105464,57 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate the MulticastGroup with FuotaTask", + "privilege": "AssociateMulticastGroupWithFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate the wireless device with FuotaTask", + "privilege": "AssociateWirelessDeviceWithFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate the WirelessDevice with MulticastGroup", + "privilege": "AssociateWirelessDeviceWithMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate the wireless device with AWS IoT thing for a given wirelessDeviceId", @@ -96968,6 +105570,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel the MulticastGroup session", + "privilege": "CancelMulticastGroupSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a Destination resource", @@ -96998,6 +105612,36 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a FuotaTask resource", + "privilege": "CreateFuotaTask", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a MulticastGroup resource", + "privilege": "CreateMulticastGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a ServiceProfile resource", @@ -97094,6 +105738,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the FuotaTask", + "privilege": "DeleteFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the MulticastGroup", + "privilege": "DeleteMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a ServiceProfile", @@ -97166,6 +105834,57 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the MulticastGroup from FuotaTask", + "privilege": "DisassociateMulticastGroupFromFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the wireless device from FuotaTask", + "privilege": "DisassociateWirelessDeviceFromFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the wireless device from MulticastGroup", + "privilege": "DisassociateWirelessDeviceFromMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a wireless device from a AWS IoT thing", @@ -97245,6 +105964,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the FuotaTask", + "privilege": "GetFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get log levels by resource types", @@ -97257,6 +105988,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the MulticastGroup", + "privilege": "GetMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the MulticastGroup session", + "privilege": "GetMulticastGroupSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the NetworkAnalyzerConfiguration", + "privilege": "GetNetworkAnalyzerConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the associated PartnerAccount", @@ -97269,6 +106036,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an event configuration for an identifier", + "privilege": "GetResourceEventConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SidewalkAccount" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get resource log level", @@ -97408,7 +106187,7 @@ }, { "access_level": "Read", - "description": "List information of available Destinations based on the AWS account.", + "description": "Grants permission to list information of available Destinations based on the AWS account", "privilege": "ListDestinations", "resource_types": [ { @@ -97430,6 +106209,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list information of available FuotaTasks based on the AWS account", + "privilege": "ListFuotaTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available MulticastGroups based on the AWS account", + "privilege": "ListMulticastGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available MulticastGroups by FuotaTask based on the AWS account", + "privilege": "ListMulticastGroupsByFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the available partner accounts", @@ -97493,69 +106308,281 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "WirelessGatewayTaskDefinition" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list information of available WirelessDevices based on the AWS account", - "privilege": "ListWirelessDevices", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWS account", - "privilege": "ListWirelessGatewayTaskDefinitions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list information of available WirelessGateways based on the AWS account", - "privilege": "ListWirelessGateways", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put resource log level", - "privilege": "PutResourceLogLevel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessDevices based on the AWS account", + "privilege": "ListWirelessDevices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWS account", + "privilege": "ListWirelessGatewayTaskDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessGateways based on the AWS account", + "privilege": "ListWirelessGateways", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put resource log level", + "privilege": "PutResourceLogLevel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset all resource log levels", + "privilege": "ResetAllResourceLogLevels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset resource log level", + "privilege": "ResetResourceLogLevel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send data to the MulticastGroup", + "privilege": "SendDataToMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send the decrypted application data frame to the target device", + "privilege": "SendDataToWirelessDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate the WirelessDevices with MulticastGroup", + "privilege": "StartBulkAssociateWirelessDeviceWithMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to bulk disassociate the WirelessDevices from MulticastGroup", + "privilege": "StartBulkDisassociateWirelessDeviceFromMulticastGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the FuotaTask", + "privilege": "StartFuotaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FuotaTask*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the MulticastGroup session", + "privilege": "StartMulticastGroupSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start NetworkAnalyzer stream", + "privilege": "StartNetworkAnalyzerStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a given resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DeviceProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ServiceProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SidewalkAccount" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGatewayTaskDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to simulate a provisioned device to send an uplink data with payload of 'Hello'", + "privilege": "TestWirelessDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags from the resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DeviceProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ServiceProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SidewalkAccount" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGatewayTaskDefinition" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reset all resource log levels", - "privilege": "ResetAllResourceLogLevels", - "resource_types": [ - { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -97563,177 +106590,85 @@ }, { "access_level": "Write", - "description": "Grants permission to reset resource log level", - "privilege": "ResetResourceLogLevel", + "description": "Grants permission to update a Destination resource", + "privilege": "UpdateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "Destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to send the decrypted application data frame to the target device", - "privilege": "SendDataToWirelessDevice", + "description": "Grants permission to update the FuotaTask", + "privilege": "UpdateFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "FuotaTask*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a given resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update log levels by resource types", + "privilege": "UpdateLogLevelsByResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to simulate a provisioned device to send an uplink data with payload of 'Hello'", - "privilege": "TestWirelessDevice", + "description": "Grants permission to update the MulticastGroup", + "privilege": "UpdateMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags from the resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MulticastGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a Destination resource", - "privilege": "UpdateDestination", + "description": "Grants permission to update the NetworkAnalyzerConfiguration", + "privilege": "UpdateNetworkAnalyzerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update log levels by resource types", - "privilege": "UpdateLogLevelsByResourceTypes", + "description": "Grants permission to update a partner account", + "privilege": "UpdatePartnerAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SidewalkAccount*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a partner account", - "privilege": "UpdatePartnerAccount", + "description": "Grants permission to update an event configuration for an identifier", + "privilege": "UpdateResourceEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SidewalkAccount*" + "resource_type": "SidewalkAccount" } ] }, @@ -97812,6 +106747,20 @@ ], "resource": "WirelessGatewayTaskDefinition" }, + { + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:FuotaTask/${FuotaTaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "FuotaTask" + }, + { + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:MulticastGroup/${MulticastGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "MulticastGroup" + }, { "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", "condition_keys": [], @@ -97869,17 +106818,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags associated with the request", + "description": "Filters access by the tags associated with the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -98087,6 +107036,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about the stream session on a specified channel", + "privilege": "GetStreamSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Channel*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to import the public key", @@ -98160,6 +107121,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get summary information about streams sessions on a specified channel", + "privilege": "ListStreamSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Channel*" + } + ] + }, { "access_level": "List", "description": "Grants permission to get summary information about live streams", @@ -98349,17 +107322,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], @@ -98418,6 +107391,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateClusterV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an MSK configuration", @@ -98478,6 +107463,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeClusterV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an MSK configuration", @@ -98550,6 +107547,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListClustersV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all revisions for an MSK configuration in this account", @@ -98611,7 +107620,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags of an MSK resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -98745,6 +107754,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the connectivity settings for the MSK cluster", + "privilege": "UpdateConnectivity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the monitoring settings for the MSK cluster", @@ -99097,6 +108121,185 @@ ], "service_name": "Apache Kafka APIs for Amazon MSK clusters" }, + { + "conditions": [], + "prefix": "kafkaconnect", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an MSK Connect connector", + "privilege": "CreateConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "firehose:TagDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "iam:PutRolePolicy", + "logs:CreateLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an MSK Connect custom plugin", + "privilege": "CreateCustomPlugin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an MSK Connect worker configuration", + "privilege": "CreateWorkerConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an MSK Connect connector", + "privilege": "DeleteConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an MSK Connect connector", + "privilege": "DescribeConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an MSK Connect custom plugin", + "privilege": "DescribeCustomPlugin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom plugin*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an MSK Connect worker configuration", + "privilege": "DescribeWorkerConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "worker configuration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all MSK Connect connectors in this account", + "privilege": "ListConnectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all MSK Connect custom plugins in this account", + "privilege": "ListCustomPlugins", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all MSK Connect worker configurations in this account", + "privilege": "ListWorkerConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an MSK Connect connector", + "privilege": "UpdateConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:connector/${ConnectorName}/${UUID}", + "condition_keys": [], + "resource": "connector" + }, + { + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:custom-plugin/${CustomPluginName}/${UUID}", + "condition_keys": [], + "resource": "custom plugin" + }, + { + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:worker-configuration/${WorkerConfigurationName}/${UUID}", + "condition_keys": [], + "resource": "worker configuration" + } + ], + "service_name": "Amazon Managed Streaming for Kafka Connect" + }, { "conditions": [ { @@ -99117,6 +108320,30 @@ ], "prefix": "kendra", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "AssociateEntitiesToExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "AssociatePersonasToEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to batch delete document", @@ -99130,14 +108357,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to do batch get document status", "privilege": "BatchGetDocumentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, @@ -99185,6 +108412,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an Faq", @@ -99277,6 +108516,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Faq", @@ -99374,6 +108625,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an Faq", @@ -99466,6 +108729,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DisassociateEntitiesFromExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DisassociatePersonasFromEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get suggestions for a query prefix", @@ -99478,6 +108765,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetSnapshots", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get Data Source sync job history", @@ -99507,6 +108806,42 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEntityPersonas", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListExperienceEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListExperiences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the Faqs", @@ -99775,6 +109110,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateExperience", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an Index", @@ -102318,8 +111665,8 @@ "prefix": "lakeformation", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Tagging", + "description": "Grants permission to attach lakeformation tags to catalog resources", "privilege": "AddLFTagsToResource", "resource_types": [ { @@ -102331,7 +111678,7 @@ }, { "access_level": "Permissions management", - "description": "Grants data lake permissions to one or more principals in a batch.", + "description": "Grants permission to data lake permissions to one or more principals in a batch", "privilege": "BatchGrantPermissions", "resource_types": [ { @@ -102343,7 +111690,7 @@ }, { "access_level": "Permissions management", - "description": "Revokes data lake permissions from one or more principals in a batch.", + "description": "Grants permission to revoke data lake permissions from one or more principals in a batch", "privilege": "BatchRevokePermissions", "resource_types": [ { @@ -102356,7 +111703,7 @@ { "access_level": "Unknown", "description": "", - "privilege": "CreateLFTag", + "privilege": "CancelTransaction", "resource_types": [ { "condition_keys": [], @@ -102368,6 +111715,30 @@ { "access_level": "Unknown", "description": "", + "privilege": "CommitTransaction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Lakeformation tag", + "privilege": "CreateLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Lakeformation tag", "privilege": "DeleteLFTag", "resource_types": [ { @@ -102377,9 +111748,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteObjectsOnCancel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Deregisters a registered location.", + "description": "Grants permission to deregister a registered location", "privilege": "DeregisterResource", "resource_types": [ { @@ -102391,7 +111774,7 @@ }, { "access_level": "Read", - "description": "Describes a registered location.", + "description": "Grants permission to describe a registered location", "privilege": "DescribeResource", "resource_types": [ { @@ -102401,9 +111784,33 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeTransaction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ExtendTransaction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Grants virtual data lake access permissions.", + "description": "Grants permission to virtual data lake access", "privilege": "GetDataAccess", "resource_types": [ { @@ -102415,7 +111822,7 @@ }, { "access_level": "Read", - "description": "Retrieves data lake settings such as the list of data lake administrators and database and table default permissions.", + "description": "Grants permission to retrieve data lake settings such as the list of data lake administrators and database and table default permissions", "privilege": "GetDataLakeSettings", "resource_types": [ { @@ -102427,7 +111834,7 @@ }, { "access_level": "Read", - "description": "Retrieves permissions attached to resources in the given path.", + "description": "Grants permission to retrive permissions attached to resources in the given path", "privilege": "GetEffectivePermissionsForPath", "resource_types": [ { @@ -102437,10 +111844,22 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrive a Lakeformation tag", + "privilege": "GetLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Unknown", "description": "", - "privilege": "GetLFTag", + "privilege": "GetQueryState", "resource_types": [ { "condition_keys": [], @@ -102452,6 +111871,18 @@ { "access_level": "Unknown", "description": "", + "privilege": "GetQueryStatistics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve lakeformation tags on a catalog resource", "privilege": "GetResourceLFTags", "resource_types": [ { @@ -102461,9 +111892,33 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetTableObjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetWorkUnits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", - "description": "Grants data lake permissions to a principal.", + "description": "Grants permission to data lake permissions to a principal", "privilege": "GrantPermissions", "resource_types": [ { @@ -102476,6 +111931,18 @@ { "access_level": "Unknown", "description": "", + "privilege": "ListDataCellsFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list Lakeformation tags", "privilege": "ListLFTags", "resource_types": [ { @@ -102487,7 +111954,7 @@ }, { "access_level": "List", - "description": "Lists permissions filtered by principal or resource.", + "description": "Grants permission to list permissions filtered by principal or resource", "privilege": "ListPermissions", "resource_types": [ { @@ -102499,7 +111966,7 @@ }, { "access_level": "List", - "description": "Lists registered locations.", + "description": "Grants permission to List registered locations", "privilege": "ListResources", "resource_types": [ { @@ -102509,9 +111976,33 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListTableStorageOptimizers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListTransactions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", - "description": "Overwrites data lake settings such as the list of data lake administrators and database and table default permissions.", + "description": "Grants permission to overwrite data lake settings such as the list of data lake administrators and database and table default permissions", "privilege": "PutDataLakeSettings", "resource_types": [ { @@ -102523,7 +112014,7 @@ }, { "access_level": "Write", - "description": "Registers a new location to be managed by Lake Formation.", + "description": "Grants permission to register a new location to be managed by Lake Formation", "privilege": "RegisterResource", "resource_types": [ { @@ -102534,8 +112025,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Tagging", + "description": "Grants permission to remove lakeformation tags from catalog resources", "privilege": "RemoveLFTagsFromResource", "resource_types": [ { @@ -102547,7 +112038,7 @@ }, { "access_level": "Permissions management", - "description": "Revokes data lake permissions from a principal.", + "description": "Grants permission to revoke data lake permissions from a principal", "privilege": "RevokePermissions", "resource_types": [ { @@ -102558,8 +112049,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to list catalog databases with lakeformation tags", "privilege": "SearchDatabasesByLFTags", "resource_types": [ { @@ -102570,8 +112061,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to list catalog tables with lakeformation tags", "privilege": "SearchTablesByLFTags", "resource_types": [ { @@ -102584,6 +112075,18 @@ { "access_level": "Unknown", "description": "", + "privilege": "StartTransaction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a Lakeformation tag", "privilege": "UpdateLFTag", "resource_types": [ { @@ -102595,7 +112098,7 @@ }, { "access_level": "Write", - "description": "Updates a registered location.", + "description": "Grants permission to update a registered location", "privilege": "UpdateResource", "resource_types": [ { @@ -102604,6 +112107,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateTableObjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -102624,7 +112139,7 @@ { "condition": "lambda:Layer", "description": "Filters access by the ARN of a version of an AWS Lambda layer", - "type": "String" + "type": "ArrayOfString" }, { "condition": "lambda:Principal", @@ -103055,7 +112570,7 @@ }, { "access_level": "Write", - "description": "(Deprecated) Grants permission to invoke a function asynchronously", + "description": "Grants permission to invoke a function asynchronously (Deprecated)", "privilege": "InvokeAsync", "resource_types": [ { @@ -103607,17 +113122,47 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags in the request", + "description": "Filters access based on the tags in the request.", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to a Lex resource", + "description": "Filters access by the tags attached to a Lex resource.", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the set of tag keys in the request.", + "type": "String" + }, + { + "condition": "lex:associatedIntents", + "description": "Enables you to control access based on the intents included in the request.", + "type": "String" + }, + { + "condition": "lex:associatedSlotTypes", + "description": "Enables you to control access based on the slot types included in the request.", + "type": "String" + }, + { + "condition": "lex:channelType", + "description": "Enables you to control access based on the channel type included in the request.", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the set of tag keys in the request.", + "description": "Filters access by the set of tag keys in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the set of tag keys in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the set of tag keys in the request", "type": "String" } ], @@ -103625,9 +113170,14 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to build an existing bot locale in a bot", - "privilege": "BuildBotLocale", + "description": "Creates a new version based on the $LATEST version of the specified bot.", + "privilege": "CreateBotVersion", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + }, { "condition_keys": [], "dependent_actions": [], @@ -103637,18 +113187,530 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new bot and a test bot alias pointing to the DRAFT bot version", - "privilege": "CreateBot", + "description": "Creates a new version based on the $LATEST version of the specified intent.", + "privilege": "CreateIntentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "intent version*" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a new version based on the $LATEST version of the specified slot type.", + "privilege": "CreateSlotTypeVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes all versions of a bot.", + "privilege": "DeleteBot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + }, + { + "condition_keys": [], + "dependent_actions": [ + "lex:DeleteBotAlias", + "lex:DeleteBotChannel", + "lex:DeleteBotLocale", + "lex:DeleteBotVersion", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType" + ], "resource_type": "bot*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "bot alias*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes an alias for a specific bot.", + "privilege": "DeleteBotAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the association between a Amazon Lex bot alias and a messaging platform.", + "privilege": "DeleteBotChannelAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes a specific version of a bot.", + "privilege": "DeleteBotVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes all versions of an intent.", + "privilege": "DeleteIntent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "intent version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes a specific version of an intent.", + "privilege": "DeleteIntentVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "intent version*" + } + ] + }, + { + "access_level": "Write", + "description": "Removes session information for a specified bot, alias, and user ID.", + "privilege": "DeleteSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes all versions of a slot type.", + "privilege": "DeleteSlotType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes a specific version of a slot type.", + "privilege": "DeleteSlotTypeVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes the information Amazon Lex maintains for utterances on a specific bot and userId.", + "privilege": "DeleteUtterances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information for a specific bot. In addition to the bot name, the bot version or alias is required.", + "privilege": "GetBot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information about a Amazon Lex bot alias.", + "privilege": "GetBotAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias*" + } + ] + }, + { + "access_level": "List", + "description": "Returns a list of aliases for a given Amazon Lex bot.", + "privilege": "GetBotAliases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information about the association between a Amazon Lex bot and a messaging platform.", + "privilege": "GetBotChannelAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "List", + "description": "Returns a list of all of the channels associated with a single bot.", + "privilege": "GetBotChannelAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for all versions of a specific bot.", + "privilege": "GetBotVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for the $LATEST version of all bots, subject to filters provided by the client.", + "privilege": "GetBots", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information about a built-in intent.", + "privilege": "GetBuiltinIntent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Gets a list of built-in intents that meet the specified criteria.", + "privilege": "GetBuiltinIntents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Gets a list of built-in slot types that meet the specified criteria.", + "privilege": "GetBuiltinSlotTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Exports Amazon Lex Resource in a requested format.", + "privilege": "GetExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + } + ] + }, + { + "access_level": "Read", + "description": "Gets information about an import job started with StartImport.", + "privilege": "GetImport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information for a specific intent. In addition to the intent name, you must also specify the intent version.", + "privilege": "GetIntent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "intent version*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for all versions of a specific intent.", + "privilege": "GetIntentVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "intent version*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for the $LATEST version of all intents, subject to filters provided by the client.", + "privilege": "GetIntents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view an ongoing or completed migration", + "privilege": "GetMigration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view list of migrations from Amazon Lex v1 to Amazon Lex v2", + "privilege": "GetMigrations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Returns session information for a specified bot, alias, and user ID.", + "privilege": "GetSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Read", + "description": "Returns information about a specific version of a slot type. In addition to specifying the slot type name, you must also specify the slot type version.", + "privilege": "GetSlotType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for all versions of a specific slot type.", + "privilege": "GetSlotTypeVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "List", + "description": "Returns information for the $LATEST version of all slot types, subject to filters provided by the client.", + "privilege": "GetSlotTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Returns a view of aggregate utterance data for versions of a bot for a recent time period.", + "privilege": "GetUtterancesView", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + } + ] + }, + { + "access_level": "Read", + "description": "Lists tags for a Lex resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + } + ] + }, + { + "access_level": "Write", + "description": "Sends user input (text or speech) to Amazon Lex.", + "privilege": "PostContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Write", + "description": "Sends user input (text-only) to Amazon Lex.", + "privilege": "PostText", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Write", + "description": "Creates or updates the $LATEST version of a Amazon Lex conversational bot.", + "privilege": "PutBot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" }, { "condition_keys": [ @@ -103662,8 +113724,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new bot alias in a bot", - "privilege": "CreateBotAlias", + "description": "Creates or updates an alias for the specific bot.", + "privilege": "PutBotAlias", "resource_types": [ { "condition_keys": [], @@ -103682,20 +113744,158 @@ }, { "access_level": "Write", - "description": "Grants permission to create a bot channel in an existing bot", - "privilege": "CreateBotChannel", + "description": "Creates or updates the $LATEST version of an intent.", + "privilege": "PutIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "intent version*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new bot locale in an existing bot", - "privilege": "CreateBotLocale", + "description": "Creates a new session or modifies an existing session with an Amazon Lex bot.", + "privilege": "PutSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" + } + ] + }, + { + "access_level": "Write", + "description": "Creates or updates the $LATEST version of a slot type.", + "privilege": "PutSlotType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "Write", + "description": "Starts a job to import a resource to Amazon Lex.", + "privilege": "StartImport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "lex:CreateBot", + "lex:CreateBotLocale", + "lex:CreateIntent", + "lex:CreateSlot", + "lex:CreateSlotType", + "lex:DeleteBotLocale", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType", + "lex:UpdateBot", + "lex:UpdateBotLocale", + "lex:UpdateIntent", + "lex:UpdateSlot", + "lex:UpdateSlotType" + ], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to migrate a bot from Amazon Lex v1 to Amazon Lex v2", + "privilege": "StartMigration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Adds or overwrites tags to a Lex resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Removes tags from a Lex resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to build an existing bot locale in a bot", + "privilege": "BuildBotLocale", "resource_types": [ { "condition_keys": [], @@ -103706,8 +113906,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new version of an existing bot", - "privilege": "CreateBotVersion", + "description": "Grants permission to create a new bot and a test bot alias pointing to the DRAFT bot version", + "privilege": "CreateBot", "resource_types": [ { "condition_keys": [], @@ -103717,7 +113917,59 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "bot alias*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new bot alias in a bot", + "privilege": "CreateBotAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a bot channel in an existing bot", + "privilege": "CreateBotChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new bot locale in an existing bot", + "privilege": "CreateBotLocale", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" } ] }, @@ -103798,48 +114050,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing bot", - "privilege": "DeleteBot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "lex:DeleteBotAlias", - "lex:DeleteBotChannel", - "lex:DeleteBotLocale", - "lex:DeleteBotVersion", - "lex:DeleteIntent", - "lex:DeleteSlot", - "lex:DeleteSlotType" - ], - "resource_type": "bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing bot alias in a bot", - "privilege": "DeleteBotAlias", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing bot channel", @@ -103868,23 +114078,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing bot version", - "privilege": "DeleteBotVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing export", @@ -103909,23 +114102,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing intent in a bot locale", - "privilege": "DeleteIntent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing resource policy for a Lex resource", @@ -103943,23 +114119,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete session information for a bot alias and user ID", - "privilege": "DeleteSession", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing slot in an intent", @@ -103972,23 +114131,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing slot type in a bot locale", - "privilege": "DeleteSlotType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to retrieve an existing bot", @@ -104039,7 +114181,19 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing bot version.", + "description": "Grants permission to retrieve metadata information about a bot recommendation", + "privilege": "DescribeBotRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot version", "privilege": "DescribeBotVersion", "resource_types": [ { @@ -104137,19 +114291,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve session information for a bot alias and user ID", - "privilege": "GetSession", + "access_level": "List", + "description": "Grants permission to list utterances and statistics for a bot", + "privilege": "ListAggregatedUtterances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "bot*" } ] }, @@ -104189,6 +114338,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get a list of bot recommendations that meet the specified criteria", + "privilege": "ListBotRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing bot versions", @@ -104275,8 +114436,8 @@ }, { "access_level": "List", - "description": "Grants permission to list slot types in a bot", - "privilege": "ListSlotTypes", + "description": "Grants permission to get a list of recommended intents provided by the bot recommendation", + "privilege": "ListRecommendedIntents", "resource_types": [ { "condition_keys": [], @@ -104287,8 +114448,8 @@ }, { "access_level": "List", - "description": "Grants permission to list slots in an intent", - "privilege": "ListSlots", + "description": "Grants permission to list slot types in a bot", + "privilege": "ListSlotTypes", "resource_types": [ { "condition_keys": [], @@ -104298,41 +114459,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to lists tags for a Lex resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new session or modify an existing session for a bot alias and user ID", - "privilege": "PutSession", + "access_level": "List", + "description": "Grants permission to list slots in an intent", + "privilege": "ListSlots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "bot*" } ] }, @@ -104361,114 +114495,38 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stream user input (speech/text/DTMF) to a bot alias", - "privilege": "StartConversation", + "access_level": "List", + "description": "Grants permission to search for associated transcripts that meet the specified criteria", + "privilege": "SearchAssociatedTranscripts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new import with the uploaded import file", - "privilege": "StartImport", + "description": "Grants permission to start a bot recommendation for an existing bot locale", + "privilege": "StartBotRecommendation", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "lex:CreateBot", - "lex:CreateBotLocale", - "lex:CreateIntent", - "lex:CreateSlot", - "lex:CreateSlotType", - "lex:DeleteBotLocale", - "lex:DeleteIntent", - "lex:DeleteSlot", - "lex:DeleteSlotType", - "lex:UpdateBot", - "lex:UpdateBotLocale", - "lex:UpdateIntent", - "lex:UpdateSlot", - "lex:UpdateSlotType" - ], - "resource_type": "bot" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite tags of a Lex resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a Lex resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to stream user input (speech/text/DTMF) to a bot alias", + "privilege": "StartConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, @@ -104508,6 +114566,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing bot recommendation request", + "privilege": "UpdateBotRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing export", @@ -104572,468 +114642,29 @@ "resource_type": "bot*" } ] - }, - { - "access_level": "Write", - "description": "Creates a new version based on the $LATEST version of the specified intent.", - "privilege": "CreateIntentVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, - { - "access_level": "Write", - "description": "Creates a new version based on the $LATEST version of the specified slot type.", - "privilege": "CreateSlotTypeVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes the association between a Amazon Lex bot alias and a messaging platform.", - "privilege": "DeleteBotChannelAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes a specific version of an intent.", - "privilege": "DeleteIntentVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes a specific version of a slot type.", - "privilege": "DeleteSlotTypeVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes the information Amazon Lex maintains for utterances on a specific bot and userId.", - "privilege": "DeleteUtterances", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information for a specific bot. In addition to the bot name, the bot version or alias is required.", - "privilege": "GetBot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information about a Amazon Lex bot alias.", - "privilege": "GetBotAlias", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - } - ] - }, - { - "access_level": "List", - "description": "Returns a list of aliases for a given Amazon Lex bot.", - "privilege": "GetBotAliases", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information about the association between a Amazon Lex bot and a messaging platform.", - "privilege": "GetBotChannelAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "List", - "description": "Returns a list of all of the channels associated with a single bot.", - "privilege": "GetBotChannelAssociations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for all versions of a specific bot.", - "privilege": "GetBotVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for the $LATEST version of all bots, subject to filters provided by the client.", - "privilege": "GetBots", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information about a built-in intent.", - "privilege": "GetBuiltinIntent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Gets a list of built-in intents that meet the specified criteria.", - "privilege": "GetBuiltinIntents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Gets a list of built-in slot types that meet the specified criteria.", - "privilege": "GetBuiltinSlotTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Exports Amazon Lex Resource in a requested format.", - "privilege": "GetExport", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, - { - "access_level": "Read", - "description": "Gets information about an import job started with StartImport.", - "privilege": "GetImport", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information for a specific intent. In addition to the intent name, you must also specify the intent version.", - "privilege": "GetIntent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for all versions of a specific intent.", - "privilege": "GetIntentVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for the $LATEST version of all intents, subject to filters provided by the client.", - "privilege": "GetIntents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view an ongoing or completed migration", - "privilege": "GetMigration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view list of migrations from Amazon Lex v1 to Amazon Lex v2", - "privilege": "GetMigrations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information about a specific version of a slot type. In addition to specifying the slot type name, you must also specify the slot type version.", - "privilege": "GetSlotType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for all versions of a specific slot type.", - "privilege": "GetSlotTypeVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, - { - "access_level": "List", - "description": "Returns information for the $LATEST version of all slot types, subject to filters provided by the client.", - "privilege": "GetSlotTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Returns a view of aggregate utterance data for versions of a bot for a recent time period.", - "privilege": "GetUtterancesView", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] - }, - { - "access_level": "Write", - "description": "Sends user input (text or speech) to Amazon Lex.", - "privilege": "PostContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" - } - ] - }, - { - "access_level": "Write", - "description": "Sends user input (text-only) to Amazon Lex.", - "privilege": "PostText", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" - } - ] - }, - { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of a Amazon Lex conversational bot.", - "privilege": "PutBot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Creates or updates an alias for the specific bot.", - "privilege": "PutBotAlias", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of an intent.", - "privilege": "PutIntent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "intent version*" - } - ] - }, - { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of a slot type.", - "privilege": "PutSlotType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slottype version*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to migrate a bot from Amazon Lex v1 to Amazon Lex v2", - "privilege": "StartMigration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot/${BotId}", + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "bot" }, { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-alias/${BotId}/${BotAliasId}", + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotVersion}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "bot alias" + "resource": "bot version" }, { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotVersion}", + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotAlias}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "bot version" + "resource": "bot alias" }, { "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-channel:${BotName}:${BotAlias}:${ChannelName}", @@ -105160,7 +114791,7 @@ ] }, { - "access_level": "Tagging", + "access_level": "Write", "description": "Grants permission to create a new license configuration", "privilege": "CreateLicenseConfiguration", "resource_types": [ @@ -105174,6 +114805,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a license conversion task for a resource", + "privilege": "CreateLicenseConversionTaskForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a report generator for a license configuration", @@ -105330,6 +114973,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a license conversion task", + "privilege": "GetLicenseConversionTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a report generator", @@ -105403,7 +115058,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list license configurations", "privilege": "ListLicenseConfigurations", "resource_types": [ @@ -105414,6 +115069,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list license conversion tasks", + "privilege": "ListLicenseConversionTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list report generators", @@ -105451,7 +115118,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list licenses", "privilege": "ListLicenses", "resource_types": [ @@ -105499,7 +115166,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for a selected resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -108441,6 +118108,11 @@ "iam:PassRole" ], "resource_type": "log-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "destination" } ] }, @@ -110784,6 +120456,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about managed data identifiers", + "privilege": "ListManagedDataIdentifiers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve information about the Amazon Macie member accounts that are associated with a Macie administrator account", @@ -112383,7 +122067,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate an AWS Certificate Manager (ACM) Amazon Resource Name (ARN) with AWS Elemental MediaConvert.", + "description": "Grants permission to associate an AWS Certificate Manager (ACM) Amazon Resource Name (ARN) with AWS Elemental MediaConvert", "privilege": "AssociateCertificate", "resource_types": [ { @@ -112424,6 +122108,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Queue" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -112494,6 +122186,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Elemental MediaConvert policy", + "privilege": "DeletePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an AWS Elemental MediaConvert custom output preset", @@ -112520,7 +122224,7 @@ }, { "access_level": "List", - "description": "Grants permission to subscribe to the AWS Elemental MediaConvert service, by sending a request for an account-specific endpoint. All transcoding requests must be sent to the endpoint that the service returns.", + "description": "Grants permission to subscribe to the AWS Elemental MediaConvert service, by sending a request for an account-specific endpoint. All transcoding requests must be sent to the endpoint that the service returns", "privilege": "DescribeEndpoints", "resource_types": [ { @@ -112532,7 +122236,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove an association between the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate and an AWS Elemental MediaConvert resource.", + "description": "Grants permission to remove an association between the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate and an AWS Elemental MediaConvert resource", "privilege": "DisassociateCertificate", "resource_types": [ { @@ -112566,6 +122270,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an AWS Elemental MediaConvert policy", + "privilege": "GetPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get an AWS Elemental MediaConvert output preset", @@ -112660,6 +122376,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put an AWS Elemental MediaConvert policy", + "privilege": "PutPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a MediaConvert queue, preset, or job template", @@ -112769,7 +122497,9 @@ "resources": [ { "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:jobs/${JobId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Job" }, { @@ -112801,6 +122531,26 @@ ], "service_name": "AWS Elemental MediaConvert" }, + { + "conditions": [], + "prefix": "mediaimport", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a database binary snapshot on the customer's aws account", + "privilege": "CreateDatabaseBinarySnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AmazonMediaImport" + }, { "conditions": [ { @@ -112918,6 +122668,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ClaimDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a channel", @@ -114786,6 +124548,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeletePrefetchSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the program with the specified program name on the channel with the specified channel name", @@ -114926,6 +124700,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetPrefetchSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the list of alerts on a resource", @@ -114962,6 +124748,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListPrefetchSchedules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the list of existing source locations", @@ -116324,17 +126122,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", + "description": "Filters access by presence of tag keys in the request", "type": "String" } ], @@ -116391,6 +126189,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create vcenter client", + "privilege": "CreateVcenterClientForMgn", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete job", @@ -116427,6 +126240,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete vcenter client", + "privilege": "DeleteVcenterClient", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe job log items", @@ -116499,6 +126324,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe vcenter clients", + "privilege": "DescribeVcenterClients", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disconnect source server from service", @@ -116631,6 +126468,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get vcenter client commands", + "privilege": "GetVcenterClientCommandsForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to initialize service", @@ -116720,6 +126569,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to notify vcenter client started", + "privilege": "NotifyVcenterClientStartedForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register agent", @@ -116807,6 +126668,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to send vcenter client command result", + "privilege": "SendVcenterClientCommandResultForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send vcenter client logs", + "privilege": "SendVcenterClientLogsForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send vcenter client metrics", + "privilege": "SendVcenterClientMetricsForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start cutover", @@ -116864,6 +126761,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start replication", + "privilege": "StartReplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start test", @@ -117070,25 +126979,44 @@ "resource_type": "ReplicationConfigurationTemplateResource*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update source server replication type", + "privilege": "UpdateSourceServerReplicationType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + } + ] } ], "resources": [ { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:job/${jobID}", + "arn": "arn:${Partition}:mgn:${Region}:${Account}:job/${JobID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "JobResource" }, { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:replication-configuration-template/${replicationConfigurationTemplateID}", + "arn": "arn:${Partition}:mgn:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "ReplicationConfigurationTemplateResource" }, { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:source-server/${sourceServerID}", + "arn": "arn:${Partition}:mgn:${Region}:${Account}:vcenter-client/${VcenterClientID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VcenterClientResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:source-server/${SourceServerID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -117097,6 +127025,326 @@ ], "service_name": "AWS Application Migration Service" }, + { + "conditions": [], + "prefix": "migrationhub-strategy", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get details of each anti pattern that collector should look at in a customer's environment", + "privilege": "GetAntiPattern", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of an application", + "privilege": "GetApplicationComponentDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of all recommended strategies and tools for an application running in a server", + "privilege": "GetApplicationComponentStrategies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve status of an on-going assessment", + "privilege": "GetAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of a specific import task", + "privilege": "GetImportFileTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to the collector to receive information from the service", + "privilege": "GetMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve customer migration/Modernization preferences", + "privilege": "GetPortfolioPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve overall summary (number-of servers to rehost etc as well as overall number of anti patterns)", + "privilege": "GetPortfolioSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve detailed information about a recommendation report", + "privilege": "GetRecommendationReportDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get info about a specific server", + "privilege": "GetServerDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get recommended strategies and tools for a specific server", + "privilege": "GetServerStrategies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all anti patterns that collector should look for in a customer's environment", + "privilege": "ListAntiPatterns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all applications running on servers on customer's servers", + "privilege": "ListApplicationComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all collectors installed by the customer", + "privilege": "ListCollectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get list of all imports performed by the customer", + "privilege": "ListImportFileTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of binaries that collector should assess", + "privilege": "ListJarArtifacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all servers in a customer's environment", + "privilege": "ListServers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to save customer's Migration/Modernization preferences", + "privilege": "PutPortfolioPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register the collector to receive an ID and to start receiving messages from the service", + "privilege": "RegisterCollector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the collector to send information to the service", + "privilege": "SendMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start assessment in a customer's environment (collect data from all servers and provide recommendations)", + "privilege": "StartAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start importing data from a file provided by customer", + "privilege": "StartImportFileTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start generating a recommendation report", + "privilege": "StartRecommendationReportGeneration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop an on-going assessment", + "privilege": "StopAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update details for an application", + "privilege": "UpdateApplicationComponentConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update info on a server along with the recommended strategy", + "privilege": "UpdateServerConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Migration Hub Strategy Recommendations." + }, { "conditions": [], "prefix": "mobileanalytics", @@ -117435,17 +127683,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a key that is present in the request the user makes to the pinpoint service.", + "description": "Filters access by a key that is present in the request the user makes to the pinpoint service", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair.", + "description": "Filters access by a tag key and value pair", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names present in the request the user makes to the pinpoint service.", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the pinpoint service", "type": "String" } ], @@ -117453,7 +127701,7 @@ "privileges": [ { "access_level": "Write", - "description": "Create an app.", + "description": "Grants permission to create an app", "privilege": "CreateApp", "resource_types": [ { @@ -117469,7 +127717,7 @@ }, { "access_level": "Write", - "description": "Create a campaign for an app.", + "description": "Grants permission to create a campaign for an app", "privilege": "CreateCampaign", "resource_types": [ { @@ -117490,7 +127738,7 @@ }, { "access_level": "Write", - "description": "Create an email template.", + "description": "Grants permission to create an email template", "privilege": "CreateEmailTemplate", "resource_types": [ { @@ -117506,7 +127754,7 @@ }, { "access_level": "Write", - "description": "Create an export job that exports endpoint definitions to Amazon S3.", + "description": "Grants permission to create an export job that exports endpoint definitions to Amazon S3", "privilege": "CreateExportJob", "resource_types": [ { @@ -117518,7 +127766,7 @@ }, { "access_level": "Write", - "description": "Import endpoint definitions from to create a segment.", + "description": "Grants permission to import endpoint definitions from to create a segment", "privilege": "CreateImportJob", "resource_types": [ { @@ -117528,9 +127776,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateInAppTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Create a Journey for an app.", + "description": "Grants permission to create a Journey for an app", "privilege": "CreateJourney", "resource_types": [ { @@ -117551,7 +127811,7 @@ }, { "access_level": "Write", - "description": "Create a push notification template.", + "description": "Grants permission to create a push notification template", "privilege": "CreatePushTemplate", "resource_types": [ { @@ -117567,7 +127827,7 @@ }, { "access_level": "Write", - "description": "Create an Amazon Pinpoint configuration for a recommender model.", + "description": "Grants permission to create an Amazon Pinpoint configuration for a recommender model", "privilege": "CreateRecommenderConfiguration", "resource_types": [ { @@ -117579,7 +127839,7 @@ }, { "access_level": "Write", - "description": "Create a segment that is based on endpoint data reported to Pinpoint by your app. To allow a user to create a segment by importing endpoint data from outside of Pinpoint, allow the mobiletargeting:CreateImportJob action.", + "description": "Grants permission to create a segment that is based on endpoint data reported to Pinpoint by your app. To allow a user to create a segment by importing endpoint data from outside of Pinpoint, allow the mobiletargeting:CreateImportJob action", "privilege": "CreateSegment", "resource_types": [ { @@ -117600,7 +127860,7 @@ }, { "access_level": "Write", - "description": "Create an sms message template.", + "description": "Grants permission to create an sms message template", "privilege": "CreateSmsTemplate", "resource_types": [ { @@ -117616,7 +127876,7 @@ }, { "access_level": "Write", - "description": "Create a voice message template.", + "description": "Grants permission to create a voice message template", "privilege": "CreateVoiceTemplate", "resource_types": [ { @@ -117632,7 +127892,7 @@ }, { "access_level": "Write", - "description": "Delete the ADM channel for an app.", + "description": "Grants permission to delete the ADM channel for an app", "privilege": "DeleteAdmChannel", "resource_types": [ { @@ -117644,7 +127904,7 @@ }, { "access_level": "Write", - "description": "Delete the APNs channel for an app.", + "description": "Grants permission to delete the APNs channel for an app", "privilege": "DeleteApnsChannel", "resource_types": [ { @@ -117656,7 +127916,7 @@ }, { "access_level": "Write", - "description": "Delete the APNs sandbox channel for an app.", + "description": "Grants permission to delete the APNs sandbox channel for an app", "privilege": "DeleteApnsSandboxChannel", "resource_types": [ { @@ -117668,7 +127928,7 @@ }, { "access_level": "Write", - "description": "Delete the APNs VoIP channel for an app.", + "description": "Grants permission to delete the APNs VoIP channel for an app", "privilege": "DeleteApnsVoipChannel", "resource_types": [ { @@ -117680,7 +127940,7 @@ }, { "access_level": "Write", - "description": "Delete the APNs VoIP sandbox channel for an app.", + "description": "Grants permission to delete the APNs VoIP sandbox channel for an app", "privilege": "DeleteApnsVoipSandboxChannel", "resource_types": [ { @@ -117692,7 +127952,7 @@ }, { "access_level": "Write", - "description": "Delete a specific campaign.", + "description": "Grants permission to delete a specific campaign", "privilege": "DeleteApp", "resource_types": [ { @@ -117704,7 +127964,7 @@ }, { "access_level": "Write", - "description": "Delete the Baidu channel for an app.", + "description": "Grants permission to delete the Baidu channel for an app", "privilege": "DeleteBaiduChannel", "resource_types": [ { @@ -117716,7 +127976,7 @@ }, { "access_level": "Write", - "description": "Delete a specific campaign.", + "description": "Grants permission to delete a specific campaign", "privilege": "DeleteCampaign", "resource_types": [ { @@ -117733,7 +127993,7 @@ }, { "access_level": "Write", - "description": "Delete the email channel for an app.", + "description": "Grants permission to delete the email channel for an app", "privilege": "DeleteEmailChannel", "resource_types": [ { @@ -117745,7 +128005,7 @@ }, { "access_level": "Write", - "description": "Delete an email template or an email template version.", + "description": "Grants permission to delete an email template or an email template version", "privilege": "DeleteEmailTemplate", "resource_types": [ { @@ -117757,7 +128017,7 @@ }, { "access_level": "Write", - "description": "Delete an endpoint.", + "description": "Grants permission to delete an endpoint", "privilege": "DeleteEndpoint", "resource_types": [ { @@ -117769,7 +128029,7 @@ }, { "access_level": "Write", - "description": "Delete the event stream for an app.", + "description": "Grants permission to delete the event stream for an app", "privilege": "DeleteEventStream", "resource_types": [ { @@ -117781,7 +128041,7 @@ }, { "access_level": "Write", - "description": "Delete the GCM channel for an app.", + "description": "Grants permission to delete the GCM channel for an app", "privilege": "DeleteGcmChannel", "resource_types": [ { @@ -117791,9 +128051,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteInAppTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Delete a specific journey.", + "description": "Grants permission to delete a specific journey", "privilege": "DeleteJourney", "resource_types": [ { @@ -117810,7 +128082,7 @@ }, { "access_level": "Write", - "description": "Delete a push notification template or a push notification template version.", + "description": "Grants permission to delete a push notification template or a push notification template version", "privilege": "DeletePushTemplate", "resource_types": [ { @@ -117822,7 +128094,7 @@ }, { "access_level": "Write", - "description": "Delete an Amazon Pinpoint configuration for a recommender model.", + "description": "Grants permission to delete an Amazon Pinpoint configuration for a recommender model", "privilege": "DeleteRecommenderConfiguration", "resource_types": [ { @@ -117834,7 +128106,7 @@ }, { "access_level": "Write", - "description": "Delete a specific segment.", + "description": "Grants permission to delete a specific segment", "privilege": "DeleteSegment", "resource_types": [ { @@ -117851,7 +128123,7 @@ }, { "access_level": "Write", - "description": "Delete the SMS channel for an app.", + "description": "Grants permission to delete the SMS channel for an app", "privilege": "DeleteSmsChannel", "resource_types": [ { @@ -117863,7 +128135,7 @@ }, { "access_level": "Write", - "description": "Delete an sms message template or an sms message template version.", + "description": "Grants permission to delete an sms message template or an sms message template version", "privilege": "DeleteSmsTemplate", "resource_types": [ { @@ -117875,7 +128147,7 @@ }, { "access_level": "Write", - "description": "Delete all of the endpoints that are associated with a user ID.", + "description": "Grants permission to delete all of the endpoints that are associated with a user ID", "privilege": "DeleteUserEndpoints", "resource_types": [ { @@ -117887,7 +128159,7 @@ }, { "access_level": "Write", - "description": "Delete the Voice channel for an app.", + "description": "Grants permission to delete the Voice channel for an app", "privilege": "DeleteVoiceChannel", "resource_types": [ { @@ -117899,7 +128171,7 @@ }, { "access_level": "Write", - "description": "Delete a voice message template or a voice message template version.", + "description": "Grants permission to delete a voice message template or a voice message template version", "privilege": "DeleteVoiceTemplate", "resource_types": [ { @@ -117911,7 +128183,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the Amazon Device Messaging (ADM) channel for an app.", + "description": "Grants permission to retrieve information about the Amazon Device Messaging (ADM) channel for an app", "privilege": "GetAdmChannel", "resource_types": [ { @@ -117923,7 +128195,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the APNs channel for an app.", + "description": "Grants permission to retrieve information about the APNs channel for an app", "privilege": "GetApnsChannel", "resource_types": [ { @@ -117935,7 +128207,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the APNs sandbox channel for an app.", + "description": "Grants permission to retrieve information about the APNs sandbox channel for an app", "privilege": "GetApnsSandboxChannel", "resource_types": [ { @@ -117947,7 +128219,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the APNs VoIP channel for an app.", + "description": "Grants permission to retrieve information about the APNs VoIP channel for an app", "privilege": "GetApnsVoipChannel", "resource_types": [ { @@ -117959,7 +128231,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the APNs VoIP sandbox channel for an app.", + "description": "Grants permission to retrieve information about the APNs VoIP sandbox channel for an app", "privilege": "GetApnsVoipSandboxChannel", "resource_types": [ { @@ -117971,7 +128243,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific app in your Amazon Pinpoint account.", + "description": "Grants permission to retrieve information about a specific app in your Amazon Pinpoint account", "privilege": "GetApp", "resource_types": [ { @@ -117983,7 +128255,7 @@ }, { "access_level": "Read", - "description": "Retrieves (queries) pre-aggregated data for a standard metric that applies to an application.", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to an application", "privilege": "GetApplicationDateRangeKpi", "resource_types": [ { @@ -117995,7 +128267,7 @@ }, { "access_level": "List", - "description": "Retrieve the default settings for an app.", + "description": "Grants permission to retrieve the default settings for an app", "privilege": "GetApplicationSettings", "resource_types": [ { @@ -118007,7 +128279,7 @@ }, { "access_level": "Read", - "description": "Retrieve a list of apps in your Amazon Pinpoint account.", + "description": "Grants permission to retrieve a list of apps in your Amazon Pinpoint account", "privilege": "GetApps", "resource_types": [ { @@ -118019,7 +128291,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the Baidu channel for an app.", + "description": "Grants permission to retrieve information about the Baidu channel for an app", "privilege": "GetBaiduChannel", "resource_types": [ { @@ -118031,7 +128303,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific campaign.", + "description": "Grants permission to retrieve information about a specific campaign", "privilege": "GetCampaign", "resource_types": [ { @@ -118048,7 +128320,7 @@ }, { "access_level": "List", - "description": "Retrieve information about the activities performed by a campaign.", + "description": "Grants permission to retrieve information about the activities performed by a campaign", "privilege": "GetCampaignActivities", "resource_types": [ { @@ -118065,7 +128337,7 @@ }, { "access_level": "Read", - "description": "Retrieves (queries) pre-aggregated data for a standard metric that applies to a campaign.", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to a campaign", "privilege": "GetCampaignDateRangeKpi", "resource_types": [ { @@ -118082,7 +128354,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific campaign version.", + "description": "Grants permission to retrieve information about a specific campaign version", "privilege": "GetCampaignVersion", "resource_types": [ { @@ -118099,7 +128371,7 @@ }, { "access_level": "List", - "description": "Retrieve information about the current and prior versions of a campaign.", + "description": "Grants permission to retrieve information about the current and prior versions of a campaign", "privilege": "GetCampaignVersions", "resource_types": [ { @@ -118116,7 +128388,7 @@ }, { "access_level": "List", - "description": "Retrieve information about all campaigns for an app.", + "description": "Grants permission to retrieve information about all campaigns for an app", "privilege": "GetCampaigns", "resource_types": [ { @@ -118128,7 +128400,7 @@ }, { "access_level": "List", - "description": "Get all channels information for your app.", + "description": "Grants permission to get all channels information for your app", "privilege": "GetChannels", "resource_types": [ { @@ -118140,7 +128412,7 @@ }, { "access_level": "Read", - "description": "Obtain information about the email channel in an app.", + "description": "Grants permission to obtain information about the email channel in an app", "privilege": "GetEmailChannel", "resource_types": [ { @@ -118152,7 +128424,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific or the active version of an email template.", + "description": "Grants permission to retrieve information about a specific or the active version of an email template", "privilege": "GetEmailTemplate", "resource_types": [ { @@ -118164,7 +128436,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific endpoint.", + "description": "Grants permission to retrieve information about a specific endpoint", "privilege": "GetEndpoint", "resource_types": [ { @@ -118176,7 +128448,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the event stream for an app.", + "description": "Grants permission to retrieve information about the event stream for an app", "privilege": "GetEventStream", "resource_types": [ { @@ -118188,7 +128460,7 @@ }, { "access_level": "Read", - "description": "Obtain information about a specific export job.", + "description": "Grants permission to obtain information about a specific export job", "privilege": "GetExportJob", "resource_types": [ { @@ -118200,7 +128472,7 @@ }, { "access_level": "List", - "description": "Retrieve a list of all of the export jobs for an app.", + "description": "Grants permission to retrieve a list of all of the export jobs for an app", "privilege": "GetExportJobs", "resource_types": [ { @@ -118212,7 +128484,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the GCM channel for an app.", + "description": "Grants permission to retrieve information about the GCM channel for an app", "privilege": "GetGcmChannel", "resource_types": [ { @@ -118224,7 +128496,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific import job.", + "description": "Grants permission to retrieve information about a specific import job", "privilege": "GetImportJob", "resource_types": [ { @@ -118236,7 +128508,7 @@ }, { "access_level": "List", - "description": "Retrieve information about all import jobs for an app.", + "description": "Grants permission to retrieve information about all import jobs for an app", "privilege": "GetImportJobs", "resource_types": [ { @@ -118248,7 +128520,31 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific journey.", + "description": "Grants permission to retrive in-app messages for the given endpoint id", + "privilege": "GetInAppMessages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "apps*" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetInAppTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific journey", "privilege": "GetJourney", "resource_types": [ { @@ -118265,7 +128561,7 @@ }, { "access_level": "Read", - "description": "Retrieves (queries) pre-aggregated data for a standard engagement metric that applies to a journey.", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard engagement metric that applies to a journey", "privilege": "GetJourneyDateRangeKpi", "resource_types": [ { @@ -118282,7 +128578,7 @@ }, { "access_level": "Read", - "description": "Retrieves (queries) pre-aggregated data for a standard execution metric that applies to a journey activity.", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey activity", "privilege": "GetJourneyExecutionActivityMetrics", "resource_types": [ { @@ -118299,7 +128595,7 @@ }, { "access_level": "Read", - "description": "Retrieves (queries) pre-aggregated data for a standard execution metric that applies to a journey.", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey", "privilege": "GetJourneyExecutionMetrics", "resource_types": [ { @@ -118316,7 +128612,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific or the active version of an push notification template.", + "description": "Grants permission to retrieve information about a specific or the active version of an push notification template", "privilege": "GetPushTemplate", "resource_types": [ { @@ -118328,7 +128624,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about an Amazon Pinpoint configuration for a recommender model.", + "description": "Grants permission to retrieve information about an Amazon Pinpoint configuration for a recommender model", "privilege": "GetRecommenderConfiguration", "resource_types": [ { @@ -118340,7 +128636,7 @@ }, { "access_level": "List", - "description": "Retrieve information about all the recommender model configurations that are associated with an Amazon Pinpoint account.", + "description": "Grants permission to retrieve information about all the recommender model configurations that are associated with an Amazon Pinpoint account", "privilege": "GetRecommenderConfigurations", "resource_types": [ { @@ -118364,7 +128660,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific segment.", + "description": "Grants permission to retrieve information about a specific segment", "privilege": "GetSegment", "resource_types": [ { @@ -118381,7 +128677,7 @@ }, { "access_level": "List", - "description": "Retrieve information about jobs that export endpoint definitions from segments to Amazon S3.", + "description": "Grants permission to retrieve information about jobs that export endpoint definitions from segments to Amazon S3", "privilege": "GetSegmentExportJobs", "resource_types": [ { @@ -118398,7 +128694,7 @@ }, { "access_level": "List", - "description": "Retrieve information about jobs that create segments by importing endpoint definitions from .", + "description": "Grants permission to retrieve information about jobs that create segments by importing endpoint definitions from", "privilege": "GetSegmentImportJobs", "resource_types": [ { @@ -118415,7 +128711,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific segment version.", + "description": "Grants permission to retrieve information about a specific segment version", "privilege": "GetSegmentVersion", "resource_types": [ { @@ -118432,7 +128728,7 @@ }, { "access_level": "List", - "description": "Retrieve information about the current and prior versions of a segment.", + "description": "Grants permission to retrieve information about the current and prior versions of a segment", "privilege": "GetSegmentVersions", "resource_types": [ { @@ -118449,7 +128745,7 @@ }, { "access_level": "List", - "description": "Retrieve information about the segments for an app.", + "description": "Grants permission to retrieve information about the segments for an app", "privilege": "GetSegments", "resource_types": [ { @@ -118461,7 +128757,7 @@ }, { "access_level": "Read", - "description": "Obtain information about the SMS channel in an app.", + "description": "Grants permission to obtain information about the SMS channel in an app", "privilege": "GetSmsChannel", "resource_types": [ { @@ -118473,7 +128769,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific or the active version of an sms message template.", + "description": "Grants permission to retrieve information about a specific or the active version of an sms message template", "privilege": "GetSmsTemplate", "resource_types": [ { @@ -118485,7 +128781,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about the endpoints that are associated with a user ID.", + "description": "Grants permission to retrieve information about the endpoints that are associated with a user ID", "privilege": "GetUserEndpoints", "resource_types": [ { @@ -118497,7 +128793,7 @@ }, { "access_level": "Read", - "description": "Obtain information about the Voice channel in an app.", + "description": "Grants permission to obtain information about the Voice channel in an app", "privilege": "GetVoiceChannel", "resource_types": [ { @@ -118509,7 +128805,7 @@ }, { "access_level": "Read", - "description": "Retrieve information about a specific or the active version of a voice message template.", + "description": "Grants permission to retrieve information about a specific or the active version of a voice message template", "privilege": "GetVoiceTemplate", "resource_types": [ { @@ -118521,7 +128817,7 @@ }, { "access_level": "List", - "description": "Retrieve information about all journeys for an app.", + "description": "Grants permission to retrieve information about all journeys for an app", "privilege": "ListJourneys", "resource_types": [ { @@ -118533,7 +128829,7 @@ }, { "access_level": "Read", - "description": "List tags for a resource.", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -118555,7 +128851,7 @@ }, { "access_level": "List", - "description": "Retrieve all versions about a specific template.", + "description": "Grants permission to retrieve all versions about a specific template", "privilege": "ListTemplateVersions", "resource_types": [ { @@ -118567,7 +128863,7 @@ }, { "access_level": "List", - "description": "Retrieve metadata about the queried templates.", + "description": "Grants permission to retrieve metadata about the queried templates", "privilege": "ListTemplates", "resource_types": [ { @@ -118579,7 +128875,7 @@ }, { "access_level": "Read", - "description": "Obtain metadata for a phone number, such as the number type (mobile, landline, or VoIP), location, and provider.", + "description": "Grants permission to obtain metadata for a phone number, such as the number type (mobile, landline, or VoIP), location, and provider", "privilege": "PhoneNumberValidate", "resource_types": [ { @@ -118591,7 +128887,7 @@ }, { "access_level": "Write", - "description": "Create or update an event stream for an app.", + "description": "Grants permission to create or update an event stream for an app", "privilege": "PutEventStream", "resource_types": [ { @@ -118603,7 +128899,7 @@ }, { "access_level": "Write", - "description": "Create or update events for an app.", + "description": "Grants permission to create or update events for an app", "privilege": "PutEvents", "resource_types": [ { @@ -118615,7 +128911,7 @@ }, { "access_level": "Write", - "description": "Used to remove the attributes for an app.", + "description": "Grants permission to remove the attributes for an app", "privilege": "RemoveAttributes", "resource_types": [ { @@ -118627,7 +128923,7 @@ }, { "access_level": "Write", - "description": "Send an SMS message or push notification to specific endpoints.", + "description": "Grants permission to send an SMS message or push notification to specific endpoints", "privilege": "SendMessages", "resource_types": [ { @@ -118639,7 +128935,7 @@ }, { "access_level": "Write", - "description": "Send an SMS message or push notification to all endpoints that are associated with a specific user ID.", + "description": "Grants permission to send an SMS message or push notification to all endpoints that are associated with a specific user ID", "privilege": "SendUsersMessages", "resource_types": [ { @@ -118651,7 +128947,7 @@ }, { "access_level": "Tagging", - "description": "Adds tags to a resource.", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { @@ -118681,7 +128977,7 @@ }, { "access_level": "Tagging", - "description": "Removes tags from a resource.", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -118711,7 +129007,7 @@ }, { "access_level": "Write", - "description": "Update the Amazon Device Messaging (ADM) channel for an app.", + "description": "Grants permission to update the Amazon Device Messaging (ADM) channel for an app", "privilege": "UpdateAdmChannel", "resource_types": [ { @@ -118723,7 +129019,7 @@ }, { "access_level": "Write", - "description": "Update the Apple Push Notification service (APNs) channel for an app.", + "description": "Grants permission to update the Apple Push Notification service (APNs) channel for an app", "privilege": "UpdateApnsChannel", "resource_types": [ { @@ -118735,7 +129031,7 @@ }, { "access_level": "Write", - "description": "Update the Apple Push Notification service (APNs) sandbox channel for an app.", + "description": "Grants permission to update the Apple Push Notification service (APNs) sandbox channel for an app", "privilege": "UpdateApnsSandboxChannel", "resource_types": [ { @@ -118747,7 +129043,7 @@ }, { "access_level": "Write", - "description": "Update the Apple Push Notification service (APNs) VoIP channel for an app.", + "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP channel for an app", "privilege": "UpdateApnsVoipChannel", "resource_types": [ { @@ -118759,7 +129055,7 @@ }, { "access_level": "Write", - "description": "Update the Apple Push Notification service (APNs) VoIP sandbox channel for an app.", + "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP sandbox channel for an app", "privilege": "UpdateApnsVoipSandboxChannel", "resource_types": [ { @@ -118771,7 +129067,7 @@ }, { "access_level": "Write", - "description": "Update the default settings for an app.", + "description": "Grants permission to update the default settings for an app", "privilege": "UpdateApplicationSettings", "resource_types": [ { @@ -118783,7 +129079,7 @@ }, { "access_level": "Write", - "description": "Update the Baidu channel for an app.", + "description": "Grants permission to update the Baidu channel for an app", "privilege": "UpdateBaiduChannel", "resource_types": [ { @@ -118795,7 +129091,7 @@ }, { "access_level": "Write", - "description": "Update a specific campaign.", + "description": "Grants permission to update a specific campaign", "privilege": "UpdateCampaign", "resource_types": [ { @@ -118820,7 +129116,7 @@ }, { "access_level": "Write", - "description": "Update the email channel for an app.", + "description": "Grants permission to update the email channel for an app", "privilege": "UpdateEmailChannel", "resource_types": [ { @@ -118832,7 +129128,7 @@ }, { "access_level": "Write", - "description": "Update a specific email template under the same version or generate a new version.", + "description": "Grants permission to update a specific email template under the same version or generate a new version", "privilege": "UpdateEmailTemplate", "resource_types": [ { @@ -118852,7 +129148,7 @@ }, { "access_level": "Write", - "description": "Create an endpoint or update the information for an endpoint.", + "description": "Grants permission to create an endpoint or update the information for an endpoint", "privilege": "UpdateEndpoint", "resource_types": [ { @@ -118864,7 +129160,7 @@ }, { "access_level": "Write", - "description": "Create or update endpoints as a batch operation.", + "description": "Grants permission to create or update endpoints as a batch operation", "privilege": "UpdateEndpointsBatch", "resource_types": [ { @@ -118876,7 +129172,7 @@ }, { "access_level": "Write", - "description": "Update the Firebase Cloud Messaging (FCM) or Google Cloud Messaging (GCM) API key that allows to send push notifications to your Android app.", + "description": "Grants permission to update the Firebase Cloud Messaging (FCM) or Google Cloud Messaging (GCM) API key that allows to send push notifications to your Android app", "privilege": "UpdateGcmChannel", "resource_types": [ { @@ -118886,9 +129182,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateInAppTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Update a specific journey.", + "description": "Grants permission to update a specific journey", "privilege": "UpdateJourney", "resource_types": [ { @@ -118913,7 +129221,7 @@ }, { "access_level": "Write", - "description": "Update a specific journey state.", + "description": "Grants permission to update a specific journey state", "privilege": "UpdateJourneyState", "resource_types": [ { @@ -118938,7 +129246,7 @@ }, { "access_level": "Write", - "description": "Update a specific push notification template under the same version or generate a new version.", + "description": "Grants permission to update a specific push notification template under the same version or generate a new version", "privilege": "UpdatePushTemplate", "resource_types": [ { @@ -118958,7 +129266,7 @@ }, { "access_level": "Write", - "description": "Update an Amazon Pinpoint configuration for a recommender model.", + "description": "Grants permission to update an Amazon Pinpoint configuration for a recommender model", "privilege": "UpdateRecommenderConfiguration", "resource_types": [ { @@ -118970,7 +129278,7 @@ }, { "access_level": "Write", - "description": "Update a specific segment.", + "description": "Grants permission to update a specific segment", "privilege": "UpdateSegment", "resource_types": [ { @@ -118995,7 +129303,7 @@ }, { "access_level": "Write", - "description": "Update the SMS channel for an app.", + "description": "Grants permission to update the SMS channel for an app", "privilege": "UpdateSmsChannel", "resource_types": [ { @@ -119007,7 +129315,7 @@ }, { "access_level": "Write", - "description": "Update a specific sms message template under the same version or generate a new version.", + "description": "Grants permission to update a specific sms message template under the same version or generate a new version", "privilege": "UpdateSmsTemplate", "resource_types": [ { @@ -119027,7 +129335,7 @@ }, { "access_level": "Write", - "description": "Upate the active version parameter of a specific template.", + "description": "Grants permission to update the active version parameter of a specific template", "privilege": "UpdateTemplateActiveVersion", "resource_types": [ { @@ -119039,7 +129347,7 @@ }, { "access_level": "Write", - "description": "Update the Voice channel for an app.", + "description": "Grants permission to update the Voice channel for an app", "privilege": "UpdateVoiceChannel", "resource_types": [ { @@ -119051,7 +129359,7 @@ }, { "access_level": "Write", - "description": "Update a specific voice message template under the same version or generate a new version.", + "description": "Grants permission to update a specific voice message template under the same version or generate a new version", "privilege": "UpdateVoiceTemplate", "resource_types": [ { @@ -120322,37 +130630,81 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" }, { "condition": "networkmanager:cgwArn", - "description": "Controls which customer gateways can be associated or disassociated", + "description": "Filters access by which customer gateways can be associated or disassociated", "type": "String" }, + { + "condition": "networkmanager:subnetArns", + "description": "Filters access by which VPC subnets can be added or removed from a VPC attachment", + "type": "ArrayOfString" + }, { "condition": "networkmanager:tgwArn", - "description": "Controls which transit gateways can be registered or deregistered", + "description": "Filters access by which transit gateways can be registered or deregistered", "type": "String" }, { "condition": "networkmanager:tgwConnectPeerArn", - "description": "Controls which connect peers can be associated or disassociated", + "description": "Filters access by which transit gateway connect peers can be associated or disassociated", + "type": "String" + }, + { + "condition": "networkmanager:vpcArn", + "description": "Filters access by which VPC can be used to a create/update attachment", + "type": "String" + }, + { + "condition": "networkmanager:vpnConnectionArn", + "description": "Filters access by which Site-to-Site VPN can be used to a create/update attachment", "type": "String" } ], "prefix": "networkmanager", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept creation of an attachment between a source and destination in a core network", + "privilege": "AcceptAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a Connect Peer", + "privilege": "AssociateConnectPeer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate a customer gateway to a device", @@ -120433,6 +130785,51 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Connect attachment", + "privilege": "CreateConnectAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Connect Peer connection", + "privilege": "CreateConnectPeer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new connection", @@ -120453,6 +130850,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new core network", + "privilege": "CreateCoreNetwork", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new device", @@ -120535,6 +130952,73 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a site-to-site VPN attachment", + "privilege": "CreateSiteToSiteVpnAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:vpnConnectionArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a VPC attachment", + "privilege": "CreateVpcAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:vpcArn", + "networkmanager:subnetArns" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an attachment", + "privilege": "DeleteAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Connect Peer", + "privilege": "DeleteConnectPeer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a connection", @@ -120552,6 +131036,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a core network", + "privilege": "DeleteCoreNetwork", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the core network policy version", + "privilege": "DeleteCoreNetworkPolicyVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a device", @@ -120598,6 +131106,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a site", @@ -120646,6 +131166,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a Connect Peer", + "privilege": "DisassociateConnectPeer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a customer gateway from a device", @@ -120706,6 +131238,54 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to apply changes to the core network", + "privilege": "ExecuteCoreNetworkChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a Connect attachment", + "privilege": "GetConnectAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a Connect Peer", + "privilege": "GetConnectPeer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe Connect Peer associations", + "privilege": "GetConnectPeerAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe connections", @@ -120723,6 +131303,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a core network", + "privilege": "GetCoreNetwork", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of core network change sets", + "privilege": "GetCoreNetworkChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve core network policy", + "privilege": "GetCoreNetworkPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe customer gateway associations", @@ -120791,6 +131407,102 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return the number of resources for a global network grouped by type", + "privilege": "GetNetworkResourceCounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve related resources for a resource within the global network", + "privilege": "GetNetworkResourceRelationships", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a global network resource", + "privilege": "GetNetworkResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve routes for a route table within the global network", + "privilege": "GetNetworkRoutes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve network telemetry objects for the global network", + "privilege": "GetNetworkTelemetry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a route analysis configuration and result", + "privilege": "GetRouteAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a site-to-site VPN attachment", + "privilege": "GetSiteToSiteVpnAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe global networks", @@ -120809,7 +131521,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to describe transit gateway connect peer associations", "privilege": "GetTransitGatewayConnectPeerAssociations", "resource_types": [ @@ -120834,14 +131546,89 @@ }, { "access_level": "Read", - "description": "Grants permission to lists tag for a Network Manager resource", + "description": "Grants permission to retrieve a VPC attachment", + "privilege": "GetVpcAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe attachments", + "privilege": "ListAttachments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe Connect Peers", + "privilege": "ListConnectPeers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list core network policy versions", + "privilege": "ListCoreNetworkPolicyVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list core networks", + "privilege": "ListCoreNetworks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a Network Manager resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "connection" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network" + }, { "condition_keys": [], "dependent_actions": [], @@ -120871,6 +131658,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a core network policy", + "privilege": "PutCoreNetworkPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update a resource policy", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register a transit gateway to a global network", @@ -120890,16 +131701,67 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reject attachment request", + "privilege": "RejectAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore the core network policy to a previous version", + "privilege": "RestoreCoreNetworkPolicyVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a route analysis and stores analysis configuration", + "privilege": "StartRouteAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a Network Manager resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "connection" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network" + }, { "condition_keys": [], "dependent_actions": [], @@ -120936,11 +131798,26 @@ "description": "Grants permission to untag a Network Manager resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "connection" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network" + }, { "condition_keys": [], "dependent_actions": [], @@ -120987,6 +131864,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a core network", + "privilege": "UpdateCoreNetwork", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a device", @@ -121033,6 +131922,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add or update metadata key/value pairs on network resource", + "privilege": "UpdateNetworkResourceMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a site", @@ -121049,6 +131950,27 @@ "resource_type": "site*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a VPC attachment", + "privilege": "UpdateVpcAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:subnetArns" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -121086,6 +132008,27 @@ "aws:ResourceTag/${TagKey}" ], "resource": "connection" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:core-network/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "core-network" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:attachment/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "attachment" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:connect-peer/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connect-peer" } ], "service_name": "Network Manager" @@ -121109,27 +132052,27 @@ }, { "condition": "nimble:createdBy", - "description": "Filters access based on the createdBy request parameter or the ID of the creator of the resource", + "description": "Filters access by the createdBy request parameter or the ID of the creator of the resource", "type": "String" }, { "condition": "nimble:ownedBy", - "description": "Filters access based on the ownedBy request parameter or the ID of the owner of the resource", + "description": "Filters access by the ownedBy request parameter or the ID of the owner of the resource", "type": "String" }, { "condition": "nimble:principalId", - "description": "Filters access based on the principalId request parameter", + "description": "Filters access by the principalId request parameter", "type": "String" }, { "condition": "nimble:requesterPrincipalId", - "description": "Filters access to Nimble Studio portal using the ID of the logged in user", + "description": "Filters access by the ID of the logged in user", "type": "String" }, { "condition": "nimble:studioId", - "description": "Filters access to resources in a specific studio", + "description": "Filters access by a specific studio", "type": "ARN" } ], @@ -121159,6 +132102,14 @@ "ec2:RunInstances" ], "resource_type": "studio*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121177,6 +132128,14 @@ "ec2:RegisterImage" ], "resource_type": "studio*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121195,6 +132154,14 @@ "nimble:ListEulaAcceptances" ], "resource_type": "launch-profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121207,6 +132174,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121222,6 +132196,14 @@ "sso:CreateManagedApplicationInstance" ], "resource_type": "studio*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121239,6 +132221,14 @@ "fsx:DescribeFileSystems" ], "resource_type": "studio*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121294,6 +132284,13 @@ "ec2:DeleteNetworkInterface" ], "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121434,6 +132431,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121446,6 +132450,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -121533,7 +132544,8 @@ }, { "condition_keys": [ - "nimble:principalId" + "nimble:principalId", + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -121565,7 +132577,8 @@ { "condition_keys": [ "nimble:createdBy", - "nimble:ownedBy" + "nimble:ownedBy", + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -121680,6 +132693,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a streaming session", + "privilege": "StartStreamingSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileMember" + ], + "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to repair the studio's AWS SSO configuration", @@ -121695,6 +132730,27 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop a streaming session", + "privilege": "StopStreamingSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "nimble:GetLaunchProfile" + ], + "resource_type": "streaming-session*" + }, + { + "condition_keys": [ + "nimble:requesterPrincipalId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add or overwrite one or more tags for the specified Nimble Studio resource", @@ -121845,7 +132901,7 @@ ], "resources": [ { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio/${studioId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio/${StudioId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -121855,7 +132911,7 @@ "resource": "studio" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-image/${streamingImageId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-image/${StreamingImageId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -121865,7 +132921,7 @@ "resource": "streaming-image" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio-component/${studioComponentId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio-component/${StudioComponentId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -121875,7 +132931,7 @@ "resource": "studio-component" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:launch-profile/${launchProfileId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:launch-profile/${LaunchProfileId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -121885,7 +132941,7 @@ "resource": "launch-profile" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session/${streamingSessionId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session/${StreamingSessionId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -121896,17 +132952,16 @@ "resource": "streaming-session" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula/${eulaId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula/${EulaId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:requesterPrincipalId" + "aws:TagKeys" ], "resource": "eula" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula-acceptance/${eulaAcceptanceId}", + "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula-acceptance/${EulaAcceptanceId}", "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -122655,7 +133710,7 @@ ] }, { - "access_level": "Write", + "access_level": "Tagging", "description": "Apply tags to a specified stack or layer", "privilege": "TagResource", "resource_types": [ @@ -122691,7 +133746,7 @@ ] }, { - "access_level": "Write", + "access_level": "Tagging", "description": "Removes tags from a specified stack or layer", "privilege": "UntagResource", "resource_types": [ @@ -124014,6 +135069,30 @@ "conditions": [], "prefix": "outposts", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "CancelOrder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an order", + "privilege": "CreateOrder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an Outpost", @@ -124026,6 +135105,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateSite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Outpost", @@ -124050,6 +135141,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetCatalogItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetOrder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about the specified Outpost", @@ -124074,6 +135189,54 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetSite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetSiteAddress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListCatalogItems", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListOrders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the Outposts for your AWS account", @@ -124133,6 +135296,30 @@ "resource_type": "" } ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateSite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateSiteRackPhysicalProperties", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -124142,17 +135329,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -124197,6 +135384,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Panorama Application Instance", + "privilege": "CreateApplicationInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an AWS Panorama datasource", @@ -124231,23 +135433,20 @@ }, { "access_level": "Write", - "description": "Grants permission to register an AWS Panorama Appliance", - "privilege": "CreateDevice", + "description": "Grants permission to generate a list of cameras on the same network as an AWS Panorama Appliance", + "privilege": "CreateInputs", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device*" } ] }, { "access_level": "Write", - "description": "Grants permission to apply a software update to an AWS Panorama Appliance", - "privilege": "CreateDeviceUpdate", + "description": "Grants permission to create a job for an AWS Panorama Appliance", + "privilege": "CreateJobForDevices", "resource_types": [ { "condition_keys": [], @@ -124258,20 +135457,35 @@ }, { "access_level": "Write", - "description": "Grants permission to generate a list of cameras on the same network as an AWS Panorama Appliance", - "privilege": "CreateInputs", + "description": "Grants permission to import a machine learning model into AWS Panorama", + "privilege": "CreateModel", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Panorama Node", + "privilege": "CreateNodeFromTemplateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to import a machine learning model into AWS Panorama", - "privilege": "CreateModel", + "description": "Grants permission to create an AWS Panorama Package", + "privilege": "CreatePackage", "resource_types": [ { "condition_keys": [ @@ -124283,6 +135497,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Panorama Package", + "privilege": "CreatePackageImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to generate a list of streams available to an AWS Panorama Appliance", @@ -124355,6 +135581,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Panorama Package", + "privilege": "DeletePackage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an AWS Panorama Package Version", + "privilege": "DeregisterPackageVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about an AWS Panorama application", @@ -124391,6 +135641,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Application Instance", + "privilege": "DescribeApplicationInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationInstance*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Application Instance", + "privilege": "DescribeApplicationInstanceDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationInstance*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about a datasource in AWS Panorama", @@ -124417,8 +135691,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about a software update for an AWS Panorama Appliance", - "privilege": "DescribeDeviceUpdate", + "description": "Grants permission to view job details for an AWS Panorama Appliance", + "privilege": "DescribeDeviceJob", "resource_types": [ { "condition_keys": [], @@ -124439,6 +135713,66 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Node", + "privilege": "DescribeNode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details about AWS Panorama Node", + "privilege": "DescribeNodeFromTemplateJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Package", + "privilege": "DescribePackage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Package", + "privilege": "DescribePackageImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama Package Version", + "privilege": "DescribePackageVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about a software version for the AWS Panorama Appliance", @@ -124523,6 +135857,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of application instance dependencies in AWS Panorama", + "privilege": "ListApplicationInstanceDependencies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of node instances of application instances in AWS Panorama", + "privilege": "ListApplicationInstanceNodeInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of application instances in AWS Panorama", + "privilege": "ListApplicationInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of applications in AWS Panorama", @@ -124561,8 +135931,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of software updates for an AWS Panorama Appliance", - "privilege": "ListDeviceUpdates", + "description": "Grants permission to retrieve a list of appliances in AWS Panorama", + "privilege": "ListDevices", "resource_types": [ { "condition_keys": [], @@ -124573,8 +135943,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of appliances in AWS Panorama", - "privilege": "ListDevices", + "description": "Grants permission to retrieve a list of jobs for an AWS Panorama Appliance", + "privilege": "ListDevicesJobs", "resource_types": [ { "condition_keys": [], @@ -124595,6 +135965,54 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of Nodes for an AWS Panorama Appliance", + "privilege": "ListNodeFromTemplateJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of nodes in AWS Panorama", + "privilege": "ListNodes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of packages in AWS Panorama", + "privilege": "ListPackageImportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of packages in AWS Panorama", + "privilege": "ListPackages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of tags for a resource in AWS Panorama", @@ -124622,6 +136040,45 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register an AWS Panorama Appliance", + "privilege": "ProvisionDevice", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an AWS Panorama Package Version", + "privilege": "RegisterPackageVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an AWS Panorama Application Instance", + "privilege": "RemoveApplicationInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationInstance*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a resource in AWS Panorama", @@ -124730,7 +136187,7 @@ { "access_level": "Write", "description": "Grants permission to modify basic settings for an AWS Panorama Appliance", - "privilege": "UpdateDevice", + "privilege": "UpdateDeviceMetadata", "resource_types": [ { "condition_keys": [], @@ -124742,21 +136199,35 @@ ], "resources": [ { - "arn": "arn:${Partition}:panorama:${Region}:${AccountId}:device/${DeviceName}", + "arn": "arn:${Partition}:panorama:${Region}:${Account}:device/${DeviceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "device" }, { - "arn": "arn:${Partition}:panorama:${Region}:${AccountId}:dataSource/${DeviceName}/${DataSourceName}", + "arn": "arn:${Partition}:panorama:${Region}:${Account}:package/${PackageId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "package" + }, + { + "arn": "arn:${Partition}:panorama:${Region}:${Account}:applicationInstance/${ApplicationInstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "applicationInstance" + }, + { + "arn": "arn:${Partition}:panorama:${Region}:${Account}:dataSource/${DeviceId}/${DataSourceName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "dataSource" }, { - "arn": "arn:${Partition}:panorama:${Region}:${AccountId}:model/${ModelName}", + "arn": "arn:${Partition}:panorama:${Region}:${Account}:model/${ModelName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -124770,7 +136241,7 @@ "resource": "app" }, { - "arn": "arn:${Partition}:panorama:${Region}:${Account}:app/${AppName}:{AppVersion}", + "arn": "arn:${Partition}:panorama:${Region}:${Account}:app/${AppName}:${AppVersion}", "condition_keys": [], "resource": "appVersion" } @@ -124793,6 +136264,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a batch segment job", + "privilege": "CreateBatchSegmentJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batchSegmentJob*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a campaign", @@ -124877,6 +136360,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a recommender", + "privilege": "CreateRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommender*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a schema", @@ -124973,6 +136468,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a recommender", + "privilege": "DeleteRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommender*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a schema", @@ -125021,6 +136528,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a batch segment job", + "privilege": "DescribeBatchSegmentJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batchSegmentJob*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a campaign", @@ -125129,6 +136648,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a recommender", + "privilege": "DescribeRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommender*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a schema", @@ -125213,6 +136744,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list batch segment jobs", + "privilege": "ListBatchSegmentJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list campaigns", @@ -125309,6 +136852,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list recommenders", + "privilege": "ListRecommenders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list schemas", @@ -125404,6 +136959,18 @@ "resource_type": "campaign*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a recommender", + "privilege": "UpdateRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommender*" + } + ] } ], "resources": [ @@ -125471,6 +137038,16 @@ "arn": "arn:${Partition}:personalize:${Region}:${Account}:filter/${ResourceId}", "condition_keys": [], "resource": "filter" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:recommender/${ResourceId}", + "condition_keys": [], + "resource": "recommender" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:batch-segment-job/${ResourceId}", + "condition_keys": [], + "resource": "batchSegmentJob" } ], "service_name": "Amazon Personalize" @@ -125839,6 +137416,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a preview of auto merging in a domain", + "privilege": "GetAutoMergingPreview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a specific domain in an account", @@ -125851,6 +137440,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an identity resolution job in a domain", + "privilege": "GetIdentityResolutionJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a specific integrations in a domain", @@ -125870,13 +137471,13 @@ }, { "access_level": "List", - "description": "Grants permission to get profile matches", + "description": "Grants permission to get profile matches in a domain", "privilege": "GetMatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, @@ -125933,6 +137534,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list identity resolution jobs in a domain", + "privilege": "ListIdentityResolutionJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the integrations in a specific domain", @@ -126000,13 +137613,13 @@ }, { "access_level": "Write", - "description": "Grants permission to merge profiles", + "description": "Grants permission to merge profiles in a domain", "privilege": "MergeProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, @@ -126824,6 +138437,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEnvironmentOutputs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEnvironmentProvisionedResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "DEPRECATED - use ListEnvironmentTemplateVersions instead", @@ -126884,6 +138521,42 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListRepositories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListServiceInstanceOutputs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListServiceInstanceProvisionedResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list service instances", @@ -126896,6 +138569,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListServicePipelineOutputs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListServicePipelineProvisionedResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "DEPRECATED - use ListServiceTemplateVersions instead", @@ -128083,12 +139780,12 @@ }, { "condition": "quicksight:DirectoryType", - "description": "Filters access based on the user management options", + "description": "Filters access by the user management options", "type": "String" }, { "condition": "quicksight:Edition", - "description": "Filters access based on the edition of QuickSight", + "description": "Filters access by the edition of QuickSight", "type": "String" }, { @@ -128256,6 +139953,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a QuickSight email customization template", + "privilege": "CreateEmailCustomizationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a QuickSight folder", @@ -128459,7 +140168,7 @@ }, { "access_level": "Write", - "description": "Grant permission to create a theme", + "description": "Grants permission to create a theme", "privilege": "CreateTheme", "resource_types": [ { @@ -128543,7 +140252,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete an analysis", + "description": "Grants permission to delete an analysis", "privilege": "DeleteAnalysis", "resource_types": [ { @@ -128617,6 +140326,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a QuickSight email customization template", + "privilege": "DeleteEmailCustomizationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a QuickSight Folder", @@ -128954,6 +140675,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a QuickSight email customization template", + "privilege": "DescribeEmailCustomizationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a QuickSight Folder", @@ -129034,6 +140767,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the IP restrictions for QuickSight account", + "privilege": "DescribeIpRestriction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a QuickSight namespace", @@ -129940,6 +141685,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a QuickSight email customization template", + "privilege": "UpdateEmailCustomizationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a QuickSight Folder", @@ -129988,6 +141745,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the IP restrictions for QuickSight account", + "privilege": "UpdateIpRestriction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a template", @@ -130156,6 +141925,11 @@ "aws:ResourceTag/${TagKey}" ], "resource": "folder" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:email-customization-template/${ResourceId}", + "condition_keys": [], + "resource": "emailCustomizationTemplate" } ], "service_name": "Amazon QuickSight" @@ -130652,17 +142426,181 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", + "description": "Filters access by the tag keys in a request", + "type": "String" + } + ], + "prefix": "rbin", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a Recycle Bin retention rule", + "privilege": "CreateRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Recycle Bin retention rule", + "privilege": "DeleteRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get detailed information about a Recycle Bin retention rule", + "privilege": "GetRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the Recycle Bin retention rules in the Region", + "privilege": "ListRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags associated with a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or update tags of a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing Recycle Bin retention rule", + "privilege": "UpdateRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:rbin:${Region}:${Account}:rule/${ResourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rule" + } + ], + "service_name": "Recycle Bin" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the set of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the set of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the set of tag keys in the request", + "type": "String" + }, + { + "condition": "rds:BackupTarget", + "description": "Filters access by the type of backup target. One of: REGION, OUTPOSTS", "type": "String" }, { @@ -130688,7 +142626,7 @@ { "condition": "rds:MultiAz", "description": "Filters access by the value that specifies whether the DB instance runs in multiple Availability Zones. To indicate that the DB instance is using Multi-AZ, specify true", - "type": "Boolean" + "type": "Bool" }, { "condition": "rds:Piops", @@ -130698,7 +142636,7 @@ { "condition": "rds:StorageEncrypted", "description": "Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true", - "type": "Boolean" + "type": "Bool" }, { "condition": "rds:StorageSize", @@ -130708,7 +142646,7 @@ { "condition": "rds:Vpc", "description": "Filters access by the value that specifies whether the DB instance runs in an Amazon Virtual Private Cloud (Amazon VPC). To indicate that the DB instance runs in an Amazon VPC, specify true", - "type": "Boolean" + "type": "Bool" }, { "condition": "rds:cluster-pg-tag/${TagKey}", @@ -130818,6 +142756,11 @@ "description": "Grants permission to add metadata tags to an Amazon RDS resource", "privilege": "AddTagsToResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cev" + }, { "condition_keys": [], "dependent_actions": [], @@ -131079,6 +143022,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a custom engine version", + "privilege": "CreateCustomDBEngineVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "mediaimport:CreateDatabaseBinarySnapshot", + "rds:AddTagsToResource" + ], + "resource_type": "cev*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new Amazon Aurora DB cluster", @@ -131088,7 +143055,8 @@ "condition_keys": [], "dependent_actions": [ "iam:PassRole", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:CreateDBInstance" ], "resource_type": "cluster*" }, @@ -131107,6 +143075,16 @@ "dependent_actions": [], "resource_type": "subgrp*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-cluster" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -131114,7 +143092,10 @@ "rds:req-tag/${TagKey}", "rds:DatabaseEngine", "rds:DatabaseName", - "rds:StorageEncrypted" + "rds:StorageEncrypted", + "rds:DatabaseClass", + "rds:StorageSize", + "rds:Piops" ], "dependent_actions": [], "resource_type": "" @@ -131233,8 +143214,14 @@ "dependent_actions": [], "resource_type": "subgrp*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, { "condition_keys": [ + "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" @@ -131385,6 +143372,7 @@ }, { "condition_keys": [ + "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" @@ -131504,6 +143492,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing custom engine version", + "privilege": "DeleteCustomDBEngineVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cev*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a previously provisioned DB cluster", @@ -131511,7 +143511,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "rds:DeleteDBInstance" + ], "resource_type": "cluster*" }, { @@ -131742,7 +143744,7 @@ }, { "access_level": "List", - "description": "Lists the set of CA certificates provided by Amazon RDS for this AWS account", + "description": "Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account", "privilege": "DescribeCertificates", "resource_types": [ { @@ -132195,6 +144197,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about recommendation groups", + "privilege": "DescribeRecommendationGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about recommendations", + "privilege": "DescribeRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to return information about reserved DB instances for this account, or about a specified reserved DB instance", @@ -132313,6 +144339,11 @@ "description": "Grants permission to list all tags on an Amazon RDS resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cev" + }, { "condition_keys": [], "dependent_actions": [], @@ -132414,6 +144445,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing custom engine version", + "privilege": "ModifyCustomDBEngineVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cev*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a setting for an Amazon Aurora DB cluster", @@ -132422,7 +144465,8 @@ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "iam:PassRole", + "rds:ModifyDBInstance" ], "resource_type": "cluster*" }, @@ -132435,6 +144479,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "og*" + }, + { + "condition_keys": [ + "rds:DatabaseClass", + "rds:StorageSize", + "rds:Piops" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -132627,6 +144680,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify recommendation", + "privilege": "ModifyRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to promote a Read Replica DB instance to a standalone DB instance", @@ -132671,6 +144736,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reboot a previously provisioned DB cluster", + "privilege": "RebootDBCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "rds:RebootDBInstance" + ], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to restart the database engine service", @@ -132757,6 +144836,11 @@ "description": "Grants permission to remove metadata tags from an Amazon RDS resource", "privilege": "RemoveTagsFromResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cev" + }, { "condition_keys": [], "dependent_actions": [], @@ -132903,7 +144987,8 @@ "condition_keys": [], "dependent_actions": [ "iam:PassRole", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:CreateDBInstance" ], "resource_type": "cluster*" }, @@ -132921,7 +145006,10 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:req-tag/${TagKey}" + "rds:req-tag/${TagKey}", + "rds:DatabaseClass", + "rds:StorageSize", + "rds:Piops" ], "dependent_actions": [], "resource_type": "" @@ -132937,7 +145025,8 @@ "condition_keys": [], "dependent_actions": [ "iam:PassRole", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:CreateDBInstance" ], "resource_type": "cluster*" }, @@ -132955,7 +145044,10 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:req-tag/${TagKey}" + "rds:req-tag/${TagKey}", + "rds:DatabaseClass", + "rds:StorageSize", + "rds:Piops" ], "dependent_actions": [], "resource_type": "" @@ -132992,6 +145084,7 @@ }, { "condition_keys": [ + "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" @@ -133050,6 +145143,7 @@ }, { "condition_keys": [ + "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}" @@ -133085,7 +145179,7 @@ }, { "access_level": "Write", - "description": "Starts the DB cluster", + "description": "Grants permission to start the DB cluster", "privilege": "StartDBCluster", "resource_types": [ { @@ -133316,6 +145410,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "target-group" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:cev:${Engine}/${EngineVersion}/${CustomDbEngineVersionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cev" } ], "service_name": "Amazon RDS, Neptune & DocumentDB" @@ -134717,6 +146818,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeReservedNodeExchangeStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe available reserved node offerings by Amazon Redshift", @@ -135051,6 +147164,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetReservedNodeExchangeConfigurationOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node", @@ -135817,17 +147942,537 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by the presence of tag keys in the request", + "type": "String" + }, + { + "condition": "refactor-spaces:ApplicationCreatedByAccount", + "description": "Filters access by restricting the action to only those accounts that created the application within an environment", + "type": "String" + }, + { + "condition": "refactor-spaces:CreatedByAccountIds", + "description": "Filters access by the accounts that created the resource", + "type": "ArrayOfString" + }, + { + "condition": "refactor-spaces:RouteCreatedByAccount", + "description": "Filters access by restricting the action to only those accounts that created the route within an application", + "type": "String" + }, + { + "condition": "refactor-spaces:ServiceCreatedByAccount", + "description": "Filters access by restricting the action to only those accounts that created the service within an application", + "type": "String" + }, + { + "condition": "refactor-spaces:SourcePath", + "description": "Filters access by the path of the route", + "type": "String" + } + ], + "prefix": "refactor-spaces", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an application within an environment", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment", + "privilege": "CreateEnvironment", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a route within an application", + "privilege": "CreateRoute", + "resource_types": [ + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:SourcePath", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service within an application", + "privilege": "CreateService", + "resource_types": [ + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application from an environment", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an environment", + "privilege": "DeleteEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route from an application", + "privilege": "DeleteRoute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:SourcePath", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a service from an application", + "privilege": "DeleteService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get more information about an application", + "privilege": "GetApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get more information for an environment", + "privilege": "GetEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the details about a resource policy", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get more information about a route", + "privilege": "GetRoute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:SourcePath", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get more information about a service", + "privilege": "GetService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the applications in an environment", + "privilege": "ListApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the VPCs for the environment", + "privilege": "ListEnvironmentVpcs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all environments", + "privilege": "ListEnvironments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the routes in an application", + "privilege": "ListRoutes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the services in an environment", + "privilege": "ListServices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the tags for a given resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a resource policy", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:SourcePath", + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [ + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:SourcePath", + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/service/${ServiceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:ServiceCreatedByAccount" + ], + "resource": "service" + }, + { + "arn": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/route/${RouteId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:SourcePath" + ], + "resource": "route" + } + ], + "service_name": "AWS Migration Hub Refactor Spaces" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", "type": "String" } ], @@ -135835,7 +148480,7 @@ "privileges": [ { "access_level": "Read", - "description": "Compares a face in source input image with each face detected in the target input image.", + "description": "Grants permission to compare faces in the source input image with each face detected in the target input image", "privilege": "CompareFaces", "resource_types": [ { @@ -135847,7 +148492,7 @@ }, { "access_level": "Write", - "description": "Creates a collection in an AWS region. You can then add faces to the collection using the IndexFaces API.", + "description": "Grants permission to create a collection in an AWS Region", "privilege": "CreateCollection", "resource_types": [ { @@ -135867,7 +148512,19 @@ }, { "access_level": "Write", - "description": "Creates a new Amazon Rekognition Custom Labels project.", + "description": "Grants permission to create a new Amazon Rekognition Custom Labels dataset", + "privilege": "CreateDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon Rekognition Custom Labels project", "privilege": "CreateProject", "resource_types": [ { @@ -135879,7 +148536,7 @@ }, { "access_level": "Write", - "description": "Creates a new version of a model and begins training.", + "description": "Grants permission to begin training a new version of a model", "privilege": "CreateProjectVersion", "resource_types": [ { @@ -135904,7 +148561,7 @@ }, { "access_level": "Write", - "description": "Creates an Amazon Rekognition stream processor that you can use to detect and recognize faces in a streaming video.", + "description": "Grants permission to create an Amazon Rekognition stream processor", "privilege": "CreateStreamProcessor", "resource_types": [ { @@ -135929,7 +148586,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified collection. Note that this operation removes all faces in the collection.", + "description": "Grants permission to delete the specified collection", "privilege": "DeleteCollection", "resource_types": [ { @@ -135941,7 +148598,19 @@ }, { "access_level": "Write", - "description": "Deletes faces from a collection.", + "description": "Grants permission to delete an existing Amazon Rekognition Custom Labels dataset", + "privilege": "DeleteDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete faces from a collection", "privilege": "DeleteFaces", "resource_types": [ { @@ -135953,7 +148622,7 @@ }, { "access_level": "Write", - "description": "Deletes a project.", + "description": "Grants permission to delete a project", "privilege": "DeleteProject", "resource_types": [ { @@ -135965,7 +148634,7 @@ }, { "access_level": "Write", - "description": "Deletes a model.", + "description": "Grants permission to delete a model", "privilege": "DeleteProjectVersion", "resource_types": [ { @@ -135977,7 +148646,7 @@ }, { "access_level": "Write", - "description": "Deletes the stream processor identified by Name.", + "description": "Grants permission to delete the specified stream processor", "privilege": "DeleteStreamProcessor", "resource_types": [ { @@ -135989,7 +148658,7 @@ }, { "access_level": "Read", - "description": "Describes the specified collection.", + "description": "Grants permission to read details about a collection", "privilege": "DescribeCollection", "resource_types": [ { @@ -136001,7 +148670,19 @@ }, { "access_level": "Read", - "description": "Lists and describes the model versions in an Amazon Rekognition Custom Labels project.", + "description": "Grants permission to describe an Amazon Rekognition Custom Labels dataset", + "privilege": "DescribeDataset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the versions of a model in an Amazon Rekognition Custom Labels project", "privilege": "DescribeProjectVersions", "resource_types": [ { @@ -136013,7 +148694,7 @@ }, { "access_level": "Read", - "description": "Lists and gets information about your Amazon Rekognition Custom Labels projects.", + "description": "Grants permission to list Amazon Rekognition Custom Labels projects", "privilege": "DescribeProjects", "resource_types": [ { @@ -136025,7 +148706,7 @@ }, { "access_level": "Read", - "description": "Provides information about a stream processor created by CreateStreamProcessor.", + "description": "Grants permission to get information about the specified stream processor", "privilege": "DescribeStreamProcessor", "resource_types": [ { @@ -136037,7 +148718,7 @@ }, { "access_level": "Read", - "description": "Detects custom labels in a supplied image by using an Amazon Rekognition Custom Labels model version.", + "description": "Grants permission to detect custom labels in a supplied image", "privilege": "DetectCustomLabels", "resource_types": [ { @@ -136049,7 +148730,7 @@ }, { "access_level": "Read", - "description": "Detects human faces within an image (JPEG or PNG) provided as input.", + "description": "Grants permission to detect human faces within an image provided as input", "privilege": "DetectFaces", "resource_types": [ { @@ -136061,7 +148742,7 @@ }, { "access_level": "Read", - "description": "Detects instances of real-world labels within an image (JPEG or PNG) provided as input.", + "description": "Grants permission to detect instances of real-world labels within an image provided as input", "privilege": "DetectLabels", "resource_types": [ { @@ -136073,7 +148754,7 @@ }, { "access_level": "Read", - "description": "Detects moderation labels within input image.", + "description": "Grants permission to detect moderation labels within the input image", "privilege": "DetectModerationLabels", "resource_types": [ { @@ -136085,7 +148766,7 @@ }, { "access_level": "Read", - "description": "Detects Protective Equipment in the input image.", + "description": "Grants permission to detect Personal Protective Equipment in the input image", "privilege": "DetectProtectiveEquipment", "resource_types": [ { @@ -136097,7 +148778,7 @@ }, { "access_level": "Read", - "description": "Detects text in the input image and converts it into machine-readable text.", + "description": "Grants permission to detect text in the input image and convert it into machine-readable text", "privilege": "DetectText", "resource_types": [ { @@ -136107,9 +148788,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to distribute the entries in a training dataset across the training dataset and the test dataset for a project", + "privilege": "DistributeDatasetEntries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, { "access_level": "Read", - "description": "Gets the name and additional information about a celebrity based on his or her Rekognition ID.", + "description": "Grants permission to read the name, and additional information, of a celebrity", "privilege": "GetCelebrityInfo", "resource_types": [ { @@ -136121,7 +148814,7 @@ }, { "access_level": "Read", - "description": "Gets the celebrity recognition results for a Rekognition Video analysis started by StartCelebrityRecognition.", + "description": "Grants permission to read the celebrity recognition results found in a stored video by an asynchronous celebrity recognition job", "privilege": "GetCelebrityRecognition", "resource_types": [ { @@ -136133,7 +148826,7 @@ }, { "access_level": "Read", - "description": "Gets the content moderation analysis results for a Rekognition Video analysis started by StartContentModeration.", + "description": "Grants permission to read the content moderation analysis results found in a stored video by an asynchronous content moderation job", "privilege": "GetContentModeration", "resource_types": [ { @@ -136145,7 +148838,7 @@ }, { "access_level": "Read", - "description": "Gets face detection results for a Rekognition Video analysis started by StartFaceDetection.", + "description": "Grants permission to read the faces detection results found in a stored video by an asynchronous face detection job", "privilege": "GetFaceDetection", "resource_types": [ { @@ -136157,7 +148850,7 @@ }, { "access_level": "Read", - "description": "Gets the face search results for Rekognition Video face search started by StartFaceSearch.", + "description": "Grants permission to read the matching collection faces found in a stored video by an asynchronous face search job", "privilege": "GetFaceSearch", "resource_types": [ { @@ -136169,7 +148862,7 @@ }, { "access_level": "Read", - "description": "Gets the label detection results of a Rekognition Video analysis started by StartLabelDetection.", + "description": "Grants permission to read the label detected resuls found in a stored video by an asynchronous label detection job", "privilege": "GetLabelDetection", "resource_types": [ { @@ -136181,7 +148874,7 @@ }, { "access_level": "Read", - "description": "Gets information about people detected within a video.", + "description": "Grants permission to read the list of persons detected in a stored video by an asynchronous person tracking job", "privilege": "GetPersonTracking", "resource_types": [ { @@ -136193,7 +148886,7 @@ }, { "access_level": "Read", - "description": "Gets segment detection results for a Rekognition Video analysis started by StartSegmentDetection.", + "description": "Grants permission to get the vdeo segments found in a stored video by an asynchronous segment detection job", "privilege": "GetSegmentDetection", "resource_types": [ { @@ -136205,7 +148898,7 @@ }, { "access_level": "Read", - "description": "Gets text detection results for a Rekognition Video analysis started by StartTextDetection.", + "description": "Grants permission to get the text found in a stored video by an asynchronous text detection job", "privilege": "GetTextDetection", "resource_types": [ { @@ -136217,7 +148910,7 @@ }, { "access_level": "Write", - "description": "Detects faces in the input image and adds them to the specified collection.", + "description": "Grants permission to update an existing collection with faces detected in the input image", "privilege": "IndexFaces", "resource_types": [ { @@ -136229,7 +148922,7 @@ }, { "access_level": "Read", - "description": "Returns a list of collection IDs in your account.", + "description": "Grants permission to read the collection Id's in your account", "privilege": "ListCollections", "resource_types": [ { @@ -136241,7 +148934,31 @@ }, { "access_level": "Read", - "description": "Returns metadata for faces in the specified collection.", + "description": "Grants permission to list the dataset entries in an existing Amazon Rekognition Custom Labels dataset", + "privilege": "ListDatasetEntries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the labels in a dataset", + "privilege": "ListDatasetLabels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read metadata for faces in the specificed collection", "privilege": "ListFaces", "resource_types": [ { @@ -136253,7 +148970,7 @@ }, { "access_level": "List", - "description": "Gets a list of stream processors that you have created with CreateStreamProcessor.", + "description": "Grants permission to get a list of your stream processors", "privilege": "ListStreamProcessors", "resource_types": [ { @@ -136265,7 +148982,7 @@ }, { "access_level": "Read", - "description": "Returns a list of tags associated with a resource.", + "description": "Grants permission to return a list of tags associated with a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -136277,7 +148994,7 @@ }, { "access_level": "Read", - "description": "Returns an array of celebrities recognized in the input image.", + "description": "Grants permission to detect celebrities in the input image", "privilege": "RecognizeCelebrities", "resource_types": [ { @@ -136289,7 +149006,7 @@ }, { "access_level": "Read", - "description": "For a given input face ID, searches the specified collection for matching faces.", + "description": "Grants permission to search the specificed collection for the supplied face ID", "privilege": "SearchFaces", "resource_types": [ { @@ -136301,7 +149018,7 @@ }, { "access_level": "Read", - "description": "For a given input image, first detects the largest face in the image, and then searches the specified collection for matching faces.", + "description": "Grants permission to search the specificed collection for the largest face in the input image", "privilege": "SearchFacesByImage", "resource_types": [ { @@ -136313,7 +149030,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous recognition of celebrities in a video.", + "description": "Grants permission to start the asynchronous recognition of celebrities in a stored video", "privilege": "StartCelebrityRecognition", "resource_types": [ { @@ -136325,7 +149042,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous detection of explicit or suggestive adult content in a video.", + "description": "Grants permission to start asynchronous detection of explicit or suggestive adult content in a stored video", "privilege": "StartContentModeration", "resource_types": [ { @@ -136337,7 +149054,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous detection of faces in a video.", + "description": "Grants permission to start asynchronous detection of faces in a stored video", "privilege": "StartFaceDetection", "resource_types": [ { @@ -136349,7 +149066,7 @@ }, { "access_level": "Write", - "description": "Starts the asynchronous search for faces in a collection that match the faces of persons detected in a video.", + "description": "Grants permission to start an asynchronous search for faces in a collection that match the faces of persons detected in a stored video", "privilege": "StartFaceSearch", "resource_types": [ { @@ -136361,7 +149078,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous detection of labels in a video.", + "description": "Grants permission to start asynchronous detection of labels in a stored video", "privilege": "StartLabelDetection", "resource_types": [ { @@ -136373,7 +149090,7 @@ }, { "access_level": "Write", - "description": "Starts the asynchronous tracking of persons in a video.", + "description": "Grants permission to start the asynchronous tracking of persons in a stored video", "privilege": "StartPersonTracking", "resource_types": [ { @@ -136385,7 +149102,7 @@ }, { "access_level": "Write", - "description": "Starts the deployment of a model version.", + "description": "Grants permission to start running a model version", "privilege": "StartProjectVersion", "resource_types": [ { @@ -136397,7 +149114,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous detection of segments in a video.", + "description": "Grants permission to start the asynchronous detection of segments in a stored video", "privilege": "StartSegmentDetection", "resource_types": [ { @@ -136409,7 +149126,7 @@ }, { "access_level": "Write", - "description": "Starts processing a stream processor.", + "description": "Grants permission to start running a stream processor", "privilege": "StartStreamProcessor", "resource_types": [ { @@ -136421,7 +149138,7 @@ }, { "access_level": "Write", - "description": "Starts asynchronous detection of text in a video.", + "description": "Grants permission to start the asynchronous detection of text in a stored video", "privilege": "StartTextDetection", "resource_types": [ { @@ -136433,7 +149150,7 @@ }, { "access_level": "Write", - "description": "Stops a deployed model version.", + "description": "Grants permission to stop a running model version", "privilege": "StopProjectVersion", "resource_types": [ { @@ -136445,7 +149162,7 @@ }, { "access_level": "Write", - "description": "Stops a running stream processor that was created by CreateStreamProcessor.", + "description": "Grants permission to stop a running stream processor", "privilege": "StopStreamProcessor", "resource_types": [ { @@ -136457,7 +149174,7 @@ }, { "access_level": "Tagging", - "description": "Adds one or more tags to a resource.", + "description": "Grants permission to add one or more tags to a resource", "privilege": "TagResource", "resource_types": [ { @@ -136477,7 +149194,7 @@ }, { "access_level": "Tagging", - "description": "Removes one or more tags from a resource.", + "description": "Grants permission to remove one or more tags from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -136493,6 +149210,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to add or update one or more JSON Lines (entries) in a dataset", + "privilege": "UpdateDatasetEntries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] } ], "resources": [ @@ -136515,10 +149244,648 @@ "arn": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/version/${VersionName}/${CreationTimestamp}", "condition_keys": [], "resource": "projectversion" + }, + { + "arn": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/${CreationTimestamp}/dataset/${DatasetType}/${CreationTimestamp}", + "condition_keys": [], + "resource": "dataset" } ], "service_name": "Amazon Rekognition" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "resiliencehub", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add draft application version resource mappings", + "privilege": "AddDraftAppVersionResourceMappings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "resource-groups:GetGroup", + "resource-groups:ListGroupResources", + "servicecatalog:GetApplication", + "servicecatalog:ListAssociatedResources" + ], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create application", + "privilege": "CreateApp", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create recommendation template", + "privilege": "CreateRecommendationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutObject" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create resiliency policy", + "privilege": "CreateResiliencyPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch delete application", + "privilege": "DeleteApp", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch delete application assessment", + "privilege": "DeleteAppAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch delete recommendation template", + "privilege": "DeleteRecommendationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch delete resiliency policy", + "privilege": "DeleteResiliencyPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe application", + "privilege": "DescribeApp", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe application assessment", + "privilege": "DescribeAppAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe application resolution", + "privilege": "DescribeAppVersionResourcesResolutionStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe application version template", + "privilege": "DescribeAppVersionTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe draft application version resources import status", + "privilege": "DescribeDraftAppVersionResourcesImportStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe resiliency policy", + "privilege": "DescribeResiliencyPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import resources to draft application version", + "privilege": "ImportResourcesToDraftAppVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "resource-groups:GetGroup", + "resource-groups:ListGroupResources", + "servicecatalog:GetApplication", + "servicecatalog:ListAssociatedResources" + ], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list alarm recommendation", + "privilege": "ListAlarmRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list application assessment", + "privilege": "ListAppAssessments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list app component compliances", + "privilege": "ListAppComponentCompliances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list app component recommendations", + "privilege": "ListAppComponentRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to application version resource mappings", + "privilege": "ListAppVersionResourceMappings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list application resources", + "privilege": "ListAppVersionResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list application version", + "privilege": "ListAppVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list applications", + "privilege": "ListApps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list recommendation templates", + "privilege": "ListRecommendationTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resiliency policies", + "privilege": "ListResiliencyPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list SOP recommendations", + "privilege": "ListSopRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list suggested resiliency policies", + "privilege": "ListSuggestedResiliencyPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list test recommendations", + "privilege": "ListTestRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list unsupported application version resources", + "privilege": "ListUnsupportedAppVersionResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to publish application version", + "privilege": "PublishAppVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put draft application version template", + "privilege": "PutDraftAppVersionTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove draft application version mappings", + "privilege": "RemoveDraftAppVersionResourceMappings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resolve application version resources", + "privilege": "ResolveAppVersionResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "resource-groups:GetGroup", + "resource-groups:ListGroupResources", + "servicecatalog:GetApplication", + "servicecatalog:ListAssociatedResources" + ], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create application assessment", + "privilege": "StartAppAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricData", + "fis:GetExperimentTemplate", + "fis:ListExperimentTemplates", + "fis:ListExperiments", + "resource-groups:GetGroup", + "resource-groups:ListGroupResources", + "servicecatalog:GetApplication", + "servicecatalog:ListAssociatedResources", + "ssm:GetParametersByPath" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign a resource tag", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-assessment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommendation-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-assessment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommendation-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update application", + "privilege": "UpdateApp", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update resiliency policy", + "privilege": "UpdateResiliencyPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:resiliency-policy/${ResiliencyPolicyID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resiliency-policy" + }, + { + "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:app/${AppID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:app-assessment/${AppAssessmentID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app-assessment" + }, + { + "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:recommendation-template/${RecommendationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "recommendation-template" + } + ], + "service_name": "AWS Resilience Hub Service" + }, { "conditions": [], "prefix": "resource-explorer", @@ -137933,7 +151300,7 @@ "dependent_actions": [ "ec2:DescribeVpcs" ], - "resource_type": "vpc" + "resource_type": "" } ] }, @@ -138394,7 +151761,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to get a list of geographic locations that Route 53 supports for geolocation", "privilege": "ListGeoLocations", "resource_types": [ @@ -138406,7 +151773,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to get a list of the health checks that are associated with the current AWS account", "privilege": "ListHealthChecks", "resource_types": [ @@ -138451,7 +151818,7 @@ "dependent_actions": [ "ec2:DescribeVpcs" ], - "resource_type": "vpc*" + "resource_type": "" } ] }, @@ -138480,7 +151847,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list the reusable delegation sets that are associated with the current AWS account.", "privilege": "ListReusableDelegationSets", "resource_types": [ @@ -138492,7 +151859,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for one health check or hosted zone", "privilege": "ListTagsForResource", "resource_types": [ @@ -138509,7 +151876,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for up to 10 health checks or hosted zones", "privilege": "ListTagsForResources", "resource_types": [ @@ -138538,7 +151905,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to get information about the traffic policy instances that you created by using the current AWS account", "privilege": "ListTrafficPolicyInstances", "resource_types": [ @@ -138708,7 +152075,7 @@ "privileges": [ { "access_level": "Read", - "description": "Grants permission to Get a Routing Control State", + "description": "Grants permission to get a routing control state", "privilege": "GetRoutingControlState", "resource_types": [ { @@ -138720,7 +152087,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update a Routing Control State", + "description": "Grants permission to update a routing control state", "privilege": "UpdateRoutingControlState", "resource_types": [ { @@ -138732,7 +152099,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update Routing Control States", + "description": "Grants permission to update a batch of routing control states", "privilege": "UpdateRoutingControlStates", "resource_types": [ { @@ -138750,7 +152117,7 @@ "resource": "routingcontrol" } ], - "service_name": "Amazon Route53 Recovery Cluster" + "service_name": "Amazon Route 53 Recovery Cluster" }, { "conditions": [], @@ -138758,7 +152125,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to Create a new Cluster", + "description": "Grants permission to create a cluster", "privilege": "CreateCluster", "resource_types": [ { @@ -138770,7 +152137,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a new Control Panel", + "description": "Grants permission to create a control panel", "privilege": "CreateControlPanel", "resource_types": [ { @@ -138782,7 +152149,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a new Routing Control", + "description": "Grants permission to create a routing control", "privilege": "CreateRoutingControl", "resource_types": [ { @@ -138794,7 +152161,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a Safety Rule", + "description": "Grants permission to create a safety rule", "privilege": "CreateSafetyRule", "resource_types": [ { @@ -138806,7 +152173,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete an existing Cluster", + "description": "Grants permission to delete a cluster", "privilege": "DeleteCluster", "resource_types": [ { @@ -138818,7 +152185,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a Control Panel", + "description": "Grants permission to delete a control panel", "privilege": "DeleteControlPanel", "resource_types": [ { @@ -138830,7 +152197,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete a Routing Control", + "description": "Grants permission to delete a routing control", "privilege": "DeleteRoutingControl", "resource_types": [ { @@ -138842,7 +152209,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete a Safety Rule", + "description": "Grants permission to delete a safety rule", "privilege": "DeleteSafetyRule", "resource_types": [ { @@ -138854,7 +152221,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Describe a Cluster", + "description": "Grants permission to describe a cluster", "privilege": "DescribeCluster", "resource_types": [ { @@ -138866,7 +152233,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Describe a Control Panel", + "description": "Grants permission to describe a control panel", "privilege": "DescribeControlPanel", "resource_types": [ { @@ -138878,7 +152245,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Describe a Routing Control", + "description": "Grants permission to describe a routing control", "privilege": "DescribeRoutingControl", "resource_types": [ { @@ -138890,7 +152257,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Describe a Routing Control", + "description": "Grants permission to describe a routing control", "privilege": "DescribeRoutingControlByName", "resource_types": [ { @@ -138902,7 +152269,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Describe a Safety Rule", + "description": "Grants permission to describe a safety rule", "privilege": "DescribeSafetyRule", "resource_types": [ { @@ -138914,7 +152281,7 @@ }, { "access_level": "List", - "description": "Grants permission to List Associated Route53 Health Checks", + "description": "Grants permission to list associated Route 53 health checks", "privilege": "ListAssociatedRoute53HealthChecks", "resource_types": [ { @@ -138926,7 +152293,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Clusters", + "description": "Grants permission to list clusters", "privilege": "ListClusters", "resource_types": [ { @@ -138938,7 +152305,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List Control Panels", + "description": "Grants permission to list control panels", "privilege": "ListControlPanels", "resource_types": [ { @@ -138950,7 +152317,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List Routing Controls", + "description": "Grants permission to list routing controls", "privilege": "ListRoutingControls", "resource_types": [ { @@ -138962,7 +152329,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List Safety Rules", + "description": "Grants permission to list safety rules", "privilege": "ListSafetyRules", "resource_types": [ { @@ -138974,7 +152341,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Cluster", + "description": "Grants permission to update a cluster", "privilege": "UpdateControlPanel", "resource_types": [ { @@ -138986,7 +152353,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update a Routing Control", + "description": "Grants permission to update a routing control", "privilege": "UpdateRoutingControl", "resource_types": [ { @@ -138998,7 +152365,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Safety Rule", + "description": "Grants permission to update a safety rule", "privilege": "UpdateSafetyRule", "resource_types": [ { @@ -139031,7 +152398,7 @@ "resource": "safetyrule" } ], - "service_name": "Amazon Route53 Recovery Controls" + "service_name": "Amazon Route 53 Recovery Controls" }, { "conditions": [ @@ -139055,7 +152422,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to Create a new Cell", + "description": "Grants permission to create a new cell", "privilege": "CreateCell", "resource_types": [ { @@ -139075,7 +152442,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a new Cross Account Authorization", + "description": "Grants permission to create a cross account authorization", "privilege": "CreateCrossAccountAuthorization", "resource_types": [ { @@ -139087,7 +152454,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a new Readiness Check", + "description": "Grants permission to create a readiness check", "privilege": "CreateReadinessCheck", "resource_types": [ { @@ -139107,7 +152474,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a Recovery Group", + "description": "Grants permission to create a recovery group", "privilege": "CreateRecoveryGroup", "resource_types": [ { @@ -139127,7 +152494,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Create a new Resource Set", + "description": "Grants permission to create a resource set", "privilege": "CreateResourceSet", "resource_types": [ { @@ -139147,7 +152514,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete an existing Cell", + "description": "Grants permission to delete a cell", "privilege": "DeleteCell", "resource_types": [ { @@ -139159,7 +152526,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete a Cross Account Authorization", + "description": "Grants permission to delete a cross account authorization", "privilege": "DeleteCrossAccountAuthorization", "resource_types": [ { @@ -139171,7 +152538,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete an existing Readiness Check", + "description": "Grants permission to delete a readiness check", "privilege": "DeleteReadinessCheck", "resource_types": [ { @@ -139183,7 +152550,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete an existing Recovery Group", + "description": "Grants permission to delete a recovery group", "privilege": "DeleteRecoveryGroup", "resource_types": [ { @@ -139195,7 +152562,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Delete an existing Readiness Check", + "description": "Grants permission to delete a resource set", "privilege": "DeleteResourceSet", "resource_types": [ { @@ -139207,7 +152574,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get Architecture Recommendations for a Recovery Group", + "description": "Grants permission to get architecture recommendations for a recovery group", "privilege": "GetArchitectureRecommendations", "resource_types": [ { @@ -139219,7 +152586,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get an existing Cell", + "description": "Grants permission to get information about a cell", "privilege": "GetCell", "resource_types": [ { @@ -139231,7 +152598,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get Readiness Summary for Cell", + "description": "Grants permission to get a readiness summary for a cell", "privilege": "GetCellReadinessSummary", "resource_types": [ { @@ -139243,7 +152610,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get a Readiness Check", + "description": "Grants permission to get information about a readiness check", "privilege": "GetReadinessCheck", "resource_types": [ { @@ -139255,7 +152622,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get the Readiness Summary for a Resource", + "description": "Grants permission to get the readiness status for an individual resource", "privilege": "GetReadinessCheckResourceStatus", "resource_types": [ { @@ -139267,7 +152634,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get the status of a Readiness Check", + "description": "Grants permission to get the status of a readiness check (for a resource set)", "privilege": "GetReadinessCheckStatus", "resource_types": [ { @@ -139279,7 +152646,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get a Recovery Group", + "description": "Grants permission to get information about a recovery group", "privilege": "GetRecoveryGroup", "resource_types": [ { @@ -139291,7 +152658,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get the Readiness Summary of a Recovery Group", + "description": "Grants permission to get a readiness summary for a recovery group", "privilege": "GetRecoveryGroupReadinessSummary", "resource_types": [ { @@ -139303,7 +152670,7 @@ }, { "access_level": "Read", - "description": "Grants permission to Get a Resource Set", + "description": "Grants permission to get information about a resource set", "privilege": "GetResourceSet", "resource_types": [ { @@ -139315,7 +152682,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Cells", + "description": "Grants permission to list cells", "privilege": "ListCells", "resource_types": [ { @@ -139327,7 +152694,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Cross Account Authorizations", + "description": "Grants permission to list cross account authorizations", "privilege": "ListCrossAccountAuthorizations", "resource_types": [ { @@ -139339,7 +152706,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Readiness Checks", + "description": "Grants permission to list readiness checks", "privilege": "ListReadinessChecks", "resource_types": [ { @@ -139351,7 +152718,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Recovery Groups", + "description": "Grants permission to list recovery groups", "privilege": "ListRecoveryGroups", "resource_types": [ { @@ -139363,7 +152730,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List existing Resource Sets", + "description": "Grants permission to list resource sets", "privilege": "ListResourceSets", "resource_types": [ { @@ -139375,7 +152742,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List Readiness Rules", + "description": "Grants permission to list readiness rules", "privilege": "ListRules", "resource_types": [ { @@ -139387,7 +152754,7 @@ }, { "access_level": "Read", - "description": "Grants permission to List Tags for a Resource", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResources", "resource_types": [ { @@ -139399,7 +152766,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to Add a Tag to a Resource", + "description": "Grants permission to add a tag to a resource", "privilege": "TagResource", "resource_types": [ { @@ -139434,7 +152801,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to Remove a Tag from a resource", + "description": "Grants permission to remove a tag from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -139469,7 +152836,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Cell", + "description": "Grants permission to update a cell", "privilege": "UpdateCell", "resource_types": [ { @@ -139488,7 +152855,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Readiness Check", + "description": "Grants permission to update a readiness check", "privilege": "UpdateReadinessCheck", "resource_types": [ { @@ -139507,7 +152874,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Recovery Group", + "description": "Grants permission to update a recovery group", "privilege": "UpdateRecoveryGroup", "resource_types": [ { @@ -139526,7 +152893,7 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an existing Resource Set", + "description": "Grants permission to update a resource set", "privilege": "UpdateResourceSet", "resource_types": [ { @@ -139574,7 +152941,7 @@ "resource": "recoverygroup" } ], - "service_name": "Amazon Route53 Recovery Readiness" + "service_name": "Amazon Route 53 Recovery Readiness" }, { "conditions": [], @@ -139924,17 +153291,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], @@ -139951,6 +153318,14 @@ "ec2:DescribeVpcs" ], "resource_type": "firewall-rule-group-association*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -139999,6 +153374,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "firewall-domain-list*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -140023,6 +153406,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "firewall-rule-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -140035,6 +153426,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-endpoint*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -140047,18 +153446,34 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-query-log-config*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "For DNS queries that originate in your VPC, grants permission to define how to route the queries out of the VPC", + "description": "Grants permission to define how to route queries originating from your VPC out of the VPC", "privilege": "CreateResolverRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -140244,6 +153659,20 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the Resolver Config status within the specified resource", + "privilege": "GetResolverConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeVpcs" + ], + "resource_type": "resolver-config*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the DNSSEC validation support status for DNS queries within the specified resource", @@ -140426,6 +153855,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Resolver Config statuses", + "privilege": "ListResolverConfigs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeVpcs" + ], + "resource_type": "resolver-config*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the DNSSEC validation support status for DNS queries", @@ -140440,7 +153883,7 @@ }, { "access_level": "List", - "description": "For a specified Resolver endpoint, grants permission to list the IP addresses that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound)", + "description": "Grants permission to list the IP addresses that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound) for a specified Resolver endpoint", "privilege": "ListResolverEndpointIpAddresses", "resource_types": [ { @@ -140515,11 +153958,31 @@ "description": "Grants permission to list the tags that you associated with the specified resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group-association" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-endpoint" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resolver-query-log-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -140568,11 +154031,31 @@ "description": "Grants permission to add one or more tags to a specified resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group-association" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-endpoint" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resolver-query-log-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -140585,11 +154068,31 @@ "description": "Grants permission to remove one or more tags from a specified resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-rule-group-association" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "resolver-endpoint" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resolver-query-log-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -140647,6 +154150,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the Resolver Config status within the specified resource", + "privilege": "UpdateResolverConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeVpcs" + ], + "resource_type": "resolver-config*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the DNSSEC validation support status for DNS queries within the specified resource", @@ -140740,6 +154257,11 @@ "aws:ResourceTag/${TagKey}" ], "resource": "firewall-config" + }, + { + "arn": "arn:${Partition}:route53resolver:${Region}:${Account}:resolver-config/${ResourceId}", + "condition_keys": [], + "resource": "resolver-config" } ], "service_name": "Amazon Route 53 Resolver" @@ -140748,23 +154270,189 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", + "type": "String" + } + ], + "prefix": "rum", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create appMonitor metadata", + "privilege": "CreateAppMonitor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], + "resource_type": "AppMonitorResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete appMonitor metadata", + "privilege": "DeleteAppMonitor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get appMonitor metadata", + "privilege": "GetAppMonitor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get appMonitor data", + "privilege": "GetAppMonitorData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list appMonitors metadata", + "privilege": "ListAppMonitors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for resources", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put RUM events for appmonitor", + "privilege": "PutRumEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag resources", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag resources", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update appmonitor metadata", + "privilege": "UpdateAppMonitor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], + "resource_type": "AppMonitorResource*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:rum:${Region}:${Account}:appmonitor/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AppMonitorResource" + } + ], + "service_name": "AWS CloudWatch RUM" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:RequestedRegion", - "description": "Requested region for the multi region access point operation", + "description": "Filters access by Requested region for the multi region access point operation", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" }, { "condition": "s3:AccessPointNetworkOrigin", @@ -140783,12 +154471,12 @@ }, { "condition": "s3:ExistingJobOperation", - "description": "Filters access to updating the job priority by operation", + "description": "Filters access by operation to updating the job priority", "type": "String" }, { "condition": "s3:ExistingJobPriority", - "description": "Filters access to cancelling existing jobs by priority range", + "description": "Filters access by priority range to cancelling existing jobs", "type": "Numeric" }, { @@ -140798,7 +154486,7 @@ }, { "condition": "s3:JobSuspendedCause", - "description": "Filters access to cancelling suspended jobs by a specific job suspended cause (for example, AWAITING_CONFIRMATION)", + "description": "Filters access by a specific job suspended cause (for example, AWAITING_CONFIRMATION) to cancelling suspended jobs", "type": "String" }, { @@ -140808,12 +154496,12 @@ }, { "condition": "s3:RequestJobOperation", - "description": "Filters access to creating jobs by operation", + "description": "Filters access by operation to creating jobs", "type": "String" }, { "condition": "s3:RequestJobPriority", - "description": "Filters access to creating new jobs by priority range", + "description": "Filters access by priority range to creating new jobs", "type": "Numeric" }, { @@ -140824,7 +154512,7 @@ { "condition": "s3:RequestObjectTagKeys", "description": "Filters access by the tag keys to be added to objects", - "type": "String" + "type": "ArrayOfString" }, { "condition": "s3:ResourceAccount", @@ -140908,37 +154596,37 @@ }, { "condition": "s3:x-amz-content-sha256", - "description": "Filters access to unsigned content in your bucket", + "description": "Filters access by unsigned content in your bucket", "type": "String" }, { "condition": "s3:x-amz-copy-source", - "description": "Filters access to requests with a specific bucket, prefix, or object as the copy source", + "description": "Filters access by copy source bucket, prefix, or object in the copy object requests", "type": "String" }, { "condition": "s3:x-amz-grant-full-control", - "description": "Filters access to requests with the x-amz-grant-full-control (full control) header", + "description": "Filters access by x-amz-grant-full-control (full control) header", "type": "String" }, { "condition": "s3:x-amz-grant-read", - "description": "Filters access to requests with the x-amz-grant-read (read access) header", + "description": "Filters access by x-amz-grant-read (read access) header", "type": "String" }, { "condition": "s3:x-amz-grant-read-acp", - "description": "Filters access to requests with the x-amz-grant-read-acp (read permissions for the ACL) header", + "description": "Filters access by the x-amz-grant-read-acp (read permissions for the ACL) header", "type": "String" }, { "condition": "s3:x-amz-grant-write", - "description": "Filters access to requests with the x-amz-grant-write (write access) header", + "description": "Filters access by the x-amz-grant-write (write access) header", "type": "String" }, { "condition": "s3:x-amz-grant-write-acp", - "description": "Filters access to requests with the x-amz-grant-write-acp (write permissions for the ACL) header", + "description": "Filters access by the x-amz-grant-write-acp (write permissions for the ACL) header", "type": "String" }, { @@ -140946,6 +154634,11 @@ "description": "Filters access by object metadata behavior (COPY or REPLACE) when objects are copied", "type": "String" }, + { + "condition": "s3:x-amz-object-ownership", + "description": "Filters access by Object Ownership", + "type": "String" + }, { "condition": "s3:x-amz-server-side-encryption", "description": "Filters access by server-side encryption", @@ -141121,7 +154814,8 @@ "s3:x-amz-grant-read", "s3:x-amz-grant-read-acp", "s3:x-amz-grant-write", - "s3:x-amz-grant-write-acp" + "s3:x-amz-grant-write-acp", + "s3:x-amz-object-ownership" ], "dependent_actions": [], "resource_type": "" @@ -141312,30 +155006,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete ownership controls on a bucket", - "privilege": "DeleteBucketOwnershipControls", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bucket*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Permissions management", "description": "Grants permission to delete the policy on a specified bucket", @@ -143378,7 +157048,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add or replace ownership controls on a bucket", + "description": "Grants permission to add, replace or delete ownership controls on a bucket", "privilege": "PutBucketOwnershipControls", "resource_types": [ { @@ -143766,7 +157436,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket.", + "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket", "privilege": "PutObjectAcl", "resource_types": [ { @@ -144217,7 +157887,7 @@ "resource": "objectlambdaaccesspoint" }, { - "arn": "arn:${Partition}:s3::${Account}:accesspoint/${AccessPointName}", + "arn": "arn:${Partition}:s3::${Account}:accesspoint/${AccessPointAlias}", "condition_keys": [], "resource": "multiregionaccesspoint" }, @@ -145765,7 +159435,7 @@ }, { "condition": "sagemaker:HomeEfsFileSystemKmsKey", - "description": "This key is deprecated. It has been replaced by sagemaker:VolumeKmsKey", + "description": "Filters access by a key that is present in the request the user makes to the SageMaker service. This key is deprecated. It has been replaced by sagemaker:VolumeKmsKey", "type": "ARN" }, { @@ -145793,6 +159463,11 @@ "description": "Filters access by the max runtime in seconds associated with the resource in the request", "type": "Numeric" }, + { + "condition": "sagemaker:ModelApprovalStatus", + "description": "Filters access by the model approval status with the model-package in the request", + "type": "String" + }, { "condition": "sagemaker:ModelArn", "description": "Filters access by the model arn associated with the resource in the request", @@ -146008,6 +159683,11 @@ "dependent_actions": [], "resource_type": "image" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-recommendations-job" + }, { "condition_keys": [], "dependent_actions": [], @@ -146115,6 +159795,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more ModelPackages", + "privilege": "BatchDescribeModelPackage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-package*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve metrics associated with SageMaker Resources such as Training Jobs. This API is not publicly exposed at this point, however admins can control this action", @@ -146129,7 +159821,7 @@ }, { "access_level": "Read", - "description": "Get a batch of records from one or more feature groups.", + "description": "Grants permission to get a batch of records from one or more feature groups", "privilege": "BatchGetRecord", "resource_types": [ { @@ -146609,7 +160301,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a SageMaker Image", + "description": "Grants permission to create a SageMaker Image", "privilege": "CreateImage", "resource_types": [ { @@ -146631,7 +160323,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a SageMaker ImageVersion", + "description": "Grants permission to create a SageMaker ImageVersion", "privilege": "CreateImageVersion", "resource_types": [ { @@ -146641,6 +160333,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an inference recommendations job", + "privilege": "CreateInferenceRecommendationsJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "inference-recommendations-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start a labeling job. A labeling job takes unlabeled data in and produces labeled data as output, which can be used for training SageMaker models", @@ -146667,6 +160381,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a lineage group policy", + "privilege": "CreateLineageGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a model in Amazon SageMaker. In the request, you specify a name for the model and describe one or more containers", @@ -146770,7 +160496,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "sagemaker:ModelApprovalStatus" ], "dependent_actions": [], "resource_type": "" @@ -147413,7 +161140,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a SageMaker Image", + "description": "Grants permission to delete a SageMaker Image", "privilege": "DeleteImage", "resource_types": [ { @@ -147425,7 +161152,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a SageMaker ImageVersion", + "description": "Grants permission to delete a SageMaker ImageVersion", "privilege": "DeleteImageVersion", "resource_types": [ { @@ -147435,6 +161162,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a lineage group policy", + "privilege": "DeleteLineageGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a model created using the CreateModel API. The DeleteModel API deletes only the model entry in Amazon SageMaker that you created by calling the CreateModel API. It does not delete model artifacts, inference code, or the IAM role that you specified when creating the model", @@ -147591,6 +161330,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteStudioLifecycleConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to delete the specified set of tags from an Amazon SageMaker resource", @@ -147716,6 +161467,11 @@ "dependent_actions": [], "resource_type": "image" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-recommendations-job" + }, { "condition_keys": [], "dependent_actions": [], @@ -148119,7 +161875,7 @@ }, { "access_level": "Read", - "description": "Returns detailed information about the specified human review workflow user interface", + "description": "Grants permission to return detailed information about the specified human review workflow user interface", "privilege": "DescribeHumanTaskUi", "resource_types": [ { @@ -148143,7 +161899,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to return information about a SageMaker Image", + "description": "Grants permission to return information about a SageMaker Image", "privilege": "DescribeImage", "resource_types": [ { @@ -148155,7 +161911,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to return information about a SageMaker ImageVersion", + "description": "Grants permission to return information about a SageMaker ImageVersion", "privilege": "DescribeImageVersion", "resource_types": [ { @@ -148165,6 +161921,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about an inference recommendations job", + "privilege": "DescribeInferenceRecommendationsJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-recommendations-job*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a labeling job", @@ -148177,6 +161945,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a lineage group", + "privilege": "DescribeLineageGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a model that you created using the CreateModel API", @@ -148345,6 +162125,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeStudioLifecycleConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a subscribed workteam", @@ -148511,6 +162303,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retreive a lineage group policy", + "privilege": "GetLineageGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a ModelPackageGroup policy", @@ -148712,7 +162516,7 @@ }, { "access_level": "List", - "description": "Grants permission to list contexts.", + "description": "Grants permission to list contexts", "privilege": "ListContexts", "resource_types": [ { @@ -148880,7 +162684,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list ImageVersions that belong to a SageMaker Image", + "description": "Grants permission to list ImageVersions that belong to a SageMaker Image", "privilege": "ListImageVersions", "resource_types": [ { @@ -148892,7 +162696,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list SageMaker Images in your account", + "description": "Grants permission to list SageMaker Images in your account", "privilege": "ListImages", "resource_types": [ { @@ -148902,6 +162706,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list inference recommendations jobs", + "privilege": "ListInferenceRecommendationsJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list labeling jobs", @@ -148926,6 +162742,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list lineage groups", + "privilege": "ListLineageGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list model bias job definitions", @@ -148950,6 +162778,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list model metadata for inference recommendations jobs", + "privilege": "ListModelMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list ModelPackageGroups", @@ -148970,7 +162810,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-package-group" } ] }, @@ -149118,6 +162958,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListStudioLifecycleConfigs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list subscribed workteams", @@ -149423,6 +163275,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a lineage group policy", + "privilege": "PutLineageGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put a ModelPackageGroup policy", @@ -149447,6 +163311,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to explore the lineage graph", + "privilege": "QueryLineage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register a set of devices", @@ -149483,7 +163359,7 @@ }, { "access_level": "Read", - "description": "Search for SageMaker objects", + "description": "Grants permission to search for SageMaker objects", "privilege": "Search", "resource_types": [ { @@ -149637,6 +163513,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop an inference recommendations job", + "privilege": "StopInferenceRecommendationsJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-recommendations-job*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a labeling job. Any labels already generated will be exported before stopping", @@ -149866,7 +163754,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the properties of a SageMaker Image", + "description": "Grants permission to update the properties of a SageMaker Image", "privilege": "UpdateImage", "resource_types": [ { @@ -149887,6 +163775,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "model-package*" + }, + { + "condition_keys": [ + "sagemaker:ModelApprovalStatus" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -149979,6 +163874,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a Project", + "privilege": "UpdateProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a training job", @@ -150117,6 +164032,14 @@ ], "resource": "human-task-ui" }, + { + "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:inference-recommendations-job/${InferenceRecommendationsJobName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], + "resource": "inference-recommendations-job" + }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:labeling-job/${LabelingJobName}", "condition_keys": [ @@ -150416,6 +164339,14 @@ "sagemaker:ResourceTag/${TagKey}" ], "resource": "action" + }, + { + "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:lineage-group/${LineageGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], + "resource": "lineage-group" } ], "service_name": "Amazon SageMaker" @@ -151204,78 +165135,93 @@ { "conditions": [ { - "condition": "aws:RequestTag/tag-key", - "description": "Filters access by a key that is present in the request the user makes to the Secrets Manager service.", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a key that is present in the request the user makes to the Secrets Manager service", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key namespresent in the request the user makes to the Secrets Manager service.", + "description": "Filters access by the list of all the tag key namespresent in the request the user makes to the Secrets Manager service", "type": "String" }, + { + "condition": "secretsmanager:AddReplicaRegions", + "description": "Filters access by the list of Regions in which to replicate the secret", + "type": "ArrayOfString" + }, { "condition": "secretsmanager:BlockPublicPolicy", - "description": "Filters access by whether the resource policy blocks broad AWS account access.", - "type": "Boolean" + "description": "Filters access by whether the resource policy blocks broad AWS account access", + "type": "Bool" }, { "condition": "secretsmanager:Description", - "description": "Filters access by the description text in the request.", + "description": "Filters access by the description text in the request", "type": "String" }, { "condition": "secretsmanager:ForceDeleteWithoutRecovery", - "description": "Filters access by whether the secret is to be deleted immediately without any recovery window.", - "type": "Boolean" + "description": "Filters access by whether the secret is to be deleted immediately without any recovery window", + "type": "Bool" + }, + { + "condition": "secretsmanager:ForceOverwriteReplicaSecret", + "description": "Filters access by whether to overwrite a secret with the same name in the destination Region", + "type": "Bool" }, { "condition": "secretsmanager:KmsKeyId", - "description": "Filters access by the ARN of the KMS key in the request.", + "description": "Filters access by the ARN of the KMS key in the request", "type": "String" }, { "condition": "secretsmanager:Name", - "description": "Filters access by the friendly name of the secret in the request.", + "description": "Filters access by the friendly name of the secret in the request", "type": "String" }, { "condition": "secretsmanager:RecoveryWindowInDays", - "description": "Filters access by the number of days that Secrets Manager waits before it can delete the secret.", - "type": "Long" + "description": "Filters access by the number of days that Secrets Manager waits before it can delete the secret", + "type": "Numeric" }, { "condition": "secretsmanager:ResourceTag/tag-key", - "description": "Filters access by a tag key and value pair.", + "description": "Filters access by a tag key and value pair", "type": "String" }, { "condition": "secretsmanager:RotationLambdaARN", - "description": "Filters access by the ARN of the rotation Lambda function in the request.", + "description": "Filters access by the ARN of the rotation Lambda function in the request", "type": "ARN" }, { "condition": "secretsmanager:SecretId", - "description": "Filters access by the SecretID value in the request.", + "description": "Filters access by the SecretID value in the request", "type": "ARN" }, { "condition": "secretsmanager:SecretPrimaryRegion", - "description": "Primary region in which the secret is created.", + "description": "Filters access by primary region in which the secret is created", "type": "String" }, { "condition": "secretsmanager:VersionId", - "description": "Filters access by the unique identifier of the version of the secret in the request.", + "description": "Filters access by the unique identifier of the version of the secret in the request", "type": "String" }, { "condition": "secretsmanager:VersionStage", - "description": "Filters access by the list of version stages in the request.", + "description": "Filters access by the list of version stages in the request", "type": "String" }, { "condition": "secretsmanager:resource/AllowRotationLambdaArn", - "description": "Filters access by the ARN of the rotation Lambda function associated with the secret.", + "description": "Filters access by the ARN of the rotation Lambda function associated with the secret", "type": "ARN" } ], @@ -151283,7 +165229,7 @@ "privileges": [ { "access_level": "Write", - "description": "Enables the user to cancel an in-progress secret rotation.", + "description": "Grants permission to cancel an in-progress secret rotation", "privilege": "CancelRotateSecret", "resource_types": [ { @@ -151295,7 +165241,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151304,7 +165252,7 @@ }, { "access_level": "Write", - "description": "Enables the user to create a secret that stores encrypted data that can be queried and rotated.", + "description": "Grants permission to create a secret that stores encrypted data that can be queried and rotated", "privilege": "CreateSecret", "resource_types": [ { @@ -151317,9 +165265,12 @@ "secretsmanager:Name", "secretsmanager:Description", "secretsmanager:KmsKeyId", - "aws:RequestTag/tag-key", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "secretsmanager:AddReplicaRegions", + "secretsmanager:ForceOverwriteReplicaSecret" ], "dependent_actions": [], "resource_type": "" @@ -151328,7 +165279,7 @@ }, { "access_level": "Permissions management", - "description": "Enables the user to delete the resource policy attached to a secret.", + "description": "Grants permission to delete the resource policy attached to a secret", "privilege": "DeleteResourcePolicy", "resource_types": [ { @@ -151340,7 +165291,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151349,7 +165302,7 @@ }, { "access_level": "Write", - "description": "Enables the user to delete a secret.", + "description": "Grants permission to delete a secret", "privilege": "DeleteSecret", "resource_types": [ { @@ -151363,7 +165316,9 @@ "secretsmanager:resource/AllowRotationLambdaArn", "secretsmanager:RecoveryWindowInDays", "secretsmanager:ForceDeleteWithoutRecovery", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151372,7 +165327,7 @@ }, { "access_level": "Read", - "description": "Enables the user to retrieve the metadata about a secret, but not the encrypted data.", + "description": "Grants permission to retrieve the metadata about a secret, but not the encrypted data", "privilege": "DescribeSecret", "resource_types": [ { @@ -151384,7 +165339,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151393,7 +165350,7 @@ }, { "access_level": "Read", - "description": "Enables the user to generate a random string for use in password creation.", + "description": "Grants permission to generate a random string for use in password creation", "privilege": "GetRandomPassword", "resource_types": [ { @@ -151405,7 +165362,7 @@ }, { "access_level": "Read", - "description": "Enables the user to get the resource policy attached to a secret.", + "description": "Grants permission to get the resource policy attached to a secret", "privilege": "GetResourcePolicy", "resource_types": [ { @@ -151417,7 +165374,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151426,7 +165385,7 @@ }, { "access_level": "Read", - "description": "Enables the user to retrieve and decrypt the encrypted data.", + "description": "Grants permission to retrieve and decrypt the encrypted data", "privilege": "GetSecretValue", "resource_types": [ { @@ -151440,7 +165399,9 @@ "secretsmanager:VersionId", "secretsmanager:VersionStage", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151449,7 +165410,7 @@ }, { "access_level": "Read", - "description": "Enables the user to list the available versions of a secret.", + "description": "Grants permission to list the available versions of a secret", "privilege": "ListSecretVersionIds", "resource_types": [ { @@ -151461,7 +165422,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151470,7 +165433,7 @@ }, { "access_level": "List", - "description": "Enables the user to list the available secrets.", + "description": "Grants permission to list the available secrets", "privilege": "ListSecrets", "resource_types": [ { @@ -151482,7 +165445,7 @@ }, { "access_level": "Permissions management", - "description": "Enables the user to attach a resource policy to a secret.", + "description": "Grants permission to attach a resource policy to a secret", "privilege": "PutResourcePolicy", "resource_types": [ { @@ -151495,7 +165458,9 @@ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", "secretsmanager:ResourceTag/tag-key", - "secretsmanager:BlockPublicPolicy" + "aws:ResourceTag/${TagKey}", + "secretsmanager:BlockPublicPolicy", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151504,7 +165469,7 @@ }, { "access_level": "Write", - "description": "Enables the user to create a new version of the secret with new encrypted data.", + "description": "Grants permission to create a new version of the secret with new encrypted data", "privilege": "PutSecretValue", "resource_types": [ { @@ -151516,7 +165481,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151525,7 +165492,7 @@ }, { "access_level": "Write", - "description": "Remove regions from replication.", + "description": "Grants permission to remove regions from replication", "privilege": "RemoveRegionsFromReplication", "resource_types": [ { @@ -151537,7 +165504,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151546,7 +165515,7 @@ }, { "access_level": "Write", - "description": "Converts an existing secret to a multi-Region secret and begins replicating the secret to a list of new regions.", + "description": "Grants permission to convert an existing secret to a multi-Region secret and begin replicating the secret to a list of new regions", "privilege": "ReplicateSecretToRegions", "resource_types": [ { @@ -151558,7 +165527,11 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion", + "secretsmanager:AddReplicaRegions", + "secretsmanager:ForceOverwriteReplicaSecret" ], "dependent_actions": [], "resource_type": "" @@ -151567,7 +165540,7 @@ }, { "access_level": "Write", - "description": "Enables the user to cancel deletion of a secret.", + "description": "Grants permission to cancel deletion of a secret", "privilege": "RestoreSecret", "resource_types": [ { @@ -151579,7 +165552,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151588,7 +165563,7 @@ }, { "access_level": "Write", - "description": "Enables the user to start rotation of a secret.", + "description": "Grants permission to start rotation of a secret", "privilege": "RotateSecret", "resource_types": [ { @@ -151601,7 +165576,9 @@ "secretsmanager:SecretId", "secretsmanager:RotationLambdaARN", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151610,7 +165587,7 @@ }, { "access_level": "Write", - "description": "Removes the secret from replication and promotes the secret to a regional secret in the replica Region.", + "description": "Grants permission to remove the secret from replication and promote the secret to a regional secret in the replica Region", "privilege": "StopReplicationToReplica", "resource_types": [ { @@ -151622,7 +165599,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151631,7 +165610,7 @@ }, { "access_level": "Tagging", - "description": "Enables the user to add tags to a secret.", + "description": "Grants permission to add tags to a secret", "privilege": "TagResource", "resource_types": [ { @@ -151642,10 +165621,12 @@ { "condition_keys": [ "secretsmanager:SecretId", - "aws:RequestTag/tag-key", + "aws:RequestTag/${TagKey}", "aws:TagKeys", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151654,7 +165635,7 @@ }, { "access_level": "Tagging", - "description": "Enables the user to remove tags from a secret.", + "description": "Grants permission to remove tags from a secret", "privilege": "UntagResource", "resource_types": [ { @@ -151667,7 +165648,9 @@ "secretsmanager:SecretId", "aws:TagKeys", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151676,7 +165659,7 @@ }, { "access_level": "Write", - "description": "Enables the user to update a secret with new metadata or with a new version of the encrypted data.", + "description": "Grants permission to update a secret with new metadata or with a new version of the encrypted data", "privilege": "UpdateSecret", "resource_types": [ { @@ -151690,7 +165673,9 @@ "secretsmanager:Description", "secretsmanager:KmsKeyId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151699,7 +165684,7 @@ }, { "access_level": "Write", - "description": "Enables the user to move a stage from one secret to another.", + "description": "Grants permission to move a stage from one secret to another", "privilege": "UpdateSecretVersionStage", "resource_types": [ { @@ -151712,7 +165697,9 @@ "secretsmanager:SecretId", "secretsmanager:VersionStage", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151721,7 +165708,7 @@ }, { "access_level": "Permissions management", - "description": "Enables the user to validate a resource policy before attaching policy.", + "description": "Grants permission to validate a resource policy before attaching policy", "privilege": "ValidateResourcePolicy", "resource_types": [ { @@ -151733,7 +165720,9 @@ "condition_keys": [ "secretsmanager:SecretId", "secretsmanager:resource/AllowRotationLambdaArn", - "secretsmanager:ResourceTag/tag-key" + "secretsmanager:ResourceTag/tag-key", + "aws:ResourceTag/${TagKey}", + "secretsmanager:SecretPrimaryRegion" ], "dependent_actions": [], "resource_type": "" @@ -151745,7 +165734,8 @@ { "arn": "arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}", "condition_keys": [ - "aws:RequestTag/tag-key", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", "secretsmanager:ResourceTag/tag-key", "secretsmanager:resource/AllowRotationLambdaArn" @@ -151759,27 +165749,27 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by actions based on the presence of tag keys in the request", "type": "String" }, { "condition": "securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}", - "description": "Filters access based on the presence of specific fields and values in the request", + "description": "Filters access by the specified fields and values in the request", "type": "String" }, { "condition": "securityhub:TargetAccount", - "description": "Filters access based on the presence of AwsAccountId field in the requests", + "description": "Filters access by the AwsAccountId field that is specified in the request", "type": "String" } ], @@ -151883,6 +165873,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration", + "privilege": "CreateFindingAggregator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create insights in Security Hub. Insights are collections of related findings", @@ -151931,6 +165933,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a finding aggregator, which disables finding aggregation across Regions", + "privilege": "DeleteFindingAggregator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "finding-aggregator*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete insights from Security Hub", @@ -152209,6 +166223,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for a finding aggregator, which configures finding aggregation across Regions", + "privilege": "GetFindingAggregator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "finding-aggregator*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of findings from Security Hub", @@ -152365,6 +166391,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration", + "privilege": "ListFindingAggregators", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the Security Hub invitations sent to the account", @@ -152475,6 +166513,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration", + "privilege": "UpdateFindingAggregator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "finding-aggregator*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update Security Hub findings", @@ -152548,6 +166598,11 @@ "arn": "arn:${Partition}:securityhub:${Region}:${Account}:product/${Company}/${ProductId}", "condition_keys": [], "resource": "product" + }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:finding-aggregator/${FindingAggregatorId}", + "condition_keys": [], + "resource": "finding-aggregator" } ], "service_name": "AWS Security Hub" @@ -152793,32 +166848,32 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" }, { "condition": "servicecatalog:accountLevel", - "description": "Filters users to see and perform actions on resources created by anyone in the account", + "description": "Filters access by user to see and perform actions on resources created by anyone in the account", "type": "String" }, { "condition": "servicecatalog:roleLevel", - "description": "Filters users to see and perform actions on resources created either by them or by anyone federating into the same role as them", + "description": "Filters access by user to see and perform actions on resources created either by them or by anyone federating into the same role as them", "type": "String" }, { "condition": "servicecatalog:userLevel", - "description": "Filters users to see and perform actions on only resources that they created", + "description": "Filters access by user to see and perform actions on only resources that they created", "type": "String" } ], @@ -153078,7 +167133,11 @@ "privilege": "CreateProvisionedProductPlan", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153198,7 +167257,11 @@ "privilege": "DeleteProvisionedProductPlan", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153342,7 +167405,11 @@ "privilege": "DescribeProvisionedProduct", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153354,7 +167421,11 @@ "privilege": "DescribeProvisionedProductPlan", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153418,7 +167489,11 @@ "privilege": "DescribeServiceActionExecutionParameters", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153560,7 +167635,11 @@ "privilege": "ExecuteProvisionedProductPlan", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153572,7 +167651,11 @@ "privilege": "ExecuteProvisionedProductServiceAction", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153812,7 +167895,11 @@ "privilege": "ListProvisionedProductPlans", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -153891,6 +167978,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Product*" + }, + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -153900,7 +167996,11 @@ "privilege": "ListStackInstancesForProvisionedProduct", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -154700,27 +168800,47 @@ ], "service_name": "AWS Cloud Map" }, + { + "conditions": [], + "prefix": "serviceextract", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get required configuration for the AWS Microservice Extractor for .NET desktop client", + "privilege": "GetConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Microservice Extractor for .NET" + }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" }, { "condition": "servicequotas:service", - "description": "Filters or restricts access to a specified AWS service", - "type": "string" + "description": "Filters access by the specified AWS service", + "type": "String" } ], "prefix": "servicequotas", @@ -154894,7 +169014,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to view the existing tags on a SQ resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -155034,9 +169154,14 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new configuration set", + "description": "Grants permission to create a configuration set", "privilege": "CreateConfigurationSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, { "condition_keys": [ "aws:TagKeys", @@ -155068,17 +169193,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a contact", - "privilege": "CreateContact", + "description": "Grants permission to create a new pool of dedicated IP addresses", + "privilege": "CreateDedicatedIpPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" + "resource_type": "dedicated-ip-pool*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -155087,9 +169213,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a contact list", - "privilege": "CreateContactList", + "description": "Grants permission to create a new predictive inbox placement test", + "privilege": "CreateDeliverabilityTestReport", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, { "condition_keys": [ "aws:TagKeys", @@ -155102,25 +169233,37 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new custom verification email template", - "privilege": "CreateCustomVerificationEmailTemplate", + "description": "Grants permission to start the process of verifying an email identity", + "privilege": "CreateEmailIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new pool of dedicated IP addresses", - "privilege": "CreateDedicatedIpPool", + "description": "Grants permission to delete an existing configuration set", + "privilege": "DeleteConfigurationSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -155129,18 +169272,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new predictive inbox placement test", - "privilege": "CreateDeliverabilityTestReport", + "description": "Grants permission to delete an event destination", + "privilege": "DeleteConfigurationSetEventDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -155149,13 +169291,17 @@ }, { "access_level": "Write", - "description": "Grants permission to start the process of verifying an email identity", - "privilege": "CreateEmailIdentity", + "description": "Grants permission to delete a dedicated IP pool", + "privilege": "DeleteDedicatedIpPool", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -155163,9 +169309,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create the specified sending authorization policy for the given identity", - "privilege": "CreateEmailIdentityPolicy", + "access_level": "Write", + "description": "Grants permission to delete an email identity that you previously verified", + "privilege": "DeleteEmailIdentity", "resource_types": [ { "condition_keys": [], @@ -155182,9 +169328,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an email template", - "privilege": "CreateEmailTemplate", + "access_level": "Read", + "description": "Grants permission to get information about the email-sending status and capabilities", + "privilege": "GetAccount", "resource_types": [ { "condition_keys": [], @@ -155194,9 +169340,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to creates an import job for a data destination", - "privilege": "CreateImportJob", + "access_level": "Read", + "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses appear", + "privilege": "GetBlacklistReports", "resource_types": [ { "condition_keys": [], @@ -155206,9 +169352,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing configuration set", - "privilege": "DeleteConfigurationSet", + "access_level": "Read", + "description": "Grants permission to get information about an existing configuration set", + "privilege": "GetConfigurationSet", "resource_types": [ { "condition_keys": [], @@ -155225,9 +169371,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event destination", - "privilege": "DeleteConfigurationSetEventDestination", + "access_level": "Read", + "description": "Grants permission to retrieve a list of event destinations that are associated with a configuration set", + "privilege": "GetConfigurationSetEventDestinations", "resource_types": [ { "condition_keys": [], @@ -155244,33 +169390,26 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a contact from a contact list", - "privilege": "DeleteContact", + "access_level": "Read", + "description": "Grants permission to get information about a dedicated IP address", + "privilege": "GetDedicatedIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a contact list with all of its contacts", - "privilege": "DeleteContactList", + "access_level": "Read", + "description": "Grants permission to list the dedicated IP addresses that are associated with your account", + "privilege": "GetDedicatedIps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" + "resource_type": "dedicated-ip-pool*" }, { "condition_keys": [ @@ -155282,15 +169421,10 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing custom verification email template", - "privilege": "DeleteCustomVerificationEmailTemplate", + "access_level": "Read", + "description": "Grants permission to get the status of the Deliverability dashboard", + "privilege": "GetDeliverabilityDashboardOptions", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, { "condition_keys": [], "dependent_actions": [], @@ -155299,14 +169433,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a dedicated IP pool", - "privilege": "DeleteDedicatedIpPool", + "access_level": "Read", + "description": "Grants permission to retrieve the results of a predictive inbox placement test", + "privilege": "GetDeliverabilityTestReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" + "resource_type": "deliverability-test-report*" }, { "condition_keys": [ @@ -155318,9 +169452,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an email identity", - "privilege": "DeleteEmailIdentity", + "access_level": "Read", + "description": "Grants permission to retrieve all the deliverability data for a specific campaign", + "privilege": "GetDomainDeliverabilityCampaign", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve inbox placement and engagement rates for the domains that you use to send email", + "privilege": "GetDomainStatisticsReport", "resource_types": [ { "condition_keys": [], @@ -155337,9 +169483,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "DeleteEmailIdentityPolicy", + "access_level": "Read", + "description": "Grants permission to get information about a specific identity associated with your account", + "privilege": "GetEmailIdentity", "resource_types": [ { "condition_keys": [], @@ -155356,21 +169502,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an email template", - "privilege": "DeleteEmailTemplate", + "access_level": "List", + "description": "Grants permission to list all of the configuration sets associated with your account", + "privilege": "ListConfigurationSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an email address from the suppression list for your account", - "privilege": "DeleteSuppressedDestination", + "access_level": "List", + "description": "Grants permission to list all of the dedicated IP pools that exist in your account", + "privilege": "ListDedicatedIpPools", "resource_types": [ { "condition_keys": [], @@ -155380,9 +169526,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the email-sending status and capabilities for your account", - "privilege": "GetAccount", + "access_level": "List", + "description": "Grants permission to retrieve a list of the predictive inbox placement tests that you've performed, regardless of their statuses", + "privilege": "ListDeliverabilityTestReports", "resource_types": [ { "condition_keys": [], @@ -155393,8 +169539,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses or tracked domains appear", - "privilege": "GetBlacklistReports", + "description": "Grants permission to retrieve deliverability data for all the campaigns that used a specific domain to send email during a specified time range", + "privilege": "ListDomainDeliverabilityCampaigns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the email identities that are associated with your account", + "privilege": "ListEmailIdentities", "resource_types": [ { "condition_keys": [], @@ -155405,8 +169563,64 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about an existing configuration set", - "privilege": "GetConfigurationSet", + "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverability-test-report" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable the automatic warm-up feature for dedicated IP addresses", + "privilege": "PutAccountDedicatedIpWarmupAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable the ability of your account to send email", + "privilege": "PutAccountSendingAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration set with a dedicated IP pool", + "privilege": "PutConfigurationSetDeliveryOptions", "resource_types": [ { "condition_keys": [], @@ -155423,9 +169637,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of event destinations that are associated with a configuration set", - "privilege": "GetConfigurationSetEventDestinations", + "access_level": "Write", + "description": "Grants permission to enable or disable collection of reputation metrics for emails that you send using a particular configuration set", + "privilege": "PutConfigurationSetReputationOptions", "resource_types": [ { "condition_keys": [], @@ -155442,14 +169656,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return a contact from a contact list", - "privilege": "GetContact", + "access_level": "Write", + "description": "Grants permission to enable or disable email sending for messages that use a particular configuration set", + "privilege": "PutConfigurationSetSendingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" + "resource_type": "configuration-set*" }, { "condition_keys": [ @@ -155461,27 +169675,48 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return contact list metadata", - "privilege": "GetContactList", + "access_level": "Write", + "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send using a particular configuration set", + "privilege": "PutConfigurationSetTrackingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the custom email verification template for the template name you specify", - "privilege": "GetCustomVerificationEmailTemplate", + "access_level": "Write", + "description": "Grants permission to move a dedicated IP address to an existing dedicated IP pool", + "privilege": "PutDedicatedIpInPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-verification-email-template*" + "resource_type": "dedicated-ip-pool*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable dedicated IP warm up attributes", + "privilege": "PutDedicatedIpWarmupAttributes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], @@ -155490,9 +169725,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a dedicated IP address", - "privilege": "GetDedicatedIp", + "access_level": "Write", + "description": "Grants permission to enable or disable the Deliverability dashboard", + "privilege": "PutDeliverabilityDashboardOption", "resource_types": [ { "condition_keys": [], @@ -155502,14 +169737,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the dedicated IP addresses a dedicated IP pool", - "privilege": "GetDedicatedIps", + "access_level": "Write", + "description": "Grants permission to enable or disable DKIM authentication for an email identity", + "privilege": "PutEmailIdentityDkimAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" + "resource_type": "identity*" }, { "condition_keys": [ @@ -155521,26 +169756,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of the Deliverability dashboard", - "privilege": "GetDeliverabilityDashboardOptions", + "access_level": "Write", + "description": "Grants permission to enable or disable feedback forwarding for an identity", + "privilege": "PutEmailIdentityFeedbackAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the results of a predictive inbox placement test", - "privilege": "GetDeliverabilityTestReport", + "access_level": "Write", + "description": "Grants permission to enable or disable the custom MAIL FROM domain configuration for an email identity", + "privilege": "PutEmailIdentityMailFromAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report*" + "resource_type": "identity*" }, { "condition_keys": [ @@ -155552,30 +169794,71 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all the deliverability data for a specific campaign", - "privilege": "GetDomainDeliverabilityCampaign", + "access_level": "Write", + "description": "Grants permission to send an email message", + "privilege": "SendEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template" + }, + { + "condition_keys": [ + "ses:FeedbackAddress", + "ses:FromAddress", + "ses:FromDisplayName", + "ses:Recipients" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve inbox placement and engagement rates for the domains that you use to send email", - "privilege": "GetDomainStatisticsReport", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags (keys and values) to a specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverability-test-report" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -155583,18 +169866,38 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a specific identity", - "privilege": "GetEmailIdentity", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverability-test-report" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -155602,14 +169905,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", - "privilege": "GetEmailIdentityPolicies", + "access_level": "Write", + "description": "Grants permission to update the configuration of an event destination for a configuration set", + "privilege": "UpdateConfigurationSetEventDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set*" }, { "condition_keys": [ @@ -155621,45 +169924,50 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", - "privilege": "GetEmailTemplate", + "access_level": "Write", + "description": "Grants permission to create a receipt rule set by cloning an existing one", + "privilege": "CloneReceiptRuleSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide information about an import job", - "privilege": "GetImportJob", + "access_level": "Write", + "description": "Grants permission to creates an association between a configuration set and a custom domain for open and click event tracking", + "privilege": "CreateConfigurationSetTrackingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "import-job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", - "privilege": "GetSuppressedDestination", + "access_level": "Write", + "description": "Grants permission to create a new custom verification email template", + "privilege": "CreateCustomVerificationEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the configuration sets for your account", - "privilege": "ListConfigurationSets", + "access_level": "Write", + "description": "Grants permission to create a new IP address filter", + "privilege": "CreateReceiptFilter", "resource_types": [ { "condition_keys": [], @@ -155669,9 +169977,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the contact lists available for your account", - "privilege": "ListContactLists", + "access_level": "Write", + "description": "Grants permission to create a receipt rule", + "privilege": "CreateReceiptRule", "resource_types": [ { "condition_keys": [], @@ -155681,21 +169989,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the contacts present in a specific contact list", - "privilege": "ListContacts", + "access_level": "Write", + "description": "Grants permission to create an empty receipt rule set", + "privilege": "CreateReceiptRuleSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the existing custom verification email templates for your account", - "privilege": "ListCustomVerificationEmailTemplates", + "access_level": "Write", + "description": "Grants permission to creates an email template", + "privilege": "CreateTemplate", "resource_types": [ { "condition_keys": [], @@ -155705,9 +170013,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the dedicated IP pools for your account", - "privilege": "ListDedicatedIpPools", + "access_level": "Write", + "description": "Grants permission to delete an association between a configuration set and a custom domain for open and click event tracking", + "privilege": "DeleteConfigurationSetTrackingOptions", "resource_types": [ { "condition_keys": [], @@ -155717,10 +170025,15 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the list of the predictive inbox placement tests that you've performed, regardless of their statuses, for your account", - "privilege": "ListDeliverabilityTestReports", + "access_level": "Write", + "description": "Grants permission to delete an existing custom verification email template", + "privilege": "DeleteCustomVerificationEmailTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + }, { "condition_keys": [], "dependent_actions": [], @@ -155729,33 +170042,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list deliverability data for campaigns that used a specific domain to send email during a specified time range", - "privilege": "ListDomainDeliverabilityCampaigns", + "access_level": "Write", + "description": "Grants permission to delete the specified identity", + "privilege": "DeleteIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the email identities for your account", - "privilege": "ListEmailIdentities", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "DeleteIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the email templates for your account", - "privilege": "ListEmailTemplates", + "access_level": "Write", + "description": "Grants permission to delete the specified IP address filter", + "privilege": "DeleteReceiptFilter", "resource_types": [ { "condition_keys": [], @@ -155765,9 +170078,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the import jobs for your account", - "privilege": "ListImportJobs", + "access_level": "Write", + "description": "Grants permission to delete the specified receipt rule", + "privilege": "DeleteReceiptRule", "resource_types": [ { "condition_keys": [], @@ -155777,9 +170090,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list email addresses that are on the suppression list for your account", - "privilege": "ListSuppressedDestinations", + "access_level": "Write", + "description": "Grants permission to delete the specified receipt rule set and all of the receipt rules it contains", + "privilege": "DeleteReceiptRuleSet", "resource_types": [ { "condition_keys": [], @@ -155789,41 +170102,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource for your account", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete an email template", + "privilege": "DeleteTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dedicated-ip-pool" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified email address from the list of verified addresses", + "privilege": "DeleteVerifiedEmailAddress", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the metadata and receipt rules for the receipt rule set that is currently active", + "privilege": "DescribeActiveReceiptRuleSet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable the automatic warm-up feature for dedicated IP addresses", - "privilege": "PutAccountDedicatedIpWarmupAttributes", + "access_level": "Read", + "description": "Grants permission to return the details of the specified configuration set", + "privilege": "DescribeConfigurationSet", "resource_types": [ { "condition_keys": [], @@ -155833,9 +170150,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update your account details", - "privilege": "PutAccountDetails", + "access_level": "Read", + "description": "Grants permission to return the details of the specified receipt rule", + "privilege": "DescribeReceiptRule", "resource_types": [ { "condition_keys": [], @@ -155845,9 +170162,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable the ability to send email for your account", - "privilege": "PutAccountSendingAttributes", + "access_level": "Read", + "description": "Grants permission to return the details of the specified receipt rule set", + "privilege": "DescribeReceiptRuleSet", "resource_types": [ { "condition_keys": [], @@ -155857,9 +170174,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to change the settings for the account-level suppression list", - "privilege": "PutAccountSuppressionAttributes", + "access_level": "Read", + "description": "Grants permission to return the email sending status of your account", + "privilege": "GetAccountSendingEnabled", "resource_types": [ { "condition_keys": [], @@ -155869,123 +170186,122 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate a configuration set with a dedicated IP pool", - "privilege": "PutConfigurationSetDeliveryOptions", + "access_level": "Read", + "description": "Grants permission to return the custom email verification template for the template name you specify", + "privilege": "GetCustomVerificationEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" + "resource_type": "custom-verification-email-template*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable collection of reputation metrics for emails that you send using a particular configuration set", - "privilege": "PutConfigurationSetReputationOptions", + "access_level": "Read", + "description": "Grants permission to return the current status of Easy DKIM signing for an entity", + "privilege": "GetIdentityDkimAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the custom MAIL FROM attributes for a list of identities (email addresses and/or domains)", + "privilege": "GetIdentityMailFromDomainAttributes", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable email sending for messages that use a particular configuration set", - "privilege": "PutConfigurationSetSendingOptions", + "access_level": "Read", + "description": "Grants permission to return a structure describing identity notification attributes for a list of verified identities (email addresses and/or domains),", + "privilege": "GetIdentityNotificationAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", + "privilege": "GetIdentityPolicies", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "Write", - "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", - "privilege": "PutConfigurationSetSuppressionOptions", + "access_level": "Read", + "description": "Grants permission to return the verification status and (for domain identities) the verification token for a list of identities", + "privilege": "GetIdentityVerificationAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the user's current sending limits", + "privilege": "GetSendQuota", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send for a particular configuration set", - "privilege": "PutConfigurationSetTrackingOptions", + "access_level": "Read", + "description": "Grants permission to returns the user's sending statistics", + "privilege": "GetSendStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to move a dedicated IP address to an existing dedicated IP pool", - "privilege": "PutDedicatedIpInPool", + "access_level": "Read", + "description": "Grants permission to return the template object, which includes the subject line, HTML par, and text part for the template you specify", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put Dedicated IP warm up attributes", - "privilege": "PutDedicatedIpWarmupAttributes", + "access_level": "List", + "description": "Grants permission to list all of the existing custom verification email templates for your account", + "privilege": "ListCustomVerificationEmailTemplates", "resource_types": [ { "condition_keys": [], @@ -155995,9 +170311,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable the Deliverability dashboard", - "privilege": "PutDeliverabilityDashboardOption", + "access_level": "List", + "description": "Grants permission to list the email identities for your account", + "privilege": "ListIdentities", "resource_types": [ { "condition_keys": [], @@ -156007,109 +170323,81 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate a configuration set with an email identity", - "privilege": "PutEmailIdentityConfigurationSetAttributes", + "access_level": "List", + "description": "Grants permission to list all of the email templates for your account", + "privilege": "ListIdentityPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the IP address filters associated with your account", + "privilege": "ListReceiptFilters", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable DKIM authentication for an email identity", - "privilege": "PutEmailIdentityDkimAttributes", + "access_level": "Read", + "description": "Grants permission to list the receipt rule sets that exist under your account", + "privilege": "ListReceiptRuleSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", - "privilege": "PutEmailIdentityDkimSigningAttributes", + "access_level": "List", + "description": "Grants permission to list the email templates present in your account", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable feedback forwarding for an email identity", - "privilege": "PutEmailIdentityFeedbackAttributes", + "access_level": "Read", + "description": "Grants permission to list all of the email addresses that have been verified in your account", + "privilege": "ListVerifiedEmailAddresses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable the custom MAIL FROM domain configuration for an email identity", - "privilege": "PutEmailIdentityMailFromAttributes", + "access_level": "Permissions management", + "description": "Grants permission to add or update a sending authorization policy for the specified identity (an email address or a domain)", + "privilege": "PutIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add an email address to the suppression list", - "privilege": "PutSuppressedDestination", + "description": "Grants permission to reorder the receipt rules within a receipt rule set", + "privilege": "ReorderReceiptRuleSet", "resource_types": [ { "condition_keys": [], @@ -156120,30 +170408,42 @@ }, { "access_level": "Write", - "description": "Grants permission to compose an email message to multiple destinations", - "privilege": "SendBulkEmail", + "description": "Grants permission to generate and send a bounce message to the sender of an email you received through Amazon SES", + "privilege": "SendBounce", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:FromAddress" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add an email address to the list of identities and attempts to verify it", - "privilege": "SendCustomVerificationEmail", + "description": "Grants permission to compose an email message to multiple destinations", + "privilege": "SendBulkTemplatedEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-verification-email-template*" + "resource_type": "identity*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" }, { "condition_keys": [ @@ -156159,14 +170459,19 @@ }, { "access_level": "Write", - "description": "Grants permission to send an email message", - "privilege": "SendEmail", + "description": "Grants permission to add an email address to the list of identities and attempts to verify it for your account", + "privilege": "SendCustomVerificationEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + }, { "condition_keys": [ "ses:FeedbackAddress", @@ -156180,39 +170485,58 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags (keys and values) to a specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to send an email message, with header and content specified by the client", + "privilege": "SendRawEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set" + "resource_type": "identity*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list" + "resource_type": "configuration-set" }, + { + "condition_keys": [ + "ses:FeedbackAddress", + "ses:FromAddress", + "ses:FromDisplayName", + "ses:Recipients" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to compose an email message using an email template", + "privilege": "SendTemplatedEmail", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool" + "resource_type": "identity*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report" + "resource_type": "template*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity" + "resource_type": "configuration-set" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:FeedbackAddress", + "ses:FromAddress", + "ses:FromDisplayName", + "ses:Recipients" ], "dependent_actions": [], "resource_type": "" @@ -156221,50 +170545,83 @@ }, { "access_level": "Write", - "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", - "privilege": "TestRenderEmailTemplate", + "description": "Grants permission to set the specified receipt rule set as the active receipt rule set", + "privilege": "SetActiveReceiptRuleSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to enable or disable Easy DKIM signing of email sent from an identity", + "privilege": "SetIdentityDkimEnabled", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable whether Amazon SES forwards bounce and complaint notifications for an identity (an email address or a domain)", + "privilege": "SetIdentityFeedbackForwardingEnabled", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set whether Amazon SES includes the original email headers in the Amazon Simple Notification Service (Amazon SNS) notifications of a specified type for a given identity (an email address or a domain)", + "privilege": "SetIdentityHeadersInNotificationsEnabled", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable the custom MAIL FROM domain setup for a verified identity", + "privilege": "SetIdentityMailFromDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set an Amazon Simple Notification Service (Amazon SNS) topic to use when delivering notifications for a verified identity", + "privilege": "SetIdentityNotificationTopic", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the position of the specified receipt rule in the receipt rule set", + "privilege": "SetReceiptRulePosition", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -156272,37 +170629,35 @@ }, { "access_level": "Write", - "description": "Grants permission to update the configuration of an event destination for a configuration set", - "privilege": "UpdateConfigurationSetEventDestination", + "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", + "privilege": "TestRenderTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a contact's preferences for a list", - "privilege": "UpdateContact", + "description": "Grants permission to enable or disable email sending for your account", + "privilege": "UpdateAccountSendingEnabled", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable the publishing of reputation metrics for emails sent using a specific configuration set", + "privilege": "UpdateConfigurationSetReputationMetricsEnabled", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -156310,18 +170665,23 @@ }, { "access_level": "Write", - "description": "Grants permission to update contact list metadata", - "privilege": "UpdateContactList", + "description": "Grants permission to enable or disable email sending for messages sent using a specific configuration set", + "privilege": "UpdateConfigurationSetSendingEnabled", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-list*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an association between a configuration set and a custom domain for open and click event tracking", + "privilege": "UpdateConfigurationSetTrackingOptions", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -156345,20 +170705,13 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "UpdateEmailIdentityPolicy", + "access_level": "Write", + "description": "Grants permission to update a receipt rule", + "privilege": "UpdateReceiptRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] @@ -156366,31 +170719,31 @@ { "access_level": "Write", "description": "Grants permission to update an email template", - "privilege": "UpdateEmailTemplate", + "privilege": "UpdateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a receipt rule set by cloning an existing one", - "privilege": "CloneReceiptRuleSet", + "description": "Grants permission to return a set of DKIM tokens for a domain", + "privilege": "VerifyDomainDkim", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { "access_level": "Write", - "description": "Grants permission to creates an association between a configuration set and a custom domain for open and click event tracking", - "privilege": "CreateConfigurationSetTrackingOptions", + "description": "Grants permission to verify a domain", + "privilege": "VerifyDomainIdentity", "resource_types": [ { "condition_keys": [], @@ -156401,8 +170754,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new IP address filter", - "privilege": "CreateReceiptFilter", + "description": "Grants permission to verify an email address", + "privilege": "VerifyEmailAddress", "resource_types": [ { "condition_keys": [], @@ -156413,8 +170766,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a receipt rule", - "privilege": "CreateReceiptRule", + "description": "Grants permission to verify an email identity", + "privilege": "VerifyEmailIdentity", "resource_types": [ { "condition_keys": [], @@ -156425,23 +170778,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create an empty receipt rule set", - "privilege": "CreateReceiptRuleSet", + "description": "Grants permission to create a contact", + "privilege": "CreateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to creates an email template", - "privilege": "CreateTemplate", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -156449,47 +170797,38 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an association between a configuration set and a custom domain for open and click event tracking", - "privilege": "DeleteConfigurationSetTrackingOptions", + "description": "Grants permission to create a contact list", + "privilege": "CreateContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified identity", - "privilege": "DeleteIdentity", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "DeleteIdentityPolicy", + "description": "Grants permission to create the specified sending authorization policy for the given identity", + "privilege": "CreateEmailIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified IP address filter", - "privilege": "DeleteReceiptFilter", - "resource_types": [ + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -156497,20 +170836,20 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified receipt rule", - "privilege": "DeleteReceiptRule", + "description": "Grants permission to create an email template", + "privilege": "CreateEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified receipt rule set and all of the receipt rules it contains", - "privilege": "DeleteReceiptRuleSet", + "description": "Grants permission to creates an import job for a data destination", + "privilege": "CreateImportJob", "resource_types": [ { "condition_keys": [], @@ -156521,80 +170860,77 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an email template", - "privilege": "DeleteTemplate", + "description": "Grants permission to delete a contact from a contact list", + "privilege": "DeleteContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified email address from the list of verified addresses", - "privilege": "DeleteVerifiedEmailAddress", + "description": "Grants permission to delete a contact list with all of its contacts", + "privilege": "DeleteContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the metadata and receipt rules for the receipt rule set that is currently active", - "privilege": "DescribeActiveReceiptRuleSet", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the details of the specified configuration set", - "privilege": "DescribeConfigurationSet", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "DeleteEmailIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the details of the specified receipt rule", - "privilege": "DescribeReceiptRule", - "resource_types": [ + "resource_type": "identity*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the details of the specified receipt rule set", - "privilege": "DescribeReceiptRuleSet", + "access_level": "Write", + "description": "Grants permission to delete an email template", + "privilege": "DeleteEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the email sending status of your account", - "privilege": "GetAccountSendingEnabled", + "access_level": "Write", + "description": "Grants permission to remove an email address from the suppression list for your account", + "privilege": "DeleteSuppressedDestination", "resource_types": [ { "condition_keys": [], @@ -156605,92 +170941,82 @@ }, { "access_level": "Read", - "description": "Grants permission to return the current status of Easy DKIM signing for an entity", - "privilege": "GetIdentityDkimAttributes", + "description": "Grants permission to return a contact from a contact list", + "privilege": "GetContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the custom MAIL FROM attributes for a list of identities (email addresses and/or domains)", - "privilege": "GetIdentityMailFromDomainAttributes", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a structure describing identity notification attributes for a list of verified identities (email addresses and/or domains),", - "privilege": "GetIdentityNotificationAttributes", + "description": "Grants permission to return contact list metadata", + "privilege": "GetContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "contact-list*" } ] }, { "access_level": "Read", "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", - "privilege": "GetIdentityPolicies", + "privilege": "GetEmailIdentityPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the verification status and (for domain identities) the verification token for a list of identities", - "privilege": "GetIdentityVerificationAttributes", - "resource_types": [ + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the user's current sending limits", - "privilege": "GetSendQuota", + "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", + "privilege": "GetEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to returns the user's sending statistics", - "privilege": "GetSendStatistics", + "description": "Grants permission to provide information about an import job", + "privilege": "GetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "import-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the template object, which includes the subject line, HTML par, and text part for the template you specify", - "privilege": "GetTemplate", + "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", + "privilege": "GetSuppressedDestination", "resource_types": [ { "condition_keys": [], @@ -156701,8 +171027,8 @@ }, { "access_level": "List", - "description": "Grants permission to list the email identities for your account", - "privilege": "ListIdentities", + "description": "Grants permission to list all of the contact lists available for your account", + "privilege": "ListContactLists", "resource_types": [ { "condition_keys": [], @@ -156713,32 +171039,20 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the email templates for your account", - "privilege": "ListIdentityPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the IP address filters associated with your account", - "privilege": "ListReceiptFilters", + "description": "Grants permission to list the contacts present in a specific contact list", + "privilege": "ListContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact-list*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the receipt rule sets that exist under your account", - "privilege": "ListReceiptRuleSets", + "access_level": "List", + "description": "Grants permission to list all of the email templates for your account", + "privilege": "ListEmailTemplates", "resource_types": [ { "condition_keys": [], @@ -156749,8 +171063,8 @@ }, { "access_level": "List", - "description": "Grants permission to list the email templates present in your account", - "privilege": "ListTemplates", + "description": "Grants permission to list all of the import jobs for your account", + "privilege": "ListImportJobs", "resource_types": [ { "condition_keys": [], @@ -156761,8 +171075,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list all of the email addresses that have been verified in your account", - "privilege": "ListVerifiedEmailAddresses", + "description": "Grants permission to list email addresses that are on the suppression list for your account", + "privilege": "ListSuppressedDestinations", "resource_types": [ { "condition_keys": [], @@ -156772,21 +171086,21 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to add or update a sending authorization policy for the specified identity (an email address or a domain)", - "privilege": "PutIdentityPolicy", + "access_level": "Write", + "description": "Grants permission to update your account details", + "privilege": "PutAccountDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reorder the receipt rules within a receipt rule set", - "privilege": "ReorderReceiptRuleSet", + "description": "Grants permission to change the settings for the account-level suppression list", + "privilege": "PutAccountSuppressionAttributes", "resource_types": [ { "condition_keys": [], @@ -156797,17 +171111,17 @@ }, { "access_level": "Write", - "description": "Grants permission to generate and send a bounce message to the sender of an email you received through Amazon SES", - "privilege": "SendBounce", + "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", + "privilege": "PutConfigurationSetSuppressionOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set*" }, { "condition_keys": [ - "ses:FromAddress" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -156816,20 +171130,22 @@ }, { "access_level": "Write", - "description": "Grants permission to compose an email message to multiple destinations", - "privilege": "SendBulkTemplatedEmail", + "description": "Grants permission to associate a configuration set with an email identity", + "privilege": "PutEmailIdentityConfigurationSetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, { "condition_keys": [ - "ses:FeedbackAddress", - "ses:FromAddress", - "ses:FromDisplayName", - "ses:Recipients" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -156838,8 +171154,8 @@ }, { "access_level": "Write", - "description": "Grants permission to send an email message, with header and content specified by the client", - "privilege": "SendRawEmail", + "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", + "privilege": "PutEmailIdentityDkimSigningAttributes", "resource_types": [ { "condition_keys": [], @@ -156848,27 +171164,7 @@ }, { "condition_keys": [ - "ses:FeedbackAddress", - "ses:FromAddress", - "ses:FromDisplayName", - "ses:Recipients" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to compose an email message using an email template", - "privilege": "SendTemplatedEmail", - "resource_types": [ - { - "condition_keys": [ - "ses:FeedbackAddress", - "ses:FromAddress", - "ses:FromDisplayName", - "ses:Recipients" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -156877,8 +171173,8 @@ }, { "access_level": "Write", - "description": "Grants permission to set the specified receipt rule set as the active receipt rule set", - "privilege": "SetActiveReceiptRuleSet", + "description": "Grants permission to add an email address to the suppression list", + "privilege": "PutSuppressedDestination", "resource_types": [ { "condition_keys": [], @@ -156889,131 +171185,52 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable Easy DKIM signing of email sent from an identity", - "privilege": "SetIdentityDkimEnabled", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable whether Amazon SES forwards bounce and complaint notifications for an identity (an email address or a domain)", - "privilege": "SetIdentityFeedbackForwardingEnabled", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set whether Amazon SES includes the original email headers in the Amazon Simple Notification Service (Amazon SNS) notifications of a specified type for a given identity (an email address or a domain)", - "privilege": "SetIdentityHeadersInNotificationsEnabled", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable the custom MAIL FROM domain setup for a verified identity", - "privilege": "SetIdentityMailFromDomain", + "description": "Grants permission to compose an email message to multiple destinations", + "privilege": "SendBulkEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set an Amazon Simple Notification Service (Amazon SNS) topic to use when delivering notifications for a verified identity", - "privilege": "SetIdentityNotificationTopic", - "resource_types": [ + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the position of the specified receipt rule in the receipt rule set", - "privilege": "SetReceiptRulePosition", - "resource_types": [ + "resource_type": "template*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration-set" } ] }, { "access_level": "Write", "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", - "privilege": "TestRenderTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable email sending for your account", - "privilege": "UpdateAccountSendingEnabled", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable the publishing of reputation metrics for emails sent using a specific configuration set", - "privilege": "UpdateConfigurationSetReputationMetricsEnabled", + "privilege": "TestRenderEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable or disable email sending for messages sent using a specific configuration set", - "privilege": "UpdateConfigurationSetSendingEnabled", + "description": "Grants permission to update a contact's preferences for a list", + "privilege": "UpdateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify an association between a configuration set and a custom domain for open and click event tracking", - "privilege": "UpdateConfigurationSetTrackingOptions", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -157021,73 +171238,51 @@ }, { "access_level": "Write", - "description": "Grants permission to update a receipt rule", - "privilege": "UpdateReceiptRule", + "description": "Grants permission to update contact list metadata", + "privilege": "UpdateContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an email template", - "privilege": "UpdateTemplate", - "resource_types": [ + "resource_type": "contact-list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a set of DKIM tokens for a domain", - "privilege": "VerifyDomainDkim", + "access_level": "Permissions management", + "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "UpdateEmailIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "identity*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to verify a domain", - "privilege": "VerifyDomainIdentity", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to verify an email address", - "privilege": "VerifyEmailAddress", - "resource_types": [ + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify an email identity", - "privilege": "VerifyEmailIdentity", + "access_level": "Write", + "description": "Grants permission to update an email template", + "privilege": "UpdateEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] } @@ -157100,18 +171295,6 @@ ], "resource": "configuration-set" }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-list" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", - "condition_keys": [], - "resource": "custom-verification-email-template" - }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}", "condition_keys": [ @@ -157134,14 +171317,26 @@ "resource": "identity" }, { - "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", + "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", "condition_keys": [], - "resource": "import-job" + "resource": "custom-verification-email-template" }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:template/${TemplateName}", "condition_keys": [], "resource": "template" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-list" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", + "condition_keys": [], + "resource": "import-job" } ], "service_name": "Amazon SES & Pinpoint Email" @@ -158851,8 +173046,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to creates a LongTermPricingListEntry for allowing customers to add an upfront billing contract for a job", "privilege": "CreateLongTermPricing", "resource_types": [ { @@ -159031,8 +173226,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to list LongTermPricingListEntry objects for the account making the request", "privilege": "ListLongTermPricing", "resource_types": [ { @@ -159079,8 +173274,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a specific upfront billing contract for a job", "privilege": "UpdateLongTermPricing", "resource_types": [ { @@ -159630,37 +173825,667 @@ "service_name": "Amazon SNS" }, { - "conditions": [], - "prefix": "sqs", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "sqlworkbench", "privileges": [ { - "access_level": "Permissions management", - "description": "Adds a permission to a queue for a specific principal.", - "privilege": "AddPermission", + "access_level": "Write", + "description": "", + "privilege": "AssociateConnectionWithChart", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "chart*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Changes the visibility timeout of a specified message in a queue to a new value.", - "privilege": "ChangeMessageVisibility", + "description": "", + "privilege": "AssociateConnectionWithTab", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "", + "privilege": "AssociateQueryWithTab", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete folders on your account", + "privilege": "BatchDeleteFolder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create SQLWorkbench account", + "privilege": "CreateAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create new saved chart on your account", + "privilege": "CreateChart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new connection on your account", + "privilege": "CreateConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create folder on your account", + "privilege": "CreateFolder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new saved query on your account", + "privilege": "CreateSavedQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove charts on your account", + "privilege": "DeleteChart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove connections on your account", + "privilege": "DeleteConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove saved queries on your account", + "privilege": "DeleteSavedQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a tab on your account", + "privilege": "DeleteTab", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to execute a query in your redshift cluster", + "privilege": "DriverExecute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a new session on your account", + "privilege": "GenerateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get account info", + "privilege": "GetAccountInfo", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get charts on your account", + "privilege": "GetChart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get connections on your account", + "privilege": "GetConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe KMS Keys", + "privilege": "GetKMSKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get saved query on your account", + "privilege": "GetSavedQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get user info", + "privilege": "GetUserInfo", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get workspace settings on your account", + "privilege": "GetUserWorkspaceSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list buckets", + "privilege": "ListBuckets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the connections on your account", + "privilege": "ListConnections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list databases of your redshift cluster", + "privilege": "ListDatabases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list files and folders", + "privilege": "ListFiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list KMS Key Aliases", + "privilege": "ListKMSKeyAliases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list KMS Keys", + "privilege": "ListKMSKeys", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list redshift clusters on your account", + "privilege": "ListRedshiftClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list sample databases", + "privilege": "ListSampleDatabases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list versions of saved query on your account", + "privilege": "ListSavedQueryVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list tabs on your account", + "privilege": "ListTabs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags of an sqlworkbench resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query" } ] }, { "access_level": "Write", - "description": "Changes the visibility timeout of multiple messages.", - "privilege": "ChangeMessageVisibilityBatch", + "description": "Grants permission to create or update a tab on your account", + "privilege": "PutTab", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update workspace settings on your account", + "privilege": "PutUserWorkspaceSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an sqlworkbench resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag an sqlworkbench resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a chart on your account", + "privilege": "UpdateChart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a connection on your account", + "privilege": "UpdateConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to move files on your account", + "privilege": "UpdateFileFolder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a folder's name and details on your account", + "privilege": "UpdateFolder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a saved query on your account", + "privilege": "UpdateSavedQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:sqlworkbench:${Region}:${Account}:connection/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connection" + }, + { + "arn": "arn:${Partition}:sqlworkbench:${Region}:${Account}:query/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "query" + }, + { + "arn": "arn:${Partition}:sqlworkbench:${Region}:${Account}:chart/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "chart" + } + ], + "service_name": "AWS SQL Workbench" + }, + { + "conditions": [], + "prefix": "sqs", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to a queue for a specific principal", + "privilege": "AddPermission", "resource_types": [ { "condition_keys": [], @@ -159671,8 +174496,8 @@ }, { "access_level": "Write", - "description": "Creates a new queue, or returns the URL of an existing one.", - "privilege": "CreateQueue", + "description": "Grants permission to change the visibility timeout of a specified message in a queue to a new value", + "privilege": "ChangeMessageVisibility", "resource_types": [ { "condition_keys": [], @@ -159683,8 +174508,8 @@ }, { "access_level": "Write", - "description": "Deletes the specified message from the specified queue.", - "privilege": "DeleteMessage", + "description": "Grants permission to create a new queue, or returns the URL of an existing one", + "privilege": "CreateQueue", "resource_types": [ { "condition_keys": [], @@ -159695,8 +174520,8 @@ }, { "access_level": "Write", - "description": "Deletes up to ten messages from the specified queue.", - "privilege": "DeleteMessageBatch", + "description": "Grants permission to delete the specified message from the specified queue", + "privilege": "DeleteMessage", "resource_types": [ { "condition_keys": [], @@ -159707,7 +174532,7 @@ }, { "access_level": "Write", - "description": "Deletes the queue specified by the queue URL, regardless of whether the queue is empty.", + "description": "Grants permission to delete the queue specified by the queue URL, regardless of whether the queue is empty", "privilege": "DeleteQueue", "resource_types": [ { @@ -159719,7 +174544,7 @@ }, { "access_level": "Read", - "description": "Gets attributes for the specified queue.", + "description": "Grants permission to get attributes for the specified queue", "privilege": "GetQueueAttributes", "resource_types": [ { @@ -159731,7 +174556,7 @@ }, { "access_level": "Read", - "description": "Returns the URL of an existing queue.", + "description": "Grants permission to return the URL of an existing queue", "privilege": "GetQueueUrl", "resource_types": [ { @@ -159743,7 +174568,7 @@ }, { "access_level": "Read", - "description": "Returns a list of your queues that have the RedrivePolicy queue attribute configured with a dead letter queue.", + "description": "Grants permission to return a list of your queues that have the RedrivePolicy queue attribute configured with a dead letter queue", "privilege": "ListDeadLetterSourceQueues", "resource_types": [ { @@ -159755,7 +174580,7 @@ }, { "access_level": "Read", - "description": "Lists tags added to an SQS queue.", + "description": "Grants permission to list tags added to an SQS queue", "privilege": "ListQueueTags", "resource_types": [ { @@ -159766,8 +174591,8 @@ ] }, { - "access_level": "List", - "description": "Returns a list of your queues.", + "access_level": "Read", + "description": "Grants permission to return a list of your queues", "privilege": "ListQueues", "resource_types": [ { @@ -159779,7 +174604,7 @@ }, { "access_level": "Write", - "description": "Deletes the messages in a queue specified by the queue URL.", + "description": "Grants permission to delete the messages in a queue specified by the queue URL", "privilege": "PurgeQueue", "resource_types": [ { @@ -159791,7 +174616,7 @@ }, { "access_level": "Read", - "description": "Retrieves one or more messages, with a maximum limit of 10 messages, from the specified queue.", + "description": "Grants permission to retrieve one or more messages, with a maximum limit of 10 messages, from the specified queue", "privilege": "ReceiveMessage", "resource_types": [ { @@ -159803,7 +174628,7 @@ }, { "access_level": "Permissions management", - "description": "Revokes any permissions in the queue policy that matches the specified Label parameter.", + "description": "Grants permission to revoke any permissions in the queue policy that matches the specified Label parameter", "privilege": "RemovePermission", "resource_types": [ { @@ -159815,7 +174640,7 @@ }, { "access_level": "Write", - "description": "Delivers a message to the specified queue.", + "description": "Grants permission to deliver a message to the specified queue", "privilege": "SendMessage", "resource_types": [ { @@ -159827,19 +174652,7 @@ }, { "access_level": "Write", - "description": "Delivers up to ten messages to the specified queue.", - "privilege": "SendMessageBatch", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - } - ] - }, - { - "access_level": "Write", - "description": "Sets the value of one or more queue attributes.", + "description": "Grants permission to set the value of one or more queue attributes", "privilege": "SetQueueAttributes", "resource_types": [ { @@ -159851,7 +174664,7 @@ }, { "access_level": "Tagging", - "description": "Add tags to the specified SQS queue.", + "description": "Grants permission to add tags to the specified SQS queue", "privilege": "TagQueue", "resource_types": [ { @@ -159863,7 +174676,7 @@ }, { "access_level": "Tagging", - "description": "Remove tags from the specified SQS queue.", + "description": "Grants permission to remove tags from the specified SQS queue", "privilege": "UntagQueue", "resource_types": [ { @@ -162208,14 +177021,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get a contact's resource policy", "privilege": "GetContactPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, @@ -162292,14 +177105,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to view a list of resource tags for a specified resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, @@ -162352,26 +177165,26 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Tagging", + "description": "Grants permission to add tags to a response plan", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a response plan", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, @@ -162438,6 +177251,50 @@ ], "service_name": "AWS Systems Manager Incident Manager Contacts" }, + { + "conditions": [], + "prefix": "ssm-guiconnect", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to terminate a GUI Connect session", + "privilege": "CancelConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the metadata for a GUI Connect session", + "privilege": "GetConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a GUI Connect session", + "privilege": "StartConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Systems Manager GUI Connect" + }, { "conditions": [], "prefix": "ssm-incidents", @@ -166447,267 +181304,272 @@ "conditions": [ { "condition": "accounts.google.com:aud", - "description": "Filters actions based on the Google application ID", + "description": "Filters access by the Google application ID", "type": "String" }, { "condition": "accounts.google.com:oaud", - "description": "Filters actions based on the Google audience", + "description": "Filters access by the Google audience", "type": "String" }, { "condition": "accounts.google.com:sub", - "description": "Filters actions based on the subject of the claim (the Google user ID)", + "description": "Filters access by the subject of the claim (the Google user ID)", "type": "String" }, { "condition": "aws:FederatedProvider", - "description": "Filters actions based on the IdP that was used to authenticate the user", + "description": "Filters access by the IdP that was used to authenticate the user", "type": "String" }, { "condition": "aws:PrincipalTag/${TagKey}", - "description": "Filters actions based on the tag associated with the principal that is making the request", + "description": "Filters access by the tag associated with the principal that is making the request", "type": "String" }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:SourceIdentity", - "description": "Filters actions based on the source identity that is set on the caller", + "description": "Filters access by the source identity that is set on the caller", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" }, { "condition": "cognito-identity.amazonaws.com:amr", - "description": "Filters actions based on the login information for Amazon Cognito", + "description": "Filters access by the login information for Amazon Cognito", "type": "String" }, { "condition": "cognito-identity.amazonaws.com:aud", - "description": "Filters actions based on the Amazon Cognito identity pool ID", + "description": "Filters access by the Amazon Cognito identity pool ID", "type": "String" }, { "condition": "cognito-identity.amazonaws.com:sub", - "description": "Filters actions based on the subject of the claim (the Amazon Cognito user ID)", + "description": "Filters access by the subject of the claim (the Amazon Cognito user ID)", "type": "String" }, { "condition": "graph.facebook.com:app_id", - "description": "Filters actions based on the Facebook application ID", + "description": "Filters access by the Facebook application ID", "type": "String" }, { "condition": "graph.facebook.com:id", - "description": "Filters actions based on the Facebook user ID", + "description": "Filters access by the Facebook user ID", "type": "String" }, { "condition": "iam:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags that are attached to the role that is being assumed", + "description": "Filters access by the tags that are attached to the role that is being assumed", "type": "String" }, { "condition": "saml:aud", - "description": "Filters actions based on the endpoint URL to which SAML assertions are presented", + "description": "Filters access by the endpoint URL to which SAML assertions are presented", "type": "String" }, { "condition": "saml:cn", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:commonName", - "description": "Filters actions based on the commonName attribute", + "description": "Filters access by the commonName attribute", "type": "String" }, { "condition": "saml:doc", - "description": "Filters actions based on the principal that was used to assume the role", + "description": "Filters access by on the principal that was used to assume the role", "type": "String" }, { "condition": "saml:eduorghomepageuri", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:eduorgidentityauthnpolicyuri", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:eduorglegalname", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:eduorgsuperioruri", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:eduorgwhitepagesuri", - "description": "Filters actions based on the eduOrg attribute", + "description": "Filters access by the eduOrg attribute", "type": "String" }, { "condition": "saml:edupersonaffiliation", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonassurance", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonentitlement", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonnickname", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonorgdn", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonorgunitdn", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonprimaryaffiliation", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonprimaryorgunitdn", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonprincipalname", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersonscopedaffiliation", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:edupersontargetedid", - "description": "Filters actions based on the eduPerson attribute", + "description": "Filters access by the eduPerson attribute", "type": "String" }, { "condition": "saml:givenName", - "description": "Filters actions based on the givenName attribute", + "description": "Filters access by the givenName attribute", "type": "String" }, { "condition": "saml:iss", - "description": "Filters actions based on the issuer, which is represented by a URN", + "description": "Filters access by on the issuer, which is represented by a URN", "type": "String" }, { "condition": "saml:mail", - "description": "Filters actions based on the mail attribute", + "description": "Filters access by the mail attribute", "type": "String" }, { "condition": "saml:name", - "description": "Filters actions based on the name attribute", + "description": "Filters access by the name attribute", "type": "String" }, { "condition": "saml:namequalifier", - "description": "Filters actions based on the hash value of the issuer, account ID, and friendly name", + "description": "Filters access by the hash value of the issuer, account ID, and friendly name", "type": "String" }, { "condition": "saml:organizationStatus", - "description": "Filters actions based on the organizationStatus attribute", + "description": "Filters access by the organizationStatus attribute", "type": "String" }, { "condition": "saml:primaryGroupSID", - "description": "Filters actions based on the primaryGroupSID attribute", + "description": "Filters access by the primaryGroupSID attribute", "type": "String" }, { "condition": "saml:sub", - "description": "Filters actions based on the subject of the claim (the SAML user ID)", + "description": "Filters access by the subject of the claim (the SAML user ID)", "type": "String" }, { "condition": "saml:sub_type", - "description": "Filters actions based on the value persistent, transient, or the full Format URI", + "description": "Filters access by the value persistent, transient, or the full Format URI", "type": "String" }, { "condition": "saml:surname", - "description": "Filters actions based on the surname attribute", + "description": "Filters access by the surname attribute", "type": "String" }, { "condition": "saml:uid", - "description": "Filters actions based on the uid attribute", + "description": "Filters access by the uid attribute", "type": "String" }, { "condition": "saml:x500UniqueIdentifier", - "description": "Filters actions based on the uid attribute", + "description": "Filters access by the uid attribute", + "type": "String" + }, + { + "condition": "sts:AWSServiceName", + "description": "Filters access by the service that is obtaining a bearer token", "type": "String" }, { "condition": "sts:ExternalId", - "description": "Filters actions based on the unique identifier required when you assume a role in another account", + "description": "Filters access by the unique identifier required when you assume a role in another account", "type": "String" }, { "condition": "sts:RoleSessionName", - "description": "Filters actions based on the role session name required when you assume a role", + "description": "Filters access by the role session name required when you assume a role", "type": "String" }, { "condition": "sts:SourceIdentity", - "description": "Filters actions based on the source identity that is passed in the request", + "description": "Filters access by the source identity that is passed in the request", "type": "String" }, { "condition": "sts:TransitiveTagKeys", - "description": "Filters actions based on the transitive tag keys that are passed in the request", + "description": "Filters access by the transitive tag keys that are passed in the request", "type": "String" }, { "condition": "www.amazon.com:app_id", - "description": "Filters actions based on the Login with Amazon application ID", + "description": "Filters access by the Login with Amazon application ID", "type": "String" }, { "condition": "www.amazon.com:user_id", - "description": "Filters actions based on the Login with Amazon user ID", + "description": "Filters access by the Login with Amazon user ID", "type": "String" } ], @@ -166715,7 +181577,7 @@ "privileges": [ { "access_level": "Write", - "description": "Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to", + "description": "Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to", "privilege": "AssumeRole", "resource_types": [ { @@ -166742,7 +181604,7 @@ }, { "access_level": "Write", - "description": "Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response", + "description": "Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response", "privilege": "AssumeRoleWithSAML", "resource_types": [ { @@ -166798,7 +181660,7 @@ }, { "access_level": "Write", - "description": "Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider", + "description": "Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider", "privilege": "AssumeRoleWithWebIdentity", "resource_types": [ { @@ -166832,7 +181694,7 @@ }, { "access_level": "Write", - "description": "Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request", + "description": "Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request", "privilege": "DecodeAuthorizationMessage", "resource_types": [ { @@ -166844,7 +181706,7 @@ }, { "access_level": "Read", - "description": "Returns details about the access key id passed as a parameter to the request.", + "description": "Grants permission to obtain details about the access key id passed as a parameter to the request", "privilege": "GetAccessKeyInfo", "resource_types": [ { @@ -166856,7 +181718,7 @@ }, { "access_level": "Read", - "description": "Returns details about the IAM identity whose credentials are used to call the API", + "description": "Grants permission to obtain details about the IAM identity whose credentials are used to call the API", "privilege": "GetCallerIdentity", "resource_types": [ { @@ -166868,7 +181730,7 @@ }, { "access_level": "Read", - "description": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user", + "description": "Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user", "privilege": "GetFederationToken", "resource_types": [ { @@ -166889,11 +181751,13 @@ }, { "access_level": "Read", - "description": "Returns a STS bearer token for an AWS root user, IAM role, or an IAM user", + "description": "Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user", "privilege": "GetServiceBearerToken", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sts:AWSServiceName" + ], "dependent_actions": [], "resource_type": "" } @@ -166901,7 +181765,7 @@ }, { "access_level": "Read", - "description": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user", + "description": "Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user", "privilege": "GetSessionToken", "resource_types": [ { @@ -168487,6 +183351,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "AnalyzeID", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to detect text in document images", @@ -168525,6 +183401,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about an expense analysis job", + "privilege": "GetExpenseAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start an asynchronous job to detect instances of real-world document entities within an image or pdf provided as input", @@ -168552,6 +183440,20 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an asynchronous job to detect instances of invoices or receipts within an image or pdf provided as input", + "privilege": "StartExpenseAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "" + } + ] } ], "resources": [], @@ -168561,17 +183463,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], @@ -168579,7 +183481,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants Permission to cancel queries in your account", + "description": "Grants permission to cancel queries in your account", "privilege": "CancelQuery", "resource_types": [ { @@ -168591,7 +183493,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a database in your account.", + "description": "Grants permission to create a database in your account", "privilege": "CreateDatabase", "resource_types": [ { @@ -168611,7 +183513,24 @@ }, { "access_level": "Write", - "description": "Grants permissions to create a table in your account.", + "description": "Grants permission to create a scheduled query in your account", + "privilege": "CreateScheduledQuery", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a table in your account", "privilege": "CreateTable", "resource_types": [ { @@ -168631,7 +183550,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a database in your account.", + "description": "Grants permission to delete a database in your account", "privilege": "DeleteDatabase", "resource_types": [ { @@ -168643,7 +183562,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a table in your account.", + "description": "Grants permission to delete a scheduled query in your account", + "privilege": "DeleteScheduledQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a table in your account", "privilege": "DeleteTable", "resource_types": [ { @@ -168655,7 +183586,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a database in your account.", + "description": "Grants permission to describe a database in your account", "privilege": "DescribeDatabase", "resource_types": [ { @@ -168667,7 +183598,7 @@ }, { "access_level": "List", - "description": "Grants permissions to describe timestream endpoints.", + "description": "Grants permission to describe timestream endpoints", "privilege": "DescribeEndpoints", "resource_types": [ { @@ -168679,7 +183610,19 @@ }, { "access_level": "Read", - "description": "Grants Permissions to describe a table in your account", + "description": "Grants permission to describe a scheduled query in your account", + "privilege": "DescribeScheduledQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a table in your account", "privilege": "DescribeTable", "resource_types": [ { @@ -168689,9 +183632,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to execute a scheduled query in your account", + "privilege": "ExecuteScheduledQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + } + ] + }, { "access_level": "List", - "description": "Grants Permission to list databases in your account", + "description": "Grants permission to list databases in your account", "privilege": "ListDatabases", "resource_types": [ { @@ -168703,7 +183658,7 @@ }, { "access_level": "List", - "description": "Grants Permissions to list measures of a table in your account", + "description": "Grants permission to list measures of a table in your account", "privilege": "ListMeasures", "resource_types": [ { @@ -168713,9 +183668,21 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list scheduled queries in your account", + "privilege": "ListScheduledQueries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", - "description": "Grants Permission to list tables in your account", + "description": "Grants permission to list tables in your account", "privilege": "ListTables", "resource_types": [ { @@ -168727,7 +183694,7 @@ }, { "access_level": "List", - "description": "Grants permissions to list tags of a resource in your account.", + "description": "Grants permission to list tags of a resource in your account", "privilege": "ListTagsForResource", "resource_types": [ { @@ -168735,6 +183702,11 @@ "dependent_actions": [], "resource_type": "database*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + }, { "condition_keys": [], "dependent_actions": [], @@ -168744,7 +183716,7 @@ }, { "access_level": "Read", - "description": "Grants Permission to issue 'select from table' queries", + "description": "Grants permission to issue 'select from table' queries", "privilege": "Select", "resource_types": [ { @@ -168756,7 +183728,7 @@ }, { "access_level": "Read", - "description": "Grants Permissions to issue 'select 1' queries", + "description": "Grants permission to issue 'select 1' queries", "privilege": "SelectValues", "resource_types": [ { @@ -168768,7 +183740,7 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to add tags to a resource.", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { @@ -168776,6 +183748,11 @@ "dependent_actions": [], "resource_type": "database*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + }, { "condition_keys": [], "dependent_actions": [], @@ -168793,7 +183770,7 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to remove a tag from a resource.", + "description": "Grants permission to remove a tag from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -168801,6 +183778,11 @@ "dependent_actions": [], "resource_type": "database*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + }, { "condition_keys": [], "dependent_actions": [], @@ -168817,7 +183799,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a database in your account.", + "description": "Grants permission to update a database in your account", "privilege": "UpdateDatabase", "resource_types": [ { @@ -168829,7 +183811,19 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a table in your account.", + "description": "Grants permission to update a scheduled query in your account", + "privilege": "UpdateScheduledQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduled-query*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a table in your account", "privilege": "UpdateTable", "resource_types": [ { @@ -168841,7 +183835,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to ingest data to a table in your account.", + "description": "Grants permission to ingest data to a table in your account", "privilege": "WriteRecords", "resource_types": [ { @@ -168866,6 +183860,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "table" + }, + { + "arn": "arn:${Partition}:timestream:${Region}:${Account}:scheduled-query/${ScheduledQueryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "scheduled-query" } ], "service_name": "Amazon Timestream" @@ -169464,14 +184465,16 @@ "prefix": "transfer", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to add an access associated with a server", "privilege": "CreateAccess", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "server*" } ] }, @@ -169515,26 +184518,29 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to create a workflow", "privilege": "CreateWorkflow", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete access", "privilege": "DeleteAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "server*" } ] }, @@ -169575,38 +184581,38 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete a workflow", "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe an access assigned to a server", "privilege": "DescribeAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "server*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe an execution associated with a workflow", "privilege": "DescribeExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -169647,14 +184653,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe a workflow", "privilege": "DescribeWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -169671,26 +184677,26 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to list accesses", "privilege": "ListAccesses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "server*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to list executions associated with a workflow", "privilege": "ListExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -169720,7 +184726,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a server or a user", + "description": "Grants permission to list tags for a server, a user, or a workflow", "privilege": "ListTagsForResource", "resource_types": [ { @@ -169732,6 +184738,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" } ] }, @@ -169748,8 +184759,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list workflows", "privilege": "ListWorkflows", "resource_types": [ { @@ -169760,14 +184771,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to send a callback for asynchronous custom steps", "privilege": "SendWorkflowStepState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -169810,6 +184821,11 @@ "dependent_actions": [], "resource_type": "user" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" + }, { "condition_keys": [ "aws:TagKeys", @@ -169834,7 +184850,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a server or a user", + "description": "Grants permission to untag a server, a user, or a workflow", "privilege": "UntagResource", "resource_types": [ { @@ -169847,6 +184863,11 @@ "dependent_actions": [], "resource_type": "user" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" + }, { "condition_keys": [ "aws:TagKeys" @@ -169857,13 +184878,15 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update access", "privilege": "UpdateAccess", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] @@ -169911,9 +184934,16 @@ "aws:ResourceTag/${TagKey}" ], "resource": "server" + }, + { + "arn": "arn:${Partition}:transfer:${region}:${account}:workflow/${workflowId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workflow" } ], - "service_name": "AWS Transfer for SFTP" + "service_name": "AWS Transfer Family" }, { "conditions": [], @@ -170357,6 +185387,332 @@ ], "service_name": "AWS Trusted Advisor" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "voiceid", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a domain", + "privilege": "CreateDomain", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a domain", + "privilege": "DeleteDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a fraudster", + "privilege": "DeleteFraudster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a speaker", + "privilege": "DeleteSpeaker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe compliance consent", + "privilege": "DescribeComplianceConsent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a domain", + "privilege": "DescribeDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a fraudster", + "privilege": "DescribeFraudster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a fraudster registration job", + "privilege": "DescribeFraudsterRegistrationJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a speaker", + "privilege": "DescribeSpeaker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a speaker enrollment job", + "privilege": "DescribeSpeakerEnrollmentJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to evaluate a session", + "privilege": "EvaluateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list domains for an account", + "privilege": "ListDomains", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list fraudster registration jobs for a domain", + "privilege": "ListFraudsterRegistrationJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list speaker enrollment jobs for a domain", + "privilege": "ListSpeakerEnrollmentJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list speakers for a domain", + "privilege": "ListSpeakers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a Voice ID resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to opt out a speaker", + "privilege": "OptOutSpeaker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register compliance consent", + "privilege": "RegisterComplianceConsent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a fraudster registration job", + "privilege": "StartFraudsterRegistrationJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a speaker enrollment job", + "privilege": "StartSpeakerEnrollmentJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a Voice ID resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a Voice ID resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a domain", + "privilege": "UpdateDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:voiceid:${Region}:${Account}:domain/${DomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" + } + ], + "service_name": "Amazon Connect Voice ID" + }, { "conditions": [ { @@ -172655,17 +188011,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", + "description": "Filters access by the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", + "description": "Filters access by the presence of mandatory tags in the request", "type": "String" } ], @@ -172760,6 +188116,16 @@ "dependent_actions": [], "resource_type": "rulegroup*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "regexpatternset" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -172771,7 +188137,7 @@ ] }, { - "access_level": "Permissions management", + "access_level": "Write", "description": "Grants permission to create a WebACL", "privilege": "CreateWebACL", "resource_types": [ @@ -172780,6 +188146,21 @@ "dependent_actions": [], "resource_type": "webacl*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "regexpatternset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroup" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -172863,7 +188244,7 @@ ] }, { - "access_level": "Permissions management", + "access_level": "Write", "description": "Grants permission to delete a WebACL", "privilege": "DeleteWebACL", "resource_types": [ @@ -172875,7 +188256,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to retrieve high-level information for a managed rule group", "privilege": "DescribeManagedRuleGroup", "resource_types": [ @@ -172900,7 +188281,7 @@ }, { "access_level": "Write", - "description": "Grants permission disassociate a WebACL from an application resource", + "description": "Grants permission to disassociate a WebACL from an application resource", "privilege": "DisassociateWebACL", "resource_types": [ { @@ -172958,6 +188339,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about a ManagedRuleSet", + "privilege": "GetManagedRuleSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedruleset*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a PermissionPolicy for a RuleGroup", @@ -173116,6 +188509,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve an array of your ManagedRuleSet objects", + "privilege": "ListManagedRuleSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage", @@ -173224,6 +188629,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable create a new or update an existing version of a ManagedRuleSet", + "privilege": "PutManagedRuleSetVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedruleset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroup*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts", @@ -173325,6 +188747,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the expiry date of a version in ManagedRuleSet", + "privilege": "UpdateManagedRuleSetVersionExpiryDate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedruleset*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a RegexPatternSet", @@ -173354,6 +188788,16 @@ "dependent_actions": [], "resource_type": "rulegroup*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "regexpatternset" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" @@ -173364,7 +188808,7 @@ ] }, { - "access_level": "Permissions management", + "access_level": "Write", "description": "Grants permission to update a WebACL", "privilege": "UpdateWebACL", "resource_types": [ @@ -173373,6 +188817,21 @@ "dependent_actions": [], "resource_type": "webacl*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "regexpatternset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rulegroup" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" @@ -173398,6 +188857,11 @@ ], "resource": "ipset" }, + { + "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/managedruleset/${Name}/${Id}", + "condition_keys": [], + "resource": "managedruleset" + }, { "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/rulegroup/${Name}/${Id}", "condition_keys": [ @@ -173482,6 +188946,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to an owner of a lens to share with other AWS accounts and IAM Users", + "privilege": "CreateLensShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new lens version", + "privilege": "CreateLensVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new milestone for the specified workload", @@ -173521,6 +189009,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a lens", + "privilege": "DeleteLens", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing lens share", + "privilege": "DeleteLensShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing workload", @@ -173557,6 +189069,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to export an existing lens", + "privilege": "ExportLens", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the specified answer from the specified lens review", @@ -173569,6 +189093,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an existing lens", + "privilege": "GetLens", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the specified lens review of the specified workload", @@ -173601,7 +189137,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "lens*" } ] }, @@ -173636,6 +189172,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to import a new lens", + "privilege": "ImportLens", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the answers from the specified lens review", @@ -173672,6 +189220,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all shares created for a lens", + "privilege": "ListLensShares", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lens*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the lenses available to this account", @@ -173882,10 +189442,517 @@ "aws:ResourceTag/${TagKey}" ], "resource": "workload" + }, + { + "arn": "arn:${Partition}:wellarchitected:${Region}:${Account}:lens/${ResourceId}", + "condition_keys": [], + "resource": "lens" } ], "service_name": "AWS Well-Architected Tool" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "wisdom", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an assistant", + "privilege": "CreateAssistant", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an association between an assistant and another resource", + "privilege": "CreateAssistantAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create content", + "privilege": "CreateContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a knowledge base", + "privilege": "CreateKnowledgeBase", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a session", + "privilege": "CreateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an assistant", + "privilege": "DeleteAssistant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an assistant association", + "privilege": "DeleteAssistantAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AssistantAssociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete content", + "privilege": "DeleteContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a knowledge base", + "privilege": "DeleteKnowledgeBase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an assistant", + "privilege": "GetAssistant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an assistant association", + "privilege": "GetAssistantAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AssistantAssociation*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve content, including a pre-signed URL to download the content", + "privilege": "GetContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve summary information about the content", + "privilege": "GetContentSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the knowledge base", + "privilege": "GetKnowledgeBase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve recommendations for the specified session", + "privilege": "GetRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information for a specified session", + "privilege": "GetSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Session*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about assistant associations", + "privilege": "ListAssistantAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about assistants", + "privilege": "ListAssistants", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the content with a knowledge base", + "privilege": "ListContents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about knowledge bases", + "privilege": "ListKnowledgeBases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified recommendations from the specified assistant's queue of newly available recommendations", + "privilege": "NotifyRecommendationsReceived", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to perform a manual search against the specified assistant", + "privilege": "QueryAssistant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a URI template from a knowledge base", + "privilege": "RemoveKnowledgeBaseTemplateUri", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search for content referencing a specified knowledge base. Can be used to get a specific content resource by its name", + "privilege": "SearchContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search for sessions referencing a specified assistant. Can be used to et a specific session resource by its name", + "privilege": "SearchSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to get a URL to upload content to a knowledge base", + "privilege": "StartContentUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information about the content", + "privilege": "UpdateContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the template URI of a knowledge base", + "privilege": "UpdateKnowledgeBaseTemplateUri", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:assistant/${AssistantId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Assistant" + }, + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:association/${AssistantId}/${AssistantAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AssistantAssociation" + }, + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:content/${KnowledgeBaseId}/${ContentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Content" + }, + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:knowledge-base/${KnowledgeBaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "KnowledgeBase" + }, + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:session/${AssistantId}/${SessionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Session" + } + ], + "service_name": "Amazon Connect Wisdom" + }, { "conditions": [], "prefix": "workdocs", @@ -174996,17 +191063,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the tag key-value pairs that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -175276,6 +191343,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a mobile device access override", + "privilege": "DeleteMobileDeviceAccessOverride", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a mobile device access rule", @@ -175372,6 +191451,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to deregister a mail domain from an organization", + "privilege": "DeregisterMailDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "List", "description": "Grants permission to show a list of directories available for use in creating an organization", @@ -175396,6 +191487,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read the settings in a DMARC policy for a specified organization", + "privilege": "DescribeInboundDmarcSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read the details of an inbound mail flow rule configured for an organization", @@ -175660,6 +191763,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details of a given mail domain in an organization", + "privilege": "GetMailDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the details of the mail domain", @@ -175720,6 +191835,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a mobile device access override", + "privilege": "GetMobileDeviceAccessOverride", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the details of the mobile device", @@ -175757,7 +191884,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list the access control rules", "privilege": "ListAccessControlRules", "resource_types": [ @@ -175816,6 +191943,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the mail domains for a given organization", + "privilege": "ListMailDomains", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list mailbox export jobs", @@ -175853,7 +191992,19 @@ ] }, { - "access_level": "List", + "access_level": "Read", + "description": "Grants permission to list the mobile device access overrides", + "privilege": "ListMobileDeviceAccessOverrides", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, + { + "access_level": "Read", "description": "Grants permission to list the mobile device access rules", "privilege": "ListMobileDeviceAccessRules", "resource_types": [ @@ -175960,6 +192111,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable a DMARC policy for a given organization", + "privilege": "PutInboundDmarcSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set permissions for a user, group, or resource, replacing any existing permissions", @@ -175972,6 +192135,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add or update a mobile device access override", + "privilege": "PutMobileDeviceAccessOverride", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add or update the retention policy", @@ -175984,6 +192159,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register a new mail domain in an organization", + "privilege": "RegisterMailDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register an existing and disabled user, group, or resource for use by associating a mailbox and calendaring capabilities", @@ -176176,6 +192363,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update which domain is the default domain for an organization", + "privilege": "UpdateDefaultMailDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the details of an inbound email flow rule which will apply to all email sent to an organization", @@ -176202,7 +192401,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an mobile device access rule", + "description": "Grants permission to update a mobile device access rule", "privilege": "UpdateMobileDeviceAccessRule", "resource_types": [ { @@ -176444,10 +192643,33 @@ "access_level": "Tagging", "description": "Grants permission to create tags for WorkSpaces resources", "privilege": "CreateTags", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an updated WorkSpace image", + "privilege": "CreateUpdatedWorkspaceImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "workspaceimage*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -176529,7 +192751,10 @@ "privilege": "DeleteTags", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -176644,7 +192869,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to describe the tags for WorkSpaces resources", "privilege": "DescribeTags", "resource_types": [ @@ -177100,6 +193325,653 @@ ], "service_name": "Amazon WorkSpaces" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "String" + } + ], + "prefix": "workspaces-web", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate browser settings to web portals", + "privilege": "AssociateBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browserSettings*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate network settings to web portals", + "privilege": "AssociateNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateTags", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "resource_type": "networkSettings*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate trust stores with web portals", + "privilege": "AssociateTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate user settings with web portals", + "privilege": "AssociateUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create browser settings", + "privilege": "CreateBrowserSettings", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create identity providers", + "privilege": "CreateIdentityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create network settings", + "privilege": "CreateNetworkSettings", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create web portals", + "privilege": "CreatePortal", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create trust stores", + "privilege": "CreateTrustStore", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create user settings", + "privilege": "CreateUserSettings", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete browser settings", + "privilege": "DeleteBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browserSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete identity providers", + "privilege": "DeleteIdentityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete network settings", + "privilege": "DeleteNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete web portals", + "privilege": "DeletePortal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete trust stores", + "privilege": "DeleteTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete user settings", + "privilege": "DeleteUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate browser settings from web portals", + "privilege": "DisassociateBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate network settings from web portals", + "privilege": "DisassociateNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate trust stores from web portals", + "privilege": "DisassociateTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate user settings from web portals", + "privilege": "DisassociateUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on browser settings", + "privilege": "GetBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browserSettings*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on identity providers", + "privilege": "GetIdentityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on network settings", + "privilege": "GetNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkSettings*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on web portals", + "privilege": "GetPortal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get service provider metadata information for web portals", + "privilege": "GetPortalServiceProviderMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on trust stores", + "privilege": "GetTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustStore*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get certificates from trust stores", + "privilege": "GetTrustStoreCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustStore*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details on user settings", + "privilege": "GetUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userSettings*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list browser settings", + "privilege": "ListBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list identity providers", + "privilege": "ListIdentityProviders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list network settings", + "privilege": "ListNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list web portals", + "privilege": "ListPortals", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list certificates in a trust store", + "privilege": "ListTrustStoreCertificates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list trust stores", + "privilege": "ListTrustStores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list user settings", + "privilege": "ListUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update browser settings", + "privilege": "UpdateBrowserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browserSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update identity provider", + "privilege": "UpdateIdentityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update network settings", + "privilege": "UpdateNetworkSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkSettings*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update web portals", + "privilege": "UpdatePortal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update trust stores", + "privilege": "UpdateTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update user settings", + "privilege": "UpdateUserSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userSettings*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:browserSettings/${BrowserSettingsId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "browserSettings" + }, + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:networkSettings/${NetworkSettingsId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "networkSettings" + }, + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:portal/${PortalId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "portal" + }, + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:trustStore/${TrustStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trustStore" + }, + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:userSettings/${UserSettingsId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "userSettings" + } + ], + "service_name": "Amazon WorkSpaces Web" + }, { "conditions": [ { diff --git a/iamlivecore/map.json b/iamlivecore/map.json index 88ddf3d5..5847f733 100644 --- a/iamlivecore/map.json +++ b/iamlivecore/map.json @@ -2,7 +2,8 @@ "info": "This file is sourced from https://github.com/iann0036/iam-dataset", "sdk_permissionless_actions": [ "DynamoDB.DescribeEndpoints", - "STS.GetCallerIdentity" + "STS.GetCallerIdentity", + "STS.GetSessionToken" ], "sdk_method_iam_mappings": { "Budgets.CreateBudget": [ @@ -39347,6 +39348,18 @@ "template": "${QueueName}" } } + }, + { + "action": "sqs:TagQueue", + "resource_mappings": { + "QueueName": { + "template": "${QueueName}" + } + }, + "conditions": { + "lhs": "tags", + "op": "Exists" + } } ], "SQS.DeleteMessage": [ @@ -91118,139 +91131,156 @@ "SSMContacts.TagResource": [ { "action": "ssm-contacts:TagResource", - "undocumented": true + "resource_mappings": {}, + "resourcearn_mappings": { + "contact": "${ResourceARN}" + } } ], "SSMContacts.UntagResource": [ { "action": "ssm-contacts:UntagResource", - "undocumented": true + "resource_mappings": {}, + "resourcearn_mappings": { + "contact": "${ResourceARN}" + } } ], "Finspace.CreateEnvironment": [ { "action": "finspace:CreateEnvironment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/*" + "resource_mappings": { + "environmentId": { + "template": "*" + } } } ], "Finspace.DeleteEnvironment": [ { "action": "finspace:DeleteEnvironment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + "resource_mappings": { + "environmentId": { + "template": "${environmentId}" + } } } ], "Finspace.GetEnvironment": [ { "action": "finspace:GetEnvironment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + "resource_mappings": { + "environmentId": { + "template": "${environmentId}" + } } } ], "Finspace.ListEnvironments": [ { "action": "finspace:ListEnvironments", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/*" + "resource_mappings": { + "environmentId": { + "template": "*" + } } } ], "Finspace.ListTagsForResource": [ { "action": "finspace:ListTagsForResource", - "undocumented": true + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "${resourceArn}" + } } ], "Finspace.TagResource": [ { "action": "finspace:TagResource", - "undocumented": true + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "${resourceArn}" + } } ], "Finspace.UntagResource": [ { "action": "finspace:UntagResource", - "undocumented": true + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "${resourceArn}" + } } ], "Finspace.UpdateEnvironment": [ { "action": "finspace:UpdateEnvironment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + "resource_mappings": { + "environmentId": { + "template": "${environmentId}" + } } } ], "LakeFormation.AddLFTagsToResource": [ { "action": "lakeformation:AddLFTagsToResource", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.CreateLFTag": [ { "action": "lakeformation:CreateLFTag", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.DeleteLFTag": [ { "action": "lakeformation:DeleteLFTag", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.GetLFTag": [ { "action": "lakeformation:GetLFTag", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.GetResourceLFTags": [ { "action": "lakeformation:GetResourceLFTags", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.ListLFTags": [ { "action": "lakeformation:ListLFTags", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:lakeformation:${Region}:${Account}:catalog:${Account}" - } + "resource_mappings": {} } ], "LakeFormation.RemoveLFTagsFromResource": [ { "action": "lakeformation:RemoveLFTagsFromResource", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.SearchDatabasesByLFTags": [ { "action": "lakeformation:SearchDatabasesByLFTags", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.SearchTablesByLFTags": [ { "action": "lakeformation:SearchTablesByLFTags", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.UpdateLFTag": [ { "action": "lakeformation:UpdateLFTag", - "undocumented": true + "resource_mappings": {} } ], "Personalize.CreateDatasetExportJob": [ @@ -91290,42 +91320,84 @@ "Transfer.CreateAccess": [ { "action": "transfer:CreateAccess", - "undocumented": true + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "serverId": { + "template": "${ServerId}" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${Role}" + } } ], "Transfer.DeleteAccess": [ { "action": "transfer:DeleteAccess", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "serverId": { + "template": "${ServerId}" + } } } ], "Transfer.DescribeAccess": [ { "action": "transfer:DescribeAccess", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "serverId": { + "template": "${ServerId}" + } } } ], "Transfer.ListAccesses": [ { "action": "transfer:ListAccesses", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "serverId": { + "template": "${ServerId}" + } } } ], "Transfer.UpdateAccess": [ { "action": "transfer:UpdateAccess", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + "resource_mappings": {} + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${Role}" } } ], @@ -91580,19 +91652,19 @@ "Snowball.CreateLongTermPricing": [ { "action": "snowball:CreateLongTermPricing", - "undocumented": true + "resource_mappings": {} } ], "Snowball.ListLongTermPricing": [ { "action": "snowball:ListLongTermPricing", - "undocumented": true + "resource_mappings": {} } ], "Snowball.UpdateLongTermPricing": [ { "action": "snowball:UpdateLongTermPricing", - "undocumented": true + "resource_mappings": {} } ], "CloudFront.CreateFunction": [ @@ -92475,46 +92547,47 @@ "AppStream.CreateUpdatedImage": [ { "action": "appstream:CreateUpdatedImage", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:appstream:${Region}:${Account}:image/${existingImageName}" + "resource_mappings": { + "ImageName": { + "template": "%%many%${existingImageName}%${newImageName}%%" + } } } ], "CloudFormation.DeactivateType": [ { "action": "cloudformation:DeactivateType", - "undocumented": true + "resource_mappings": {} } ], "CloudFormation.DescribePublisher": [ { "action": "cloudformation:DescribePublisher", - "undocumented": true + "resource_mappings": {} } ], "CloudFormation.PublishType": [ { "action": "cloudformation:PublishType", - "undocumented": true + "resource_mappings": {} } ], "CloudFormation.RegisterPublisher": [ { "action": "cloudformation:RegisterPublisher", - "undocumented": true + "resource_mappings": {} } ], "CloudFormation.SetTypeConfiguration": [ { "action": "cloudformation:SetTypeConfiguration", - "undocumented": true + "resource_mappings": {} } ], "CloudFormation.TestType": [ { "action": "cloudformation:TestType", - "undocumented": true + "resource_mappings": {} } ], "CloudFront.AssociateAlias": [ @@ -92588,9 +92661,10 @@ "ES.DescribeDomainAutoTunes": [ { "action": "es:DescribeDomainAutoTunes", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}" + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } } } ], @@ -92653,27 +92727,30 @@ "GreengrassV2.BatchAssociateClientDeviceWithCoreDevice": [ { "action": "greengrass:BatchAssociateClientDeviceWithCoreDevice", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/associateClientDevices" + "resource_mappings": { + "CoreDeviceThingName": { + "template": "${coreDeviceThingName}" + } } } ], "GreengrassV2.BatchDisassociateClientDeviceFromCoreDevice": [ { "action": "greengrass:BatchDisassociateClientDeviceFromCoreDevice", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/disassociateClientDevices" + "resource_mappings": { + "CoreDeviceThingName": { + "template": "${coreDeviceThingName}" + } } } ], "GreengrassV2.ListClientDevicesAssociatedWithCoreDevice": [ { "action": "greengrass:ListClientDevicesAssociatedWithCoreDevice", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/associatedClientDevices" + "resource_mappings": { + "CoreDeviceThingName": { + "template": "${coreDeviceThingName}" + } } } ], @@ -94133,9 +94210,10 @@ "Kendra.BatchGetDocumentStatus": [ { "action": "kendra:BatchGetDocumentStatus", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } } } ], @@ -94148,9 +94226,18 @@ "MediaPackageVod.ConfigureLogs": [ { "action": "mediapackage-vod:ConfigureLogs", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-groups/${Id}" + "resource_mappings": { + "PackagingGroupIdentifier": { + "template": "${Id}" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } } } ], @@ -94988,16 +95075,13 @@ "CloudFormation.ActivateType": [ { "action": "cloudformation:ActivateType", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:type/*" - } + "resource_mappings": {} } ], "CloudFormation.BatchDescribeTypeConfigurations": [ { - "action": "cloudformation:BatchDescribeTypeConfiguration", - "undocumented": true + "action": "cloudformation:BatchDescribeTypeConfigurations", + "resource_mappings": {} } ], "CodePipeline.GetActionType": [ @@ -95104,9 +95188,13 @@ "IoTSiteWise.GetInterpolatedAssetPropertyValues": [ { "action": "iotsitewise:GetInterpolatedAssetPropertyValues", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset/*" + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + }, + "TimeSeriesId": { + "template": "*" + } } } ], @@ -95136,17 +95224,14 @@ ], "ElasticBeanstalk.UpdateTagsForResource": [ { - "action": "elasticbeanstalk:AddTags", - "undocumented": true, - "arn_override": { - "template": "${ResourceArn}" - } - }, - { - "action": "elasticbeanstalk:RemoveTags", - "undocumented": true, - "arn_override": { - "template": "${ResourceArn}" + "action": "elasticbeanstalk:UpdateTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "%%iftemplatematch%${ResourceArn}%%", + "applicationversion": "%%iftemplatematch%${ResourceArn}%%", + "configurationtemplate": "%%iftemplatematch%${ResourceArn}%%", + "environment": "%%iftemplatematch%${ResourceArn}%%", + "platform": "%%iftemplatematch%${ResourceArn}%%" } } ], @@ -97272,45 +97357,42 @@ "EMR.DescribeReleaseLabel": [ { "action": "elasticmapreduce:DescribeReleaseLabel", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "EMR.GetAutoTerminationPolicy": [ { "action": "elasticmapreduce:GetAutoTerminationPolicy", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}" + "resource_mappings": { + "ClusterId": { + "template": "${ClusterId}" + } } } ], "EMR.ListReleaseLabels": [ { "action": "elasticmapreduce:ListReleaseLabels", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "EMR.PutAutoTerminationPolicy": [ { "action": "elasticmapreduce:PutAutoTerminationPolicy", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}" + "resource_mappings": { + "ClusterId": { + "template": "${ClusterId}" + } } } ], "EMR.RemoveAutoTerminationPolicy": [ { "action": "elasticmapreduce:RemoveAutoTerminationPolicy", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}" + "resource_mappings": { + "ClusterId": { + "template": "${ClusterId}" + } } } ], @@ -97390,63 +97472,92 @@ "Transfer.CreateWorkflow": [ { "action": "transfer:CreateWorkflow", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/*" - } + "resource_mappings": {} } ], "Transfer.DeleteWorkflow": [ { "action": "transfer:DeleteWorkflow", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/${WorkflowId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "workflowId": { + "template": "${WorkflowId}" + } } } ], "Transfer.DescribeExecution": [ { "action": "transfer:DescribeExecution", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/${WorkflowId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "workflowId": { + "template": "${WorkflowId}" + } } } ], "Transfer.DescribeWorkflow": [ { "action": "transfer:DescribeWorkflow", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/${WorkflowId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "workflowId": { + "template": "${WorkflowId}" + } } } ], "Transfer.ListExecutions": [ { "action": "transfer:ListExecutions", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/${WorkflowId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "workflowId": { + "template": "${WorkflowId}" + } } } ], "Transfer.ListWorkflows": [ { "action": "transfer:ListWorkflows", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/*" - } + "resource_mappings": {} } ], "Transfer.SendWorkflowStepState": [ { "action": "transfer:SendWorkflowStepState", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:transfer:${Region}:${Account}:workflow/${WorkflowId}" + "resource_mappings": { + "region": { + "template": "${Region}" + }, + "account": { + "template": "${Account}" + }, + "workflowId": { + "template": "${WorkflowId}" + } } } ], @@ -97516,9 +97627,17 @@ "Textract.AnalyzeExpense": [ { "action": "textract:AnalyzeExpense", - "undocumented": true, - "arn_override": { - "template": "*" + "resource_mappings": {} + }, + { + "action": "s3:GetObject", + "resource_mappings": { + "BucketName": { + "template": "${Document.S3Object.Bucket}" + }, + "ObjectName": { + "template": "${Document.S3Object.Name}" + } } } ], @@ -97929,9 +98048,10 @@ "Pinpoint.GetInAppMessages": [ { "action": "mobiletargeting:GetInAppMessages", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${ApplicationId}" + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + } } } ], @@ -97992,82 +98112,63 @@ "Macie2.ListManagedDataIdentifiers": [ { "action": "macie2:ListManagedDataIdentifiers", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:macie2:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "KafkaConnect.CreateWorkerConfiguration": [ { "action": "kafkaconnect:CreateWorkerConfiguration", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:worker-configuration/${name}" - } + "resource_mappings": {} } ], "KafkaConnect.DeleteConnector": [ { "action": "kafkaconnect:DeleteConnector", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:$arn{${connectorArn}}" - } + "resource_mappings": {} + }, + { + "action": "logs:DeleteLogDelivery", + "resource_mappings": {} + }, + { + "action": "logs:ListLogDeliveries", + "resource_mappings": {} } ], "KafkaConnect.DescribeConnector": [ { "action": "kafkaconnect:DescribeConnector", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:$arn{${connectorArn}}" - } + "resource_mappings": {} } ], "KafkaConnect.DescribeCustomPlugin": [ { "action": "kafkaconnect:DescribeCustomPlugin", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:$arn{${customPluginArn}}" - } + "resource_mappings": {} } ], "KafkaConnect.DescribeWorkerConfiguration": [ { "action": "kafkaconnect:DescribeWorkerConfiguration", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:$arn{${workerConfigurationArn}}" - } + "resource_mappings": {} } ], "KafkaConnect.ListConnectors": [ { "action": "kafkaconnect:ListConnectors", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:/v1/connectors" - } + "resource_mappings": {} } ], "KafkaConnect.ListCustomPlugins": [ { "action": "kafkaconnect:ListCustomPlugins", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:/v1/custom-plugins" - } + "resource_mappings": {} } ], "KafkaConnect.ListWorkerConfigurations": [ { "action": "kafkaconnect:ListWorkerConfigurations", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:kafkaconnect:${Region}:${Account}:/v1/worker-configurations" - } + "resource_mappings": {} } ], "APIGateway.CreateApiKey": [ @@ -99541,6 +99642,8959 @@ "template": "arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}" } } + ], + "Kinesis.StartStreamEncryption": [ + { + "action": "kinesis:StartStreamEncryption", + "resource_mappings": { + "KeyId": { + "template": "${KeyId}" + }, + "StreamName": { + "template": "${StreamName}" + } + } + } + ], + "Rekognition.DeleteProject": [ + { + "action": "rekognition:DeleteProject", + "resource_mappings": {}, + "resourcearn_mappings": { + "project": "${ProjectArn}" + } + } + ], + "Kafka.UpdateSecurity": [ + { + "action": "kafka:UpdateSecurity", + "resource_mappings": {} + }, + { + "action": "kms:RetireGrant", + "resource_mappings": { + "KeyId": { + "template": "${EncryptionInfo.EncryptionAtRest.DataVolumeKMSKeyId}" + } + } + } + ], + "Amp.ListTagsForResource": [ + { + "action": "aps:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "workspace": "${resourceArn}" + } + } + ], + "Amp.TagResource": [ + { + "action": "aps:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "workspace": "${resourceArn}" + } + } + ], + "Amp.UntagResource": [ + { + "action": "aps:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "workspace": "${resourceArn}" + } + } + ], + "OpenSearch.CancelServiceSoftwareUpdate": [ + { + "action": "es:CancelServiceSoftwareUpdate", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "OpenSearch.DescribeDomainAutoTunes": [ + { + "action": "es:DescribeDomainAutoTunes", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "OpenSearch.StartServiceSoftwareUpdate": [ + { + "action": "es:StartServiceSoftwareUpdate", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "OpenSearch.UpgradeDomain": [ + { + "action": "es:UpgradeDomain", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "KafkaConnect.CreateConnector": [ + { + "action": "kafkaconnect:CreateConnector", + "resource_mappings": {} + }, + { + "action": "ec2:CreateNetworkInterface", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + }, + "SubnetId": { + "template": "${kafkaCluster.apacheKafkaCluster.vpc.subnets[]}" + }, + "SecurityGroupId": { + "template": "${kafkaCluster.apacheKafkaCluster.vpc.securityGroups[]}" + } + } + }, + { + "action": "ec2:DescribeSecurityGroups", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeSubnets", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeVpcs", + "resource_mappings": {} + }, + { + "action": "firehose:TagDeliveryStream", + "resource_mappings": { + "DeliveryStreamName": { + "template": "${logDelivery.workerLogDelivery.firehose.deliveryStream}" + } + } + }, + { + "action": "iam:AttachRolePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${serviceExecutionRoleArn}" + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${serviceExecutionRoleArn}" + } + }, + { + "action": "iam:PutRolePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${serviceExecutionRoleArn}" + } + }, + { + "action": "logs:CreateLogDelivery", + "resource_mappings": {} + }, + { + "action": "logs:DescribeLogGroups", + "resource_mappings": { + "LogGroupName": { + "template": "${logDelivery.workerLogDelivery.cloudWatchLogs.logGroup}" + } + } + }, + { + "action": "logs:DescribeResourcePolicies", + "resource_mappings": {} + }, + { + "action": "logs:GetLogDelivery", + "resource_mappings": {} + }, + { + "action": "logs:ListLogDeliveries", + "resource_mappings": {} + }, + { + "action": "logs:PutResourcePolicy", + "resource_mappings": {} + }, + { + "action": "s3:GetBucketPolicy", + "resource_mappings": { + "BucketName": { + "template": "${logDelivery.workerLogDelivery.s3.bucket}" + } + } + }, + { + "action": "s3:PutBucketPolicy", + "resource_mappings": { + "BucketName": { + "template": "${logDelivery.workerLogDelivery.s3.bucket}" + } + } + } + ], + "KafkaConnect.CreateCustomPlugin": [ + { + "action": "kafkaconnect:CreateCustomPlugin", + "resource_mappings": {} + }, + { + "action": "s3:GetObject", + "resource_mappings": {}, + "resourcearn_mappings": { + "object": "${location.s3Location.bucketArn}/${location.s3Location.fileKey}" + } + } + ], + "KafkaConnect.UpdateConnector": [ + { + "action": "kafkaconnect:UpdateConnector", + "resource_mappings": {} + } + ], + "ECR.DescribeImageReplicationStatus": [ + { + "action": "ecr:DescribeImageReplicationStatus", + "resource_mappings": { + "RepositoryName": { + "template": "${repositoryName}" + } + } + } + ], + "S3Control.DescribeMultiRegionAccessPointOperation": [ + { + "action": "s3:DescribeMultiRegionAccessPointOperation", + "resource_mappings": { + "Operation": { + "template": "DescribeMultiRegionAccessPointOperation" + }, + "Token": { + "template": "${RequestTokenARN}" + } + } + } + ], + "Comprehend.ListDocumentClassifierSummaries": [ + { + "action": "comprehend:ListDocumentClassifierSummaries", + "resource_mappings": {} + } + ], + "Comprehend.ListEntityRecognizerSummaries": [ + { + "action": "comprehend:ListEntityRecognizerSummaries", + "resource_mappings": {} + } + ], + "LicenseManager.CreateLicenseConversionTaskForResource": [ + { + "action": "license-manager:CreateLicenseConversionTaskForResource", + "resource_mappings": {} + } + ], + "LicenseManager.GetLicenseConversionTask": [ + { + "action": "license-manager:GetLicenseConversionTask", + "resource_mappings": {} + } + ], + "LicenseManager.ListLicenseConversionTasks": [ + { + "action": "license-manager:ListLicenseConversionTasks", + "resource_mappings": {} + } + ], + "DataExchange.CreateEventAction": [ + { + "action": "dataexchange:CreateEventAction", + "resource_mappings": { + "EventActionId": { + "template": "*" + } + } + } + ], + "DataExchange.DeleteEventAction": [ + { + "action": "dataexchange:DeleteEventAction", + "resource_mappings": { + "EventActionId": { + "template": "${EventActionId}" + } + } + } + ], + "DataExchange.GetEventAction": [ + { + "action": "dataexchange:GetEventAction", + "resource_mappings": { + "EventActionId": { + "template": "${EventActionId}" + } + } + } + ], + "DataExchange.ListEventActions": [ + { + "action": "dataexchange:ListEventActions", + "resource_mappings": { + "EventActionId": { + "template": "${EventSourceId}" + } + } + } + ], + "DataExchange.UpdateEventAction": [ + { + "action": "dataexchange:UpdateEventAction", + "resource_mappings": { + "EventActionId": { + "template": "${EventActionId}" + } + } + } + ], + "AppIntegrations.CreateDataIntegration": [ + { + "action": "app-integrations:CreateDataIntegration", + "resource_mappings": { + "DataIntegrationId": { + "template": "*" + } + } + } + ], + "AppIntegrations.DeleteDataIntegration": [ + { + "action": "app-integrations:DeleteDataIntegration", + "resource_mappings": { + "DataIntegrationId": { + "template": "${DataIntegrationIdentifier}" + } + } + } + ], + "AppIntegrations.GetDataIntegration": [ + { + "action": "app-integrations:GetDataIntegration", + "resource_mappings": { + "DataIntegrationId": { + "template": "${Identifier}" + } + } + } + ], + "AppIntegrations.ListDataIntegrationAssociations": [ + { + "action": "app-integrations:ListDataIntegrationAssociations", + "resource_mappings": {} + } + ], + "AppIntegrations.ListDataIntegrations": [ + { + "action": "app-integrations:ListDataIntegrations", + "resource_mappings": {} + } + ], + "AppIntegrations.UpdateDataIntegration": [ + { + "action": "app-integrations:UpdateDataIntegration", + "resource_mappings": { + "DataIntegrationId": { + "template": "${Identifier}" + } + } + } + ], + "Amp.CreateAlertManagerDefinition": [ + { + "action": "aps:CreateAlertManagerDefinition", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "Amp.CreateRuleGroupsNamespace": [ + { + "action": "aps:CreateRuleGroupsNamespace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "Namespace": { + "template": "${name}" + } + } + } + ], + "Amp.DeleteAlertManagerDefinition": [ + { + "action": "aps:DeleteAlertManagerDefinition", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "Amp.DeleteRuleGroupsNamespace": [ + { + "action": "aps:DeleteRuleGroupsNamespace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "Namespace": { + "template": "${name}" + } + } + } + ], + "Amp.DescribeAlertManagerDefinition": [ + { + "action": "aps:DescribeAlertManagerDefinition", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "Amp.DescribeRuleGroupsNamespace": [ + { + "action": "aps:DescribeRuleGroupsNamespace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "Namespace": { + "template": "${name}" + } + } + } + ], + "Amp.ListRuleGroupsNamespaces": [ + { + "action": "aps:ListRuleGroupsNamespaces", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "Amp.PutAlertManagerDefinition": [ + { + "action": "aps:PutAlertManagerDefinition", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "Amp.PutRuleGroupsNamespace": [ + { + "action": "aps:PutRuleGroupsNamespace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "Namespace": { + "template": "${name}" + } + } + } + ], + "Wisdom.CreateAssistant": [ + { + "action": "wisdom:CreateAssistant", + "resource_mappings": {} + } + ], + "Wisdom.CreateAssistantAssociation": [ + { + "action": "wisdom:CreateAssistantAssociation", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.CreateContent": [ + { + "action": "wisdom:CreateContent", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.CreateKnowledgeBase": [ + { + "action": "wisdom:CreateKnowledgeBase", + "resource_mappings": {} + } + ], + "Wisdom.CreateSession": [ + { + "action": "wisdom:CreateSession", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.DeleteAssistant": [ + { + "action": "wisdom:DeleteAssistant", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.DeleteAssistantAssociation": [ + { + "action": "wisdom:DeleteAssistantAssociation", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + }, + "AssistantAssociationId": { + "template": "${assistantAssociationId}" + } + } + } + ], + "Wisdom.DeleteContent": [ + { + "action": "wisdom:DeleteContent", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + }, + "ContentId": { + "template": "${contentId}" + } + } + } + ], + "Wisdom.DeleteKnowledgeBase": [ + { + "action": "wisdom:DeleteKnowledgeBase", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.GetAssistant": [ + { + "action": "wisdom:GetAssistant", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.GetAssistantAssociation": [ + { + "action": "wisdom:GetAssistantAssociation", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + }, + "AssistantAssociationId": { + "template": "${assistantAssociationId}" + } + } + } + ], + "Wisdom.GetContent": [ + { + "action": "wisdom:GetContent", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + }, + "ContentId": { + "template": "${contentId}" + } + } + } + ], + "Wisdom.GetContentSummary": [ + { + "action": "wisdom:GetContentSummary", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + }, + "ContentId": { + "template": "${contentId}" + } + } + } + ], + "Wisdom.GetKnowledgeBase": [ + { + "action": "wisdom:GetKnowledgeBase", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.GetRecommendations": [ + { + "action": "wisdom:GetRecommendations", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.GetSession": [ + { + "action": "wisdom:GetSession", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + }, + "SessionId": { + "template": "${sessionId}" + } + } + } + ], + "Wisdom.ListAssistantAssociations": [ + { + "action": "wisdom:ListAssistantAssociations", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.ListAssistants": [ + { + "action": "wisdom:ListAssistants", + "resource_mappings": {} + } + ], + "Wisdom.ListContents": [ + { + "action": "wisdom:ListContents", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.ListKnowledgeBases": [ + { + "action": "wisdom:ListKnowledgeBases", + "resource_mappings": {} + } + ], + "Wisdom.ListTagsForResource": [ + { + "action": "wisdom:ListTagsForResource", + "resource_mappings": {} + } + ], + "Wisdom.NotifyRecommendationsReceived": [ + { + "action": "wisdom:NotifyRecommendationsReceived", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.QueryAssistant": [ + { + "action": "wisdom:QueryAssistant", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.RemoveKnowledgeBaseTemplateUri": [ + { + "action": "wisdom:RemoveKnowledgeBaseTemplateUri", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.SearchContent": [ + { + "action": "wisdom:SearchContent", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.SearchSessions": [ + { + "action": "wisdom:SearchSessions", + "resource_mappings": { + "AssistantId": { + "template": "${assistantId}" + } + } + } + ], + "Wisdom.StartContentUpload": [ + { + "action": "wisdom:StartContentUpload", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Wisdom.TagResource": [ + { + "action": "wisdom:TagResource", + "resource_mappings": {} + } + ], + "Wisdom.UntagResource": [ + { + "action": "wisdom:UntagResource", + "resource_mappings": {} + } + ], + "Wisdom.UpdateContent": [ + { + "action": "wisdom:UpdateContent", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + }, + "ContentId": { + "template": "${contentId}" + } + } + } + ], + "Wisdom.UpdateKnowledgeBaseTemplateUri": [ + { + "action": "wisdom:UpdateKnowledgeBaseTemplateUri", + "resource_mappings": { + "KnowledgeBaseId": { + "template": "${knowledgeBaseId}" + } + } + } + ], + "Iot.PutVerificationStateOnViolation": [ + { + "action": "iot:PutVerificationStateOnViolation", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "CloudControl.CancelResourceRequest": [ + { + "action": "cloudformation:CancelResourceRequest", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.CreateResource": [ + { + "action": "cloudformation:CreateResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.DeleteResource": [ + { + "action": "cloudformation:DeleteResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.GetResource": [ + { + "action": "cloudformation:GetResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.GetResourceRequestStatus": [ + { + "action": "cloudformation:GetResourceRequestStatus", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.ListResourceRequests": [ + { + "action": "cloudformation:ListResourceRequests", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.ListResources": [ + { + "action": "cloudformation:ListResources", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "CloudControl.UpdateResource": [ + { + "action": "cloudformation:UpdateResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" + } + } + ], + "WorkSpaces.CreateUpdatedWorkspaceImage": [ + { + "action": "workspaces:CreateUpdatedWorkspaceImage", + "resource_mappings": { + "ImageId": { + "template": "*" + } + } + } + ], + "WorkMail.DescribeInboundDmarcSettings": [ + { + "action": "workmail:DescribeInboundDmarcSettings", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.PutInboundDmarcSettings": [ + { + "action": "workmail:PutInboundDmarcSettings", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "Backup.DeleteBackupVaultLockConfiguration": [ + { + "action": "backup:DeleteBackupVaultLockConfiguration", + "resource_mappings": { + "BackupVaultName": { + "template": "${BackupVaultName}" + } + } + } + ], + "Backup.PutBackupVaultLockConfiguration": [ + { + "action": "backup:PutBackupVaultLockConfiguration", + "resource_mappings": { + "BackupVaultName": { + "template": "${BackupVaultName}" + } + } + } + ], + "FraudDetector.CancelBatchImportJob": [ + { + "action": "frauddetector:CancelBatchImportJob", + "resource_mappings": { + "ResourcePath": { + "template": "${jobId}" + } + } + } + ], + "FraudDetector.CreateBatchImportJob": [ + { + "action": "frauddetector:CreateBatchImportJob", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "FraudDetector.DeleteBatchImportJob": [ + { + "action": "frauddetector:DeleteBatchImportJob", + "resource_mappings": { + "ResourcePath": { + "template": "${jobId}" + } + } + } + ], + "FraudDetector.DeleteEventsByEventType": [ + { + "action": "frauddetector:DeleteEventsByEventType", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "FraudDetector.GetBatchImportJobs": [ + { + "action": "frauddetector:GetBatchImportJobs", + "resource_mappings": { + "ResourcePath": { + "template": "${jobId}" + } + } + } + ], + "FraudDetector.GetDeleteEventsByEventTypeStatus": [ + { + "action": "frauddetector:GetDeleteEventsByEventTypeStatus", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "FraudDetector.GetEvent": [ + { + "action": "frauddetector:GetEvent", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "FraudDetector.SendEvent": [ + { + "action": "frauddetector:SendEvent", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "FraudDetector.UpdateEventLabel": [ + { + "action": "frauddetector:UpdateEventLabel", + "resource_mappings": { + "ResourcePath": { + "template": "${eventTypeName}" + } + } + } + ], + "LexModelsV2.DeleteUtterances": [ + { + "action": "lex:DeleteUtterances", + "resource_mappings": { + "BotName": { + "template": "*" + }, + "BotVersion": { + "template": "*" + } + } + } + ], + "Account.DeleteAlternateContact": [ + { + "action": "account:DeleteAlternateContact", + "resource_mappings": { + "ManagementAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "MemberAccountId": { + "template": "${AccountId}" + } + } + } + ], + "Account.GetAlternateContact": [ + { + "action": "account:GetAlternateContact", + "resource_mappings": { + "ManagementAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "MemberAccountId": { + "template": "${AccountId}" + } + } + } + ], + "Account.PutAlternateContact": [ + { + "action": "account:PutAlternateContact", + "resource_mappings": { + "ManagementAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "MemberAccountId": { + "template": "${AccountId}" + } + } + } + ], + "Grafana.AssociateLicense": [ + { + "action": "grafana:AssociateLicense", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + }, + { + "action": "aws-marketplace:ViewSubscriptions", + "resource_mappings": {} + } + ], + "Grafana.CreateWorkspace": [ + { + "action": "grafana:CreateWorkspace", + "resource_mappings": {} + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + }, + { + "action": "sso:CreateManagedApplicationInstance", + "resource_mappings": {} + }, + { + "action": "sso:DescribeRegisteredRegions", + "resource_mappings": {} + }, + { + "action": "sso:GetSharedSsoConfiguration", + "resource_mappings": {} + } + ], + "Grafana.DeleteWorkspace": [ + { + "action": "grafana:DeleteWorkspace", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + }, + { + "action": "sso:DeleteManagedApplicationInstance", + "resource_mappings": {} + } + ], + "Grafana.DescribeWorkspace": [ + { + "action": "grafana:DescribeWorkspace", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.DescribeWorkspaceAuthentication": [ + { + "action": "grafana:DescribeWorkspaceAuthentication", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.DisassociateLicense": [ + { + "action": "grafana:DisassociateLicense", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.ListPermissions": [ + { + "action": "grafana:ListPermissions", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.ListWorkspaces": [ + { + "action": "grafana:ListWorkspaces", + "resource_mappings": {} + } + ], + "Grafana.UpdatePermissions": [ + { + "action": "grafana:UpdatePermissions", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.UpdateWorkspace": [ + { + "action": "grafana:UpdateWorkspace", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "Grafana.UpdateWorkspaceAuthentication": [ + { + "action": "grafana:UpdateWorkspaceAuthentication", + "resource_mappings": { + "ResourceId": { + "template": "${workspaceId}" + } + } + } + ], + "EC2.CancelCapacityReservationFleets": [ + { + "action": "ec2:CancelCapacityReservationFleets", + "resource_mappings": { + "CapacityReservationFleetId": { + "template": "${CapacityReservationFleetIds[]}" + } + } + } + ], + "EC2.CreateCapacityReservationFleet": [ + { + "action": "ec2:CreateCapacityReservationFleet", + "resource_mappings": { + "CapacityReservationFleetId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.GetVpnConnectionDeviceSampleConfiguration": [ + { + "action": "ec2:GetVpnConnectionDeviceSampleConfiguration", + "resource_mappings": { + "VpnConnectionId": { + "template": "${VpnConnectionId}" + }, + "VpnConnectionDeviceTypeId": { + "template": "${VpnConnectionDeviceTypeId}" + } + } + } + ], + "EC2.GetVpnConnectionDeviceTypes": [ + { + "action": "ec2:GetVpnConnectionDeviceTypes", + "resource_mappings": {} + } + ], + "EC2.ModifyCapacityReservationFleet": [ + { + "action": "ec2:ModifyCapacityReservationFleet", + "resource_mappings": { + "CapacityReservationFleetId": { + "template": "${CapacityReservationFleetId}" + } + } + } + ], + "RDS.DeleteCustomDBEngineVersion": [ + { + "action": "rds:DeleteCustomDBEngineVersion", + "resource_mappings": { + "Engine": { + "template": "${Engine}" + }, + "EngineVersion": { + "template": "${EngineVersion}" + }, + "CustomDbEngineVersionId": { + "template": "*" + } + } + } + ], + "RDS.ModifyCustomDBEngineVersion": [ + { + "action": "rds:ModifyCustomDBEngineVersion", + "resource_mappings": { + "Engine": { + "template": "${Engine}" + }, + "EngineVersion": { + "template": "${EngineVersion}" + }, + "CustomDbEngineVersionId": { + "template": "*" + } + } + } + ], + "MediaConvert.DeletePolicy": [ + { + "action": "mediaconvert:DeletePolicy", + "resource_mappings": {} + } + ], + "MediaConvert.GetPolicy": [ + { + "action": "mediaconvert:GetPolicy", + "resource_mappings": {} + } + ], + "MediaConvert.PutPolicy": [ + { + "action": "mediaconvert:PutPolicy", + "resource_mappings": {} + } + ], + "QuickSight.DescribeIpRestriction": [ + { + "action": "quicksight:DescribeIpRestriction", + "resource_mappings": {} + } + ], + "QuickSight.UpdateIpRestriction": [ + { + "action": "quicksight:UpdateIpRestriction", + "resource_mappings": {} + } + ], + "Textract.GetExpenseAnalysis": [ + { + "action": "textract:GetExpenseAnalysis", + "resource_mappings": {} + } + ], + "Textract.StartExpenseAnalysis": [ + { + "action": "textract:StartExpenseAnalysis", + "resource_mappings": {} + }, + { + "action": "s3:GetObject", + "resource_mappings": { + "BucketName": { + "template": "${DocumentLocation.S3Object.Bucket}" + }, + "ObjectName": { + "template": "${DocumentLocation.S3Object.Name}" + } + } + } + ], + "AuditManager.DeleteAssessmentFrameworkShare": [ + { + "action": "auditmanager:DeleteAssessmentFrameworkShare", + "resource_mappings": {} + } + ], + "AuditManager.ListAssessmentFrameworkShareRequests": [ + { + "action": "auditmanager:ListAssessmentFrameworkShareRequests", + "resource_mappings": {} + } + ], + "AuditManager.StartAssessmentFrameworkShare": [ + { + "action": "auditmanager:StartAssessmentFrameworkShare", + "resource_mappings": { + "AssessmentFrameworkId": { + "template": "${frameworkId}" + } + } + } + ], + "AuditManager.UpdateAssessmentFrameworkShare": [ + { + "action": "auditmanager:UpdateAssessmentFrameworkShare", + "resource_mappings": {} + } + ], + "Panorama.CreateApplicationInstance": [ + { + "action": "panorama:CreateApplicationInstance", + "resource_mappings": {} + } + ], + "Panorama.CreateJobForDevices": [ + { + "action": "panorama:CreateJobForDevices", + "resource_mappings": {} + } + ], + "Panorama.CreateNodeFromTemplateJob": [ + { + "action": "panorama:CreateNodeFromTemplateJob", + "resource_mappings": {} + } + ], + "Panorama.CreatePackage": [ + { + "action": "panorama:CreatePackage", + "resource_mappings": {} + } + ], + "Panorama.CreatePackageImportJob": [ + { + "action": "panorama:CreatePackageImportJob", + "resource_mappings": {} + } + ], + "Panorama.DeleteDevice": [ + { + "action": "panorama:DeleteDevice", + "resource_mappings": { + "DeviceId": { + "template": "${DeviceId}" + } + } + } + ], + "Panorama.DeletePackage": [ + { + "action": "panorama:DeletePackage", + "resource_mappings": { + "PackageId": { + "template": "${PackageId}" + } + } + } + ], + "Panorama.DeregisterPackageVersion": [ + { + "action": "panorama:DeregisterPackageVersion", + "resource_mappings": {} + } + ], + "Panorama.DescribeApplicationInstance": [ + { + "action": "panorama:DescribeApplicationInstance", + "resource_mappings": { + "ApplicationInstanceId": { + "template": "${ApplicationInstanceId}" + } + } + } + ], + "Panorama.DescribeApplicationInstanceDetails": [ + { + "action": "panorama:DescribeApplicationInstanceDetails", + "resource_mappings": { + "ApplicationInstanceId": { + "template": "${ApplicationInstanceId}" + } + } + } + ], + "Panorama.DescribeDevice": [ + { + "action": "panorama:DescribeDevice", + "resource_mappings": { + "DeviceId": { + "template": "${DeviceId}" + } + } + } + ], + "Panorama.DescribeDeviceJob": [ + { + "action": "panorama:DescribeDeviceJob", + "resource_mappings": {} + } + ], + "Panorama.DescribeNode": [ + { + "action": "panorama:DescribeNode", + "resource_mappings": {} + } + ], + "Panorama.DescribeNodeFromTemplateJob": [ + { + "action": "panorama:DescribeNodeFromTemplateJob", + "resource_mappings": {} + } + ], + "Panorama.DescribePackage": [ + { + "action": "panorama:DescribePackage", + "resource_mappings": { + "PackageId": { + "template": "${PackageId}" + } + } + } + ], + "Panorama.DescribePackageImportJob": [ + { + "action": "panorama:DescribePackageImportJob", + "resource_mappings": {} + } + ], + "Panorama.DescribePackageVersion": [ + { + "action": "panorama:DescribePackageVersion", + "resource_mappings": {} + } + ], + "Panorama.ListApplicationInstanceDependencies": [ + { + "action": "panorama:ListApplicationInstanceDependencies", + "resource_mappings": {} + } + ], + "Panorama.ListApplicationInstanceNodeInstances": [ + { + "action": "panorama:ListApplicationInstanceNodeInstances", + "resource_mappings": {} + } + ], + "Panorama.ListApplicationInstances": [ + { + "action": "panorama:ListApplicationInstances", + "resource_mappings": {} + } + ], + "Panorama.ListDevices": [ + { + "action": "panorama:ListDevices", + "resource_mappings": {} + } + ], + "Panorama.ListDevicesJobs": [ + { + "action": "panorama:ListDevicesJobs", + "resource_mappings": {} + } + ], + "Panorama.ListNodeFromTemplateJobs": [ + { + "action": "panorama:ListNodeFromTemplateJobs", + "resource_mappings": {} + } + ], + "Panorama.ListNodes": [ + { + "action": "panorama:ListNodes", + "resource_mappings": {} + } + ], + "Panorama.ListPackageImportJobs": [ + { + "action": "panorama:ListPackageImportJobs", + "resource_mappings": {} + } + ], + "Panorama.ListPackages": [ + { + "action": "panorama:ListPackages", + "resource_mappings": {} + } + ], + "Panorama.ListTagsForResource": [ + { + "action": "panorama:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "app": "%%iftemplatematch%${ResourceArn}%%", + "dataSource": "%%iftemplatematch%${ResourceArn}%%", + "device": "%%iftemplatematch%${ResourceArn}%%", + "model": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Panorama.ProvisionDevice": [ + { + "action": "panorama:ProvisionDevice", + "resource_mappings": {} + } + ], + "Panorama.RegisterPackageVersion": [ + { + "action": "panorama:RegisterPackageVersion", + "resource_mappings": {} + } + ], + "Panorama.RemoveApplicationInstance": [ + { + "action": "panorama:RemoveApplicationInstance", + "resource_mappings": { + "ApplicationInstanceId": { + "template": "${ApplicationInstanceId}" + } + } + } + ], + "Panorama.TagResource": [ + { + "action": "panorama:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "app": "%%iftemplatematch%${ResourceArn}%%", + "dataSource": "%%iftemplatematch%${ResourceArn}%%", + "device": "%%iftemplatematch%${ResourceArn}%%", + "model": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Panorama.UntagResource": [ + { + "action": "panorama:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "app": "%%iftemplatematch%${ResourceArn}%%", + "dataSource": "%%iftemplatematch%${ResourceArn}%%", + "device": "%%iftemplatematch%${ResourceArn}%%", + "model": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Panorama.UpdateDeviceMetadata": [ + { + "action": "panorama:UpdateDeviceMetadata", + "resource_mappings": {} + } + ], + "DirectConnect.ConfirmCustomerAgreement": [ + { + "action": "directconnect:ConfirmCustomerAgreement", + "resource_mappings": {} + } + ], + "DirectConnect.DescribeCustomerMetadata": [ + { + "action": "directconnect:DescribeCustomerMetadata", + "resource_mappings": {} + } + ], + "DirectConnect.DescribeRouterConfiguration": [ + { + "action": "directconnect:DescribeRouterConfiguration", + "resource_mappings": { + "VirtualInterfaceId": { + "template": "${virtualInterfaceId}" + } + } + } + ], + "DirectConnect.UpdateDirectConnectGateway": [ + { + "action": "directconnect:UpdateDirectConnectGateway", + "resource_mappings": { + "DirectConnectGatewayId": { + "template": "${directConnectGatewayId}" + } + } + } + ], + "MediaLive.ClaimDevice": [ + { + "action": "medialive:ClaimDevice", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:medialive:${Region}:${Account}:claimDevice:*" + } + } + ], + "SageMaker.UpdateProject": [ + { + "action": "sagemaker:UpdateProject", + "resource_mappings": { + "ProjectName": { + "template": "${ProjectName}" + } + } + } + ], + "Connect.StopContactStreaming": [ + { + "action": "connect:StopContactStreaming", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact/${ContactId}" + } + } + ], + "MediaTailor.DeletePrefetchSchedule": [ + { + "action": "mediatailor:DeletePrefetchSchedule", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:prefetchSchedule/${PlaybackConfigurationName}/${Name}" + } + } + ], + "MediaTailor.GetPrefetchSchedule": [ + { + "action": "mediatailor:GetPrefetchSchedule", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:prefetchSchedule/${PlaybackConfigurationName}/${Name}" + } + } + ], + "MediaTailor.ListPrefetchSchedules": [ + { + "action": "mediatailor:ListPrefetchSchedules", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:prefetchSchedule/*" + } + } + ], + "Route53Resolver.GetResolverConfig": [ + { + "action": "route53resolver:GetResolverConfig", + "resource_mappings": { + "ResourceId": { + "template": "${ResourceId}" + } + } + }, + { + "action": "ec2:DescribeVpcs", + "resource_mappings": {} + } + ], + "Route53Resolver.ListResolverConfigs": [ + { + "action": "route53resolver:ListResolverConfigs", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + }, + { + "action": "ec2:DescribeVpcs", + "resource_mappings": {} + } + ], + "Route53Resolver.UpdateResolverConfig": [ + { + "action": "route53resolver:UpdateResolverConfig", + "resource_mappings": { + "ResourceId": { + "template": "${ResourceId}" + } + } + }, + { + "action": "ec2:DescribeVpcs", + "resource_mappings": {} + } + ], + "SecurityHub.CreateFindingAggregator": [ + { + "action": "securityhub:CreateFindingAggregator", + "resource_mappings": {} + } + ], + "SecurityHub.DeleteFindingAggregator": [ + { + "action": "securityhub:DeleteFindingAggregator", + "resource_mappings": {}, + "resourcearn_mappings": { + "finding-aggregator": "${FindingAggregatorArn}" + } + } + ], + "SecurityHub.GetFindingAggregator": [ + { + "action": "securityhub:GetFindingAggregator", + "resource_mappings": {}, + "resourcearn_mappings": { + "finding-aggregator": "${FindingAggregatorArn}" + } + } + ], + "SecurityHub.ListFindingAggregators": [ + { + "action": "securityhub:ListFindingAggregators", + "resource_mappings": {} + } + ], + "SecurityHub.UpdateFindingAggregator": [ + { + "action": "securityhub:UpdateFindingAggregator", + "resource_mappings": {}, + "resourcearn_mappings": { + "finding-aggregator": "${FindingAggregatorArn}" + } + } + ], + "AppStream.AssociateApplicationFleet": [ + { + "action": "appstream:AssociateApplicationFleet", + "resource_mappings": { + "FleetName": { + "template": "${FleetName}" + } + }, + "resourcearn_mappings": { + "application": "${ApplicationArn}" + } + } + ], + "AppStream.CreateAppBlock": [ + { + "action": "appstream:CreateAppBlock", + "resource_mappings": { + "AppBlockName": { + "template": "${Name}" + } + } + } + ], + "AppStream.CreateApplication": [ + { + "action": "appstream:CreateApplication", + "resource_mappings": { + "AppBlockName": { + "template": "${Name}" + } + } + } + ], + "AppStream.DeleteAppBlock": [ + { + "action": "appstream:DeleteAppBlock", + "resource_mappings": { + "AppBlockName": { + "template": "${Name}" + } + } + } + ], + "AppStream.DeleteApplication": [ + { + "action": "appstream:DeleteApplication", + "resource_mappings": { + "ApplicationName": { + "template": "${Name}" + } + } + } + ], + "AppStream.DescribeAppBlocks": [ + { + "action": "appstream:DescribeAppBlocks", + "resource_mappings": {}, + "resourcearn_mappings": { + "app-block": "${Arns[]}" + } + } + ], + "AppStream.DescribeApplicationFleetAssociations": [ + { + "action": "appstream:DescribeApplicationFleetAssociations", + "resource_mappings": { + "FleetName": { + "template": "${FleetName}" + } + }, + "resourcearn_mappings": { + "application": "${ApplicationArn}" + } + } + ], + "AppStream.DescribeApplications": [ + { + "action": "appstream:DescribeApplications", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${Arns[]}" + } + } + ], + "AppStream.DisassociateApplicationFleet": [ + { + "action": "appstream:DisassociateApplicationFleet", + "resource_mappings": { + "FleetName": { + "template": "${FleetName}" + } + }, + "resourcearn_mappings": { + "application": "${ApplicationArn}" + } + } + ], + "AppStream.UpdateApplication": [ + { + "action": "appstream:UpdateApplication", + "resource_mappings": { + "ApplicationName": { + "template": "${Name}" + } + }, + "resourcearn_mappings": { + "app-block": "${AppBlockArn}" + } + } + ], + "Batch.CreateSchedulingPolicy": [ + { + "action": "batch:CreateSchedulingPolicy", + "resource_mappings": { + "SchedulingPolicyName": { + "template": "${name}" + } + } + } + ], + "Batch.DeleteSchedulingPolicy": [ + { + "action": "batch:DeleteSchedulingPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduling-policy": "${arn}" + } + } + ], + "Batch.DescribeSchedulingPolicies": [ + { + "action": "batch:DescribeSchedulingPolicies", + "resource_mappings": {} + } + ], + "Batch.ListSchedulingPolicies": [ + { + "action": "batch:ListSchedulingPolicies", + "resource_mappings": {} + } + ], + "Batch.UpdateSchedulingPolicy": [ + { + "action": "batch:UpdateSchedulingPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduling-policy": "${arn}" + } + } + ], + "EC2.DescribeCapacityReservationFleets": [ + { + "action": "ec2:DescribeCapacityReservationFleets", + "resource_mappings": {} + } + ], + "ECR.BatchGetRepositoryScanningConfiguration": [ + { + "action": "ecr:BatchGetRepositoryScanningConfiguration", + "resource_mappings": { + "RepositoryName": { + "template": "${repositoryNames[]}" + } + } + } + ], + "ECR.CreatePullThroughCacheRule": [ + { + "action": "ecr:CreatePullThroughCacheRule", + "resource_mappings": {} + } + ], + "ECR.DeletePullThroughCacheRule": [ + { + "action": "ecr:DeletePullThroughCacheRule", + "resource_mappings": {} + } + ], + "ECR.DescribePullThroughCacheRules": [ + { + "action": "ecr:DescribePullThroughCacheRules", + "resource_mappings": {} + } + ], + "ECR.GetRegistryScanningConfiguration": [ + { + "action": "ecr:GetRegistryScanningConfiguration", + "resource_mappings": {} + } + ], + "ECR.PutRegistryScanningConfiguration": [ + { + "action": "ecr:PutRegistryScanningConfiguration", + "resource_mappings": {} + } + ], + "Iot.DescribeManagedJobTemplate": [ + { + "action": "iot:DescribeManagedJobTemplate", + "resource_mappings": { + "JobTemplateId": { + "template": "*" + } + } + } + ], + "Iot.ListManagedJobTemplates": [ + { + "action": "iot:ListManagedJobTemplates", + "resource_mappings": {} + } + ], + "RDS.CreateCustomDBEngineVersion": [ + { + "action": "rds:CreateCustomDBEngineVersion", + "resource_mappings": { + "Engine": { + "template": "${Engine}" + }, + "EngineVersion": { + "template": "${EngineVersion}" + }, + "CustomDbEngineVersionId": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "mediaimport:CreateDatabaseBinarySnapshot", + "resource_mappings": {} + }, + { + "action": "rds:AddTagsToResource", + "resource_mappings": { + "Engine": { + "template": "${Engine}" + }, + "EngineVersion": { + "template": "${EngineVersion}" + }, + "CustomDbEngineVersionId": { + "template": "*" + }, + "DbClusterInstanceName": { + "template": "*" + }, + "DbClusterEndpoint": { + "template": "*" + }, + "ClusterParameterGroupName": { + "template": "*" + }, + "ClusterSnapshotName": { + "template": "*" + }, + "DbInstanceName": { + "template": "*" + }, + "SubscriptionName": { + "template": "*" + }, + "OptionGroupName": { + "template": "*" + }, + "ParameterGroupName": { + "template": "*" + }, + "DbProxyId": { + "template": "*" + }, + "DbProxyEndpointId": { + "template": "*" + }, + "ReservedDbInstanceName": { + "template": "*" + }, + "SecurityGroupName": { + "template": "*" + }, + "SnapshotName": { + "template": "*" + }, + "SubnetGroupName": { + "template": "*" + }, + "TargetGroupId": { + "template": "*" + } + } + } + ], + "RDS.RebootDBCluster": [ + { + "action": "rds:RebootDBCluster", + "resource_mappings": { + "DbClusterInstanceName": { + "template": "${DBClusterIdentifier}" + } + } + }, + { + "action": "rds:RebootDBInstance", + "resource_mappings": { + "DbInstanceName": { + "template": "*" + } + } + } + ], + "Rekognition.CreateDataset": [ + { + "action": "rekognition:CreateDataset", + "resource_mappings": {}, + "resourcearn_mappings": { + "project": "${ProjectArn}" + } + } + ], + "Rekognition.DeleteDataset": [ + { + "action": "rekognition:DeleteDataset", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${DatasetArn}" + } + } + ], + "Rekognition.DescribeDataset": [ + { + "action": "rekognition:DescribeDataset", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${DatasetArn}" + } + } + ], + "Rekognition.DistributeDatasetEntries": [ + { + "action": "rekognition:DistributeDatasetEntries", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${Datasets[].Arn}" + } + } + ], + "Rekognition.ListDatasetEntries": [ + { + "action": "rekognition:ListDatasetEntries", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${DatasetArn}" + } + } + ], + "Rekognition.ListDatasetLabels": [ + { + "action": "rekognition:ListDatasetLabels", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${DatasetArn}" + } + } + ], + "Rekognition.UpdateDatasetEntries": [ + { + "action": "rekognition:UpdateDatasetEntries", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "${DatasetArn}" + } + } + ], + "SageMaker.BatchDescribeModelPackage": [ + { + "action": "sagemaker:BatchDescribeModelPackage", + "resource_mappings": {}, + "resourcearn_mappings": { + "model-package": "${ModelPackageArnList[]}" + } + } + ], + "SageMaker.CreateInferenceRecommendationsJob": [ + { + "action": "sagemaker:CreateInferenceRecommendationsJob", + "resource_mappings": { + "InferenceRecommendationsJobName": { + "template": "${JobName}" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${RoleArn}" + } + } + ], + "SageMaker.DescribeInferenceRecommendationsJob": [ + { + "action": "sagemaker:DescribeInferenceRecommendationsJob", + "resource_mappings": { + "InferenceRecommendationsJobName": { + "template": "${JobName}" + } + } + } + ], + "SageMaker.DescribeLineageGroup": [ + { + "action": "sagemaker:DescribeLineageGroup", + "resource_mappings": {} + } + ], + "SageMaker.GetLineageGroupPolicy": [ + { + "action": "sagemaker:GetLineageGroupPolicy", + "resource_mappings": {} + } + ], + "SageMaker.ListInferenceRecommendationsJobs": [ + { + "action": "sagemaker:ListInferenceRecommendationsJobs", + "resource_mappings": {} + } + ], + "SageMaker.ListLineageGroups": [ + { + "action": "sagemaker:ListLineageGroups", + "resource_mappings": {} + } + ], + "SageMaker.ListModelMetadata": [ + { + "action": "sagemaker:ListModelMetadata", + "resource_mappings": {} + } + ], + "SageMaker.QueryLineage": [ + { + "action": "sagemaker:QueryLineage", + "resource_mappings": {} + } + ], + "SageMaker.StopInferenceRecommendationsJob": [ + { + "action": "sagemaker:StopInferenceRecommendationsJob", + "resource_mappings": { + "InferenceRecommendationsJobName": { + "template": "${JobName}" + } + } + } + ], + "WorkMail.DeleteMobileDeviceAccessOverride": [ + { + "action": "workmail:DeleteMobileDeviceAccessOverride", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.DeregisterMailDomain": [ + { + "action": "workmail:DeregisterMailDomain", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.GetMailDomain": [ + { + "action": "workmail:GetMailDomain", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.GetMobileDeviceAccessOverride": [ + { + "action": "workmail:GetMobileDeviceAccessOverride", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.ListMailDomains": [ + { + "action": "workmail:ListMailDomains", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.ListMobileDeviceAccessOverrides": [ + { + "action": "workmail:ListMobileDeviceAccessOverrides", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.PutMobileDeviceAccessOverride": [ + { + "action": "workmail:PutMobileDeviceAccessOverride", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.RegisterMailDomain": [ + { + "action": "workmail:RegisterMailDomain", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "WorkMail.UpdateDefaultMailDomain": [ + { + "action": "workmail:UpdateDefaultMailDomain", + "resource_mappings": { + "ResourceId": { + "template": "${OrganizationId}" + } + } + } + ], + "Connect.CreateContactFlowModule": [ + { + "action": "connect:CreateContactFlowModule", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowModuleId": { + "template": "*" + } + } + } + ], + "Connect.CreateSecurityProfile": [ + { + "action": "connect:CreateSecurityProfile", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SecurityProfileId": { + "template": "*" + } + } + } + ], + "Connect.DeleteContactFlow": [ + { + "action": "connect:DeleteContactFlow", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowId": { + "template": "${ContactFlowId}" + } + } + } + ], + "Connect.DeleteContactFlowModule": [ + { + "action": "connect:DeleteContactFlowModule", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowModuleId": { + "template": "${ContactFlowModuleId}" + } + } + } + ], + "Connect.DeleteSecurityProfile": [ + { + "action": "connect:DeleteSecurityProfile", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SecurityProfileId": { + "template": "${SecurityProfileId}" + } + } + } + ], + "Connect.DescribeContact": [ + { + "action": "connect:DescribeContact", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactId": { + "template": "${ContactId}" + } + } + } + ], + "Connect.DescribeContactFlowModule": [ + { + "action": "connect:DescribeContactFlowModule", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowModuleId": { + "template": "${ContactFlowModuleId}" + } + } + } + ], + "Connect.DescribeSecurityProfile": [ + { + "action": "connect:DescribeSecurityProfile", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SecurityProfileId": { + "template": "${SecurityProfileId}" + } + } + } + ], + "Connect.ListContactFlowModules": [ + { + "action": "connect:ListContactFlowModules", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + } + ], + "Connect.ListContactReferences": [ + { + "action": "connect:ListContactReferences", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactId": { + "template": "${ContactId}" + } + } + } + ], + "Connect.ListSecurityProfilePermissions": [ + { + "action": "connect:ListSecurityProfilePermissions", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SecurityProfileId": { + "template": "${SecurityProfileId}" + } + } + } + ], + "Connect.UpdateContact": [ + { + "action": "connect:UpdateContact", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactId": { + "template": "${ContactId}" + } + } + } + ], + "Connect.UpdateContactFlowMetadata": [ + { + "action": "connect:UpdateContactFlowMetadata", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowId": { + "template": "${ContactFlowId}" + } + } + } + ], + "Connect.UpdateContactFlowModuleMetadata": [ + { + "action": "connect:UpdateContactFlowModuleMetadata", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactFlowModuleId": { + "template": "${ContactFlowModuleId}" + } + } + } + ], + "Connect.UpdateContactSchedule": [ + { + "action": "connect:UpdateContactSchedule", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactId": { + "template": "${ContactId}" + } + } + } + ], + "Connect.UpdateSecurityProfile": [ + { + "action": "connect:UpdateSecurityProfile", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SecurityProfileId": { + "template": "${SecurityProfileId}" + } + } + } + ], + "FSx.CreateDataRepositoryAssociation": [ + { + "action": "fsx:CreateDataRepositoryAssociation", + "resource_mappings": { + "DataRepositoryAssociationId": { + "template": "*" + }, + "FileSystemId": { + "template": "${FileSystemId}" + } + } + }, + { + "action": "fsx:TagResource", + "resource_mappings": { + "DataRepositoryAssociationId": { + "template": "*" + }, + "BackupId": { + "template": "*" + }, + "FileSystemId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "StorageVirtualMachineId": { + "template": "*" + }, + "TaskId": { + "template": "*" + } + } + } + ], + "FSx.CreateSnapshot": [ + { + "action": "fsx:CreateSnapshot", + "resource_mappings": { + "VolumeId": { + "template": "${VolumeId}" + }, + "SnapshotId": { + "template": "*" + }, + "FileSystemId": { + "template": "*" + } + } + }, + { + "action": "fsx:TagResource", + "resource_mappings": { + "DataRepositoryAssociationId": { + "template": "*" + }, + "BackupId": { + "template": "*" + }, + "FileSystemId": { + "template": "*" + }, + "VolumeId": { + "template": "${VolumeId}" + }, + "SnapshotId": { + "template": "*" + }, + "StorageVirtualMachineId": { + "template": "*" + }, + "TaskId": { + "template": "*" + } + } + } + ], + "FSx.DeleteDataRepositoryAssociation": [ + { + "action": "fsx:DeleteDataRepositoryAssociation", + "resource_mappings": { + "DataRepositoryAssociationId": { + "template": "${AssociationId}" + } + } + } + ], + "FSx.DeleteSnapshot": [ + { + "action": "fsx:DeleteSnapshot", + "resource_mappings": { + "VolumeId": { + "template": "*" + }, + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "FSx.DescribeDataRepositoryAssociations": [ + { + "action": "fsx:DescribeDataRepositoryAssociations", + "resource_mappings": {} + } + ], + "FSx.DescribeSnapshots": [ + { + "action": "fsx:DescribeSnapshots", + "resource_mappings": {} + } + ], + "FSx.RestoreVolumeFromSnapshot": [ + { + "action": "fsx:RestoreVolumeFromSnapshot", + "resource_mappings": { + "VolumeId": { + "template": "${VolumeId}" + }, + "SnapshotId": { + "template": "${SnapshotId}" + }, + "FileSystemId": { + "template": "*" + } + } + } + ], + "FSx.UpdateDataRepositoryAssociation": [ + { + "action": "fsx:UpdateDataRepositoryAssociation", + "resource_mappings": { + "DataRepositoryAssociationId": { + "template": "${AssociationId}" + } + } + } + ], + "FSx.UpdateSnapshot": [ + { + "action": "fsx:UpdateSnapshot", + "resource_mappings": { + "VolumeId": { + "template": "*" + }, + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "Kafka.UpdateConnectivity": [ + { + "action": "kafka:UpdateConnectivity", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeRouteTables", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeSubnets", + "resource_mappings": {} + } + ], + "Personalize.CreateBatchSegmentJob": [ + { + "action": "personalize:CreateBatchSegmentJob", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Personalize.CreateRecommender": [ + { + "action": "personalize:CreateRecommender", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Personalize.DeleteRecommender": [ + { + "action": "personalize:DeleteRecommender", + "resource_mappings": {}, + "resourcearn_mappings": { + "recommender": "${recommenderArn}" + } + } + ], + "Personalize.DescribeBatchSegmentJob": [ + { + "action": "personalize:DescribeBatchSegmentJob", + "resource_mappings": {}, + "resourcearn_mappings": { + "batchSegmentJob": "${batchSegmentJobArn}" + } + } + ], + "Personalize.DescribeRecommender": [ + { + "action": "personalize:DescribeRecommender", + "resource_mappings": {}, + "resourcearn_mappings": { + "recommender": "${recommenderArn}" + } + } + ], + "Personalize.ListBatchSegmentJobs": [ + { + "action": "personalize:ListBatchSegmentJobs", + "resource_mappings": {} + } + ], + "Personalize.ListRecommenders": [ + { + "action": "personalize:ListRecommenders", + "resource_mappings": {} + } + ], + "Personalize.UpdateRecommender": [ + { + "action": "personalize:UpdateRecommender", + "resource_mappings": {}, + "resourcearn_mappings": { + "recommender": "${recommenderArn}" + } + } + ], + "ForecastService.CreateAutoPredictor": [ + { + "action": "forecast:CreateAutoPredictor", + "resource_mappings": {} + } + ], + "ForecastService.CreateExplainability": [ + { + "action": "forecast:CreateExplainability", + "resource_mappings": {}, + "resourcearn_mappings": { + "forecast": "${ResourceArn}" + } + } + ], + "ForecastService.CreateExplainabilityExport": [ + { + "action": "forecast:CreateExplainabilityExport", + "resource_mappings": {}, + "resourcearn_mappings": { + "explainability": "${ExplainabilityArn}" + } + } + ], + "ForecastService.DeleteExplainability": [ + { + "action": "forecast:DeleteExplainability", + "resource_mappings": {}, + "resourcearn_mappings": { + "explainability": "${ExplainabilityArn}" + } + } + ], + "ForecastService.DeleteExplainabilityExport": [ + { + "action": "forecast:DeleteExplainabilityExport", + "resource_mappings": {}, + "resourcearn_mappings": { + "explainabilityExport": "${ExplainabilityExportArn}" + } + } + ], + "ForecastService.DescribeAutoPredictor": [ + { + "action": "forecast:DescribeAutoPredictor", + "resource_mappings": {}, + "resourcearn_mappings": { + "predictor": "${PredictorArn}" + } + } + ], + "ForecastService.DescribeExplainabilityExport": [ + { + "action": "forecast:DescribeExplainabilityExport", + "resource_mappings": {}, + "resourcearn_mappings": { + "explainabilityExport": "${ExplainabilityExportArn}" + } + } + ], + "ForecastService.ListExplainabilities": [ + { + "action": "forecast:ListExplainabilities", + "resource_mappings": {} + } + ], + "ForecastService.ListExplainabilityExports": [ + { + "action": "forecast:ListExplainabilityExports", + "resource_mappings": {} + } + ], + "DataExchange.SendApiAsset": [ + { + "action": "dataexchange:SendApiAsset", + "resource_mappings": { + "DataSetId": { + "template": "${DataSetId}" + }, + "RevisionId": { + "template": "${RevisionId}" + }, + "AssetId": { + "template": "${AssetId}" + } + } + } + ], + "WAFV2.GetManagedRuleSet": [ + { + "action": "wafv2:GetManagedRuleSet", + "resource_mappings": { + "Scope": { + "template": "${Scope}" + }, + "Name": { + "template": "${Name}" + }, + "Id": { + "template": "${Id}" + } + } + } + ], + "WAFV2.ListManagedRuleSets": [ + { + "action": "wafv2:ListManagedRuleSets", + "resource_mappings": {} + } + ], + "WAFV2.PutManagedRuleSetVersions": [ + { + "action": "wafv2:PutManagedRuleSetVersions", + "resource_mappings": { + "Scope": { + "template": "${Scope}" + }, + "Name": { + "template": "${Name}" + }, + "Id": { + "template": "${Id}" + } + } + } + ], + "WAFV2.UpdateManagedRuleSetVersionExpiryDate": [ + { + "action": "wafv2:UpdateManagedRuleSetVersionExpiryDate", + "resource_mappings": { + "Scope": { + "template": "${Scope}" + }, + "Name": { + "template": "${Name}" + }, + "Id": { + "template": "${Id}" + } + } + } + ], + "ComputeOptimizer.DeleteRecommendationPreferences": [ + { + "action": "compute-optimizer:DeleteRecommendationPreferences", + "resource_mappings": {} + }, + { + "action": "autoscaling:DescribeAutoScalingGroups", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + } + ], + "ComputeOptimizer.GetEffectiveRecommendationPreferences": [ + { + "action": "compute-optimizer:GetEffectiveRecommendationPreferences", + "resource_mappings": {} + }, + { + "action": "autoscaling:DescribeAutoScalingGroups", + "resource_mappings": {} + }, + { + "action": "autoscaling:DescribeAutoScalingInstances", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + } + ], + "ComputeOptimizer.GetRecommendationPreferences": [ + { + "action": "compute-optimizer:GetRecommendationPreferences", + "resource_mappings": {} + } + ], + "ComputeOptimizer.PutRecommendationPreferences": [ + { + "action": "compute-optimizer:PutRecommendationPreferences", + "resource_mappings": {} + }, + { + "action": "autoscaling:DescribeAutoScalingGroups", + "resource_mappings": {} + }, + { + "action": "autoscaling:DescribeAutoScalingInstances", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + } + ], + "NetworkManager.AcceptAttachment": [ + { + "action": "networkmanager:AcceptAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.AssociateConnectPeer": [ + { + "action": "networkmanager:AssociateConnectPeer", + "resource_mappings": { + "GlobalNetworkId": { + "template": "${GlobalNetworkId}" + }, + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.CreateConnectAttachment": [ + { + "action": "networkmanager:CreateConnectAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.CreateConnectPeer": [ + { + "action": "networkmanager:CreateConnectPeer", + "resource_mappings": { + "ResourceId": { + "template": "${ConnectAttachmentId}" + } + } + } + ], + "NetworkManager.CreateCoreNetwork": [ + { + "action": "networkmanager:CreateCoreNetwork", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.CreateSiteToSiteVpnAttachment": [ + { + "action": "networkmanager:CreateSiteToSiteVpnAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.CreateVpcAttachment": [ + { + "action": "networkmanager:CreateVpcAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.DeleteAttachment": [ + { + "action": "networkmanager:DeleteAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.DeleteConnectPeer": [ + { + "action": "networkmanager:DeleteConnectPeer", + "resource_mappings": { + "ResourceId": { + "template": "${ConnectPeerId}" + } + } + } + ], + "NetworkManager.DeleteCoreNetwork": [ + { + "action": "networkmanager:DeleteCoreNetwork", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.DeleteCoreNetworkPolicyVersion": [ + { + "action": "networkmanager:DeleteCoreNetworkPolicyVersion", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.DeleteResourcePolicy": [ + { + "action": "networkmanager:DeleteResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "core-network": "${ResourceArn}" + } + } + ], + "NetworkManager.DisassociateConnectPeer": [ + { + "action": "networkmanager:DisassociateConnectPeer", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.ExecuteCoreNetworkChangeSet": [ + { + "action": "networkmanager:ExecuteCoreNetworkChangeSet", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.GetConnectAttachment": [ + { + "action": "networkmanager:GetConnectAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.GetConnectPeer": [ + { + "action": "networkmanager:GetConnectPeer", + "resource_mappings": { + "ResourceId": { + "template": "${ConnectPeerId}" + } + } + } + ], + "NetworkManager.GetConnectPeerAssociations": [ + { + "action": "networkmanager:GetConnectPeerAssociations", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetCoreNetwork": [ + { + "action": "networkmanager:GetCoreNetwork", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.GetCoreNetworkChangeSet": [ + { + "action": "networkmanager:GetCoreNetworkChangeSet", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.GetCoreNetworkPolicy": [ + { + "action": "networkmanager:GetCoreNetworkPolicy", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.GetNetworkResourceCounts": [ + { + "action": "networkmanager:GetNetworkResourceCounts", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetNetworkResourceRelationships": [ + { + "action": "networkmanager:GetNetworkResourceRelationships", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetNetworkResources": [ + { + "action": "networkmanager:GetNetworkResources", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetNetworkRoutes": [ + { + "action": "networkmanager:GetNetworkRoutes", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetNetworkTelemetry": [ + { + "action": "networkmanager:GetNetworkTelemetry", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetResourcePolicy": [ + { + "action": "networkmanager:GetResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "core-network": "${ResourceArn}" + } + } + ], + "NetworkManager.GetRouteAnalysis": [ + { + "action": "networkmanager:GetRouteAnalysis", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.GetSiteToSiteVpnAttachment": [ + { + "action": "networkmanager:GetSiteToSiteVpnAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.GetVpcAttachment": [ + { + "action": "networkmanager:GetVpcAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.ListAttachments": [ + { + "action": "networkmanager:ListAttachments", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "NetworkManager.ListConnectPeers": [ + { + "action": "networkmanager:ListConnectPeers", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "NetworkManager.ListCoreNetworkPolicyVersions": [ + { + "action": "networkmanager:ListCoreNetworkPolicyVersions", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.ListCoreNetworks": [ + { + "action": "networkmanager:ListCoreNetworks", + "resource_mappings": {} + } + ], + "NetworkManager.PutCoreNetworkPolicy": [ + { + "action": "networkmanager:PutCoreNetworkPolicy", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.PutResourcePolicy": [ + { + "action": "networkmanager:PutResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "core-network": "${ResourceArn}" + } + } + ], + "NetworkManager.RejectAttachment": [ + { + "action": "networkmanager:RejectAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "NetworkManager.RestoreCoreNetworkPolicyVersion": [ + { + "action": "networkmanager:RestoreCoreNetworkPolicyVersion", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.StartRouteAnalysis": [ + { + "action": "networkmanager:StartRouteAnalysis", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.UpdateCoreNetwork": [ + { + "action": "networkmanager:UpdateCoreNetwork", + "resource_mappings": { + "ResourceId": { + "template": "${CoreNetworkId}" + } + } + } + ], + "NetworkManager.UpdateNetworkResourceMetadata": [ + { + "action": "networkmanager:UpdateNetworkResourceMetadata", + "resource_mappings": { + "ResourceId": { + "template": "${GlobalNetworkId}" + } + } + } + ], + "NetworkManager.UpdateVpcAttachment": [ + { + "action": "networkmanager:UpdateVpcAttachment", + "resource_mappings": { + "ResourceId": { + "template": "${AttachmentId}" + } + } + } + ], + "Outposts.CreateOrder": [ + { + "action": "outposts:CreateOrder", + "resource_mappings": {} + } + ], + "IoTSiteWise.AssociateTimeSeriesToAssetProperty": [ + { + "action": "iotsitewise:AssociateTimeSeriesToAssetProperty", + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + }, + "TimeSeriesId": { + "template": "*" + } + } + } + ], + "IoTSiteWise.DeleteTimeSeries": [ + { + "action": "iotsitewise:DeleteTimeSeries", + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + }, + "TimeSeriesId": { + "template": "*" + } + } + } + ], + "IoTSiteWise.DescribeTimeSeries": [ + { + "action": "iotsitewise:DescribeTimeSeries", + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + }, + "TimeSeriesId": { + "template": "*" + } + } + } + ], + "IoTSiteWise.DisassociateTimeSeriesFromAssetProperty": [ + { + "action": "iotsitewise:DisassociateTimeSeriesFromAssetProperty", + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + }, + "TimeSeriesId": { + "template": "*" + } + } + } + ], + "IoTSiteWise.ListTimeSeries": [ + { + "action": "iotsitewise:ListTimeSeries", + "resource_mappings": { + "AssetId": { + "template": "${assetId}" + } + } + } + ], + "IVS.GetStreamSession": [ + { + "action": "ivs:GetStreamSession", + "resource_mappings": {}, + "resourcearn_mappings": { + "Channel": "${channelArn}" + } + } + ], + "IVS.ListStreamSessions": [ + { + "action": "ivs:ListStreamSessions", + "resource_mappings": {}, + "resourcearn_mappings": { + "Channel": "${channelArn}" + } + } + ], + "Braket.CancelJob": [ + { + "action": "braket:CancelJob", + "resource_mappings": {}, + "resourcearn_mappings": { + "job": "${jobArn}" + } + } + ], + "Braket.CreateJob": [ + { + "action": "braket:CreateJob", + "resource_mappings": {} + } + ], + "Braket.GetJob": [ + { + "action": "braket:GetJob", + "resource_mappings": {}, + "resourcearn_mappings": { + "job": "${jobArn}" + } + } + ], + "Braket.SearchJobs": [ + { + "action": "braket:SearchJobs", + "resource_mappings": {} + } + ], + "TimestreamQuery.CreateScheduledQuery": [ + { + "action": "timestream:CreateScheduledQuery", + "resource_mappings": {} + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${ScheduledQueryExecutionRoleArn}" + } + } + ], + "TimestreamQuery.DeleteScheduledQuery": [ + { + "action": "timestream:DeleteScheduledQuery", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduled-query": "${ScheduledQueryArn}" + } + } + ], + "TimestreamQuery.DescribeScheduledQuery": [ + { + "action": "timestream:DescribeScheduledQuery", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduled-query": "${ScheduledQueryArn}" + } + } + ], + "TimestreamQuery.ExecuteScheduledQuery": [ + { + "action": "timestream:ExecuteScheduledQuery", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduled-query": "${ScheduledQueryArn}" + } + } + ], + "TimestreamQuery.ListScheduledQueries": [ + { + "action": "timestream:ListScheduledQueries", + "resource_mappings": {} + } + ], + "TimestreamQuery.ListTagsForResource": [ + { + "action": "timestream:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "database": "%%iftemplatematch%${ResourceARN}%%", + "scheduled-query": "%%iftemplatematch%${ResourceARN}%%", + "table": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "TimestreamQuery.TagResource": [ + { + "action": "timestream:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "database": "%%iftemplatematch%${ResourceARN}%%", + "scheduled-query": "%%iftemplatematch%${ResourceARN}%%", + "table": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "TimestreamQuery.UntagResource": [ + { + "action": "timestream:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "database": "%%iftemplatematch%${ResourceARN}%%", + "scheduled-query": "%%iftemplatematch%${ResourceARN}%%", + "table": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "TimestreamQuery.UpdateScheduledQuery": [ + { + "action": "timestream:UpdateScheduledQuery", + "resource_mappings": {}, + "resourcearn_mappings": { + "scheduled-query": "${ScheduledQueryArn}" + } + } + ], + "DataBrew.CreateRuleset": [ + { + "action": "databrew:CreateRuleset", + "resource_mappings": {} + } + ], + "DataBrew.DeleteRuleset": [ + { + "action": "databrew:DeleteRuleset", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "DataBrew.DescribeRuleset": [ + { + "action": "databrew:DescribeRuleset", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "DataBrew.ListRulesets": [ + { + "action": "databrew:ListRulesets", + "resource_mappings": {} + } + ], + "DataBrew.UpdateRuleset": [ + { + "action": "databrew:UpdateRuleset", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "DevOpsGuru.DescribeOrganizationHealth": [ + { + "action": "devops-guru:DescribeOrganizationHealth", + "resource_mappings": {} + } + ], + "DevOpsGuru.DescribeOrganizationOverview": [ + { + "action": "devops-guru:DescribeOrganizationOverview", + "resource_mappings": {} + } + ], + "DevOpsGuru.DescribeOrganizationResourceCollectionHealth": [ + { + "action": "devops-guru:DescribeOrganizationResourceCollectionHealth", + "resource_mappings": {} + } + ], + "DevOpsGuru.ListOrganizationInsights": [ + { + "action": "devops-guru:ListOrganizationInsights", + "resource_mappings": {} + } + ], + "DevOpsGuru.SearchOrganizationInsights": [ + { + "action": "devops-guru:SearchOrganizationInsights", + "resource_mappings": {} + } + ], + "CustomerProfiles.GetAutoMergingPreview": [ + { + "action": "profile:GetAutoMergingPreview", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "CustomerProfiles.GetIdentityResolutionJob": [ + { + "action": "profile:GetIdentityResolutionJob", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "CustomerProfiles.ListIdentityResolutionJobs": [ + { + "action": "profile:ListIdentityResolutionJobs", + "resource_mappings": { + "DomainName": { + "template": "${DomainName}" + } + } + } + ], + "AuditManager.GetInsights": [ + { + "action": "auditmanager:GetInsights", + "resource_mappings": {} + } + ], + "AuditManager.GetInsightsByAssessment": [ + { + "action": "auditmanager:GetInsightsByAssessment", + "resource_mappings": {} + } + ], + "AuditManager.ListAssessmentControlInsightsByControlDomain": [ + { + "action": "auditmanager:ListAssessmentControlInsightsByControlDomain", + "resource_mappings": {} + } + ], + "AuditManager.ListControlDomainInsights": [ + { + "action": "auditmanager:ListControlDomainInsights", + "resource_mappings": {} + } + ], + "AuditManager.ListControlDomainInsightsByAssessment": [ + { + "action": "auditmanager:ListControlDomainInsightsByAssessment", + "resource_mappings": {} + } + ], + "AuditManager.ListControlInsightsByControlDomain": [ + { + "action": "auditmanager:ListControlInsightsByControlDomain", + "resource_mappings": {} + } + ], + "WellArchitected.CreateLensShare": [ + { + "action": "wellarchitected:CreateLensShare", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.CreateLensVersion": [ + { + "action": "wellarchitected:CreateLensVersion", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.DeleteLens": [ + { + "action": "wellarchitected:DeleteLens", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.DeleteLensShare": [ + { + "action": "wellarchitected:DeleteLensShare", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.ExportLens": [ + { + "action": "wellarchitected:ExportLens", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.GetLens": [ + { + "action": "wellarchitected:GetLens", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "WellArchitected.ImportLens": [ + { + "action": "wellarchitected:ImportLens", + "resource_mappings": {} + } + ], + "WellArchitected.ListLensShares": [ + { + "action": "wellarchitected:ListLensShares", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "LexModelsV2.DescribeBotRecommendation": [ + { + "action": "lex:DescribeBotRecommendation", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.ListAggregatedUtterances": [ + { + "action": "lex:ListAggregatedUtterances", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.ListBotRecommendations": [ + { + "action": "lex:ListBotRecommendations", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.ListRecommendedIntents": [ + { + "action": "lex:ListRecommendedIntents", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.SearchAssociatedTranscripts": [ + { + "action": "lex:SearchAssociatedTranscripts", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.StartBotRecommendation": [ + { + "action": "lex:StartBotRecommendation", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.UpdateBotRecommendation": [ + { + "action": "lex:UpdateBotRecommendation", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "Mgn.DeleteVcenterClient": [ + { + "action": "mgn:DeleteVcenterClient", + "resource_mappings": { + "VcenterClientID": { + "template": "${vcenterClientID}" + } + } + } + ], + "Mgn.DescribeVcenterClients": [ + { + "action": "mgn:DescribeVcenterClients", + "resource_mappings": {} + } + ], + "Mgn.StartReplication": [ + { + "action": "mgn:StartReplication", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Mgn.UpdateSourceServerReplicationType": [ + { + "action": "mgn:UpdateSourceServerReplicationType", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Nimble.StartStreamingSession": [ + { + "action": "nimble:StartStreamingSession", + "resource_mappings": { + "StreamingSessionId": { + "template": "${sessionId}" + } + } + }, + { + "action": "nimble:GetLaunchProfile", + "resource_mappings": { + "LaunchProfileId": { + "template": "*" + } + } + }, + { + "action": "nimble:GetLaunchProfileMember", + "resource_mappings": { + "LaunchProfileId": { + "template": "*" + } + } + } + ], + "Nimble.StopStreamingSession": [ + { + "action": "nimble:StopStreamingSession", + "resource_mappings": { + "StreamingSessionId": { + "template": "${sessionId}" + } + } + }, + { + "action": "nimble:GetLaunchProfile", + "resource_mappings": { + "LaunchProfileId": { + "template": "*" + } + } + } + ], + "Resiliencehub.AddDraftAppVersionResourceMappings": [ + { + "action": "resiliencehub:AddDraftAppVersionResourceMappings", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + }, + { + "action": "cloudformation:DescribeStacks", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "cloudformation:ListStackResources", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "resource-groups:GetGroup", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "resource-groups:ListGroupResources", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:GetApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:ListAssociatedResources", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + } + ], + "Resiliencehub.CreateApp": [ + { + "action": "resiliencehub:CreateApp", + "resource_mappings": {}, + "resourcearn_mappings": { + "resiliency-policy": "${policyArn}" + } + } + ], + "Resiliencehub.CreateRecommendationTemplate": [ + { + "action": "resiliencehub:CreateRecommendationTemplate", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + }, + { + "action": "s3:CreateBucket", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + }, + { + "action": "s3:ListBucket", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + }, + { + "action": "s3:PutObject", + "resource_mappings": { + "BucketName": { + "template": "*" + }, + "ObjectName": { + "template": "*" + } + } + } + ], + "Resiliencehub.CreateResiliencyPolicy": [ + { + "action": "resiliencehub:CreateResiliencyPolicy", + "resource_mappings": {} + } + ], + "Resiliencehub.DeleteApp": [ + { + "action": "resiliencehub:DeleteApp", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.DeleteAppAssessment": [ + { + "action": "resiliencehub:DeleteAppAssessment", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.DeleteRecommendationTemplate": [ + { + "action": "resiliencehub:DeleteRecommendationTemplate", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.DeleteResiliencyPolicy": [ + { + "action": "resiliencehub:DeleteResiliencyPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "resiliency-policy": "${policyArn}" + } + } + ], + "Resiliencehub.DescribeApp": [ + { + "action": "resiliencehub:DescribeApp", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.DescribeAppAssessment": [ + { + "action": "resiliencehub:DescribeAppAssessment", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.DescribeAppVersionResourcesResolutionStatus": [ + { + "action": "resiliencehub:DescribeAppVersionResourcesResolutionStatus", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.DescribeAppVersionTemplate": [ + { + "action": "resiliencehub:DescribeAppVersionTemplate", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.DescribeDraftAppVersionResourcesImportStatus": [ + { + "action": "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.DescribeResiliencyPolicy": [ + { + "action": "resiliencehub:DescribeResiliencyPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "resiliency-policy": "${policyArn}" + } + } + ], + "Resiliencehub.ImportResourcesToDraftAppVersion": [ + { + "action": "resiliencehub:ImportResourcesToDraftAppVersion", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + }, + { + "action": "cloudformation:DescribeStacks", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "cloudformation:ListStackResources", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "resource-groups:GetGroup", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "resource-groups:ListGroupResources", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:GetApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:ListAssociatedResources", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListAlarmRecommendations": [ + { + "action": "resiliencehub:ListAlarmRecommendations", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListAppAssessments": [ + { + "action": "resiliencehub:ListAppAssessments", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.ListAppComponentCompliances": [ + { + "action": "resiliencehub:ListAppComponentCompliances", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListAppComponentRecommendations": [ + { + "action": "resiliencehub:ListAppComponentRecommendations", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListAppVersionResourceMappings": [ + { + "action": "resiliencehub:ListAppVersionResourceMappings", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.ListAppVersionResources": [ + { + "action": "resiliencehub:ListAppVersionResources", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.ListAppVersions": [ + { + "action": "resiliencehub:ListAppVersions", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.ListApps": [ + { + "action": "resiliencehub:ListApps", + "resource_mappings": {} + } + ], + "Resiliencehub.ListRecommendationTemplates": [ + { + "action": "resiliencehub:ListRecommendationTemplates", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListResiliencyPolicies": [ + { + "action": "resiliencehub:ListResiliencyPolicies", + "resource_mappings": {} + } + ], + "Resiliencehub.ListSopRecommendations": [ + { + "action": "resiliencehub:ListSopRecommendations", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListSuggestedResiliencyPolicies": [ + { + "action": "resiliencehub:ListSuggestedResiliencyPolicies", + "resource_mappings": {} + } + ], + "Resiliencehub.ListTagsForResource": [ + { + "action": "resiliencehub:ListTagsForResource", + "resource_mappings": {} + } + ], + "Resiliencehub.ListTestRecommendations": [ + { + "action": "resiliencehub:ListTestRecommendations", + "resource_mappings": { + "AppID": { + "template": "*" + } + } + } + ], + "Resiliencehub.ListUnsupportedAppVersionResources": [ + { + "action": "resiliencehub:ListUnsupportedAppVersionResources", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.PublishAppVersion": [ + { + "action": "resiliencehub:PublishAppVersion", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.PutDraftAppVersionTemplate": [ + { + "action": "resiliencehub:PutDraftAppVersionTemplate", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.RemoveDraftAppVersionResourceMappings": [ + { + "action": "resiliencehub:RemoveDraftAppVersionResourceMappings", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.ResolveAppVersionResources": [ + { + "action": "resiliencehub:ResolveAppVersionResources", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + }, + { + "action": "cloudformation:DescribeStacks", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "cloudformation:ListStackResources", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "resource-groups:GetGroup", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "resource-groups:ListGroupResources", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:GetApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:ListAssociatedResources", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + } + ], + "Resiliencehub.StartAppAssessment": [ + { + "action": "resiliencehub:StartAppAssessment", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + }, + { + "action": "cloudformation:DescribeStacks", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "cloudformation:ListStackResources", + "resource_mappings": { + "StackName": { + "template": "*" + }, + "Id": { + "template": "*" + } + } + }, + { + "action": "cloudwatch:DescribeAlarms", + "resource_mappings": { + "AlarmName": { + "template": "*" + } + } + }, + { + "action": "cloudwatch:GetMetricData", + "resource_mappings": {} + }, + { + "action": "cloudwatch:GetMetricStatistics", + "resource_mappings": {} + }, + { + "action": "cloudwatch:PutMetricData", + "resource_mappings": {} + }, + { + "action": "fis:GetExperimentTemplate", + "resource_mappings": { + "Id": { + "template": "*" + } + } + }, + { + "action": "fis:ListExperimentTemplates", + "resource_mappings": {} + }, + { + "action": "fis:ListExperiments", + "resource_mappings": {} + }, + { + "action": "resource-groups:GetGroup", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "resource-groups:ListGroupResources", + "resource_mappings": { + "GroupName": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:GetApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "servicecatalog:ListAssociatedResources", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "ssm:GetParametersByPath", + "resource_mappings": { + "ParameterNameWithoutLeadingSlash": { + "template": "*" + } + } + } + ], + "Resiliencehub.TagResource": [ + { + "action": "resiliencehub:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "app-assessment": "%%iftemplatematch%${resourceArn}%%", + "application": "%%iftemplatematch%${resourceArn}%%", + "recommendation-template": "%%iftemplatematch%${resourceArn}%%", + "resiliency-policy": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Resiliencehub.UntagResource": [ + { + "action": "resiliencehub:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "app-assessment": "%%iftemplatematch%${resourceArn}%%", + "application": "%%iftemplatematch%${resourceArn}%%", + "recommendation-template": "%%iftemplatematch%${resourceArn}%%", + "resiliency-policy": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Resiliencehub.UpdateApp": [ + { + "action": "resiliencehub:UpdateApp", + "resource_mappings": {}, + "resourcearn_mappings": { + "application": "${appArn}" + } + } + ], + "Resiliencehub.UpdateResiliencyPolicy": [ + { + "action": "resiliencehub:UpdateResiliencyPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "resiliency-policy": "${policyArn}" + } + } + ], + "MigrationHubStrategy.GetApplicationComponentDetails": [ + { + "action": "migrationhub-strategy:GetApplicationComponentDetails", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetApplicationComponentStrategies": [ + { + "action": "migrationhub-strategy:GetApplicationComponentStrategies", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetAssessment": [ + { + "action": "migrationhub-strategy:GetAssessment", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetImportFileTask": [ + { + "action": "migrationhub-strategy:GetImportFileTask", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetPortfolioPreferences": [ + { + "action": "migrationhub-strategy:GetPortfolioPreferences", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetPortfolioSummary": [ + { + "action": "migrationhub-strategy:GetPortfolioSummary", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetRecommendationReportDetails": [ + { + "action": "migrationhub-strategy:GetRecommendationReportDetails", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetServerDetails": [ + { + "action": "migrationhub-strategy:GetServerDetails", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.GetServerStrategies": [ + { + "action": "migrationhub-strategy:GetServerStrategies", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.ListApplicationComponents": [ + { + "action": "migrationhub-strategy:ListApplicationComponents", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.ListCollectors": [ + { + "action": "migrationhub-strategy:ListCollectors", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.ListImportFileTask": [ + { + "action": "migrationhub-strategy:ListImportFileTask", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.ListServers": [ + { + "action": "migrationhub-strategy:ListServers", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.PutPortfolioPreferences": [ + { + "action": "migrationhub-strategy:PutPortfolioPreferences", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.StartAssessment": [ + { + "action": "migrationhub-strategy:StartAssessment", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.StartImportFileTask": [ + { + "action": "migrationhub-strategy:StartImportFileTask", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.StartRecommendationReportGeneration": [ + { + "action": "migrationhub-strategy:StartRecommendationReportGeneration", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.StopAssessment": [ + { + "action": "migrationhub-strategy:StopAssessment", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.UpdateApplicationComponentConfig": [ + { + "action": "migrationhub-strategy:UpdateApplicationComponentConfig", + "resource_mappings": {} + } + ], + "MigrationHubStrategy.UpdateServerConfig": [ + { + "action": "migrationhub-strategy:UpdateServerConfig", + "resource_mappings": {} + } + ], + "Drs.CreateReplicationConfigurationTemplate": [ + { + "action": "drs:CreateReplicationConfigurationTemplate", + "resource_mappings": {} + } + ], + "Drs.DeleteJob": [ + { + "action": "drs:DeleteJob", + "resource_mappings": { + "JobID": { + "template": "${jobID}" + } + } + } + ], + "Drs.DeleteRecoveryInstance": [ + { + "action": "drs:DeleteRecoveryInstance", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceID}" + } + } + } + ], + "Drs.DeleteReplicationConfigurationTemplate": [ + { + "action": "drs:DeleteReplicationConfigurationTemplate", + "resource_mappings": { + "ReplicationConfigurationTemplateID": { + "template": "${replicationConfigurationTemplateID}" + } + } + } + ], + "Drs.DeleteSourceServer": [ + { + "action": "drs:DeleteSourceServer", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.DescribeJobLogItems": [ + { + "action": "drs:DescribeJobLogItems", + "resource_mappings": { + "JobID": { + "template": "${jobID}" + } + } + } + ], + "Drs.DescribeJobs": [ + { + "action": "drs:DescribeJobs", + "resource_mappings": {} + } + ], + "Drs.DescribeRecoveryInstances": [ + { + "action": "drs:DescribeRecoveryInstances", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + } + ], + "Drs.DescribeRecoverySnapshots": [ + { + "action": "drs:DescribeRecoverySnapshots", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.DescribeReplicationConfigurationTemplates": [ + { + "action": "drs:DescribeReplicationConfigurationTemplates", + "resource_mappings": {} + } + ], + "Drs.DescribeSourceServers": [ + { + "action": "drs:DescribeSourceServers", + "resource_mappings": {} + } + ], + "Drs.DisconnectRecoveryInstance": [ + { + "action": "drs:DisconnectRecoveryInstance", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceID}" + } + } + } + ], + "Drs.DisconnectSourceServer": [ + { + "action": "drs:DisconnectSourceServer", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.GetFailbackReplicationConfiguration": [ + { + "action": "drs:GetFailbackReplicationConfiguration", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceID}" + } + } + } + ], + "Drs.GetLaunchConfiguration": [ + { + "action": "drs:GetLaunchConfiguration", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.GetReplicationConfiguration": [ + { + "action": "drs:GetReplicationConfiguration", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.InitializeService": [ + { + "action": "drs:InitializeService", + "resource_mappings": {} + }, + { + "action": "iam:AddRoleToInstanceProfile", + "resource_mappings": { + "InstanceProfileNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:CreateInstanceProfile", + "resource_mappings": { + "InstanceProfileNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:GetInstanceProfile", + "resource_mappings": { + "InstanceProfileNameWithPath": { + "template": "*" + } + } + } + ], + "Drs.ListTagsForResource": [ + { + "action": "drs:ListTagsForResource", + "resource_mappings": {} + } + ], + "Drs.RetryDataReplication": [ + { + "action": "drs:RetryDataReplication", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.StartFailbackLaunch": [ + { + "action": "drs:StartFailbackLaunch", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceIDs[]}" + } + } + } + ], + "Drs.StartRecovery": [ + { + "action": "drs:StartRecovery", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServers[].sourceServerID}" + } + } + }, + { + "action": "drs:CreateRecoveryInstanceForDrs", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServers[].sourceServerID}" + } + } + }, + { + "action": "drs:ListTagsForResource", + "resource_mappings": {} + }, + { + "action": "ec2:AttachVolume", + "resource_mappings": { + "InstanceId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:AuthorizeSecurityGroupEgress", + "resource_mappings": { + "SecurityGroupId": { + "template": "*" + } + } + }, + { + "action": "ec2:AuthorizeSecurityGroupIngress", + "resource_mappings": { + "SecurityGroupId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateLaunchTemplate", + "resource_mappings": { + "LaunchTemplateId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateLaunchTemplateVersion", + "resource_mappings": { + "LaunchTemplateId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateSnapshot", + "resource_mappings": { + "SnapshotId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateVolume", + "resource_mappings": { + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:DeleteLaunchTemplateVersions", + "resource_mappings": { + "LaunchTemplateId": { + "template": "*" + } + } + }, + { + "action": "ec2:DeleteSnapshot", + "resource_mappings": { + "SnapshotId": { + "template": "*" + } + } + }, + { + "action": "ec2:DeleteVolume", + "resource_mappings": { + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:DescribeAccountAttributes", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeAvailabilityZones", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeImages", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstanceAttribute", + "resource_mappings": { + "InstanceId": { + "template": "*" + } + } + }, + { + "action": "ec2:DescribeInstanceStatus", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstanceTypes", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeLaunchTemplateVersions", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeLaunchTemplates", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeSecurityGroups", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeSnapshots", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeSubnets", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeVolumes", + "resource_mappings": {} + }, + { + "action": "ec2:DetachVolume", + "resource_mappings": { + "VolumeId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + } + } + }, + { + "action": "ec2:ModifyInstanceAttribute", + "resource_mappings": { + "InstanceId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:ModifyLaunchTemplate", + "resource_mappings": { + "LaunchTemplateId": { + "template": "*" + } + } + }, + { + "action": "ec2:RevokeSecurityGroupEgress", + "resource_mappings": { + "SecurityGroupId": { + "template": "*" + } + } + }, + { + "action": "ec2:RunInstances", + "resource_mappings": { + "ImageId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "CapacityReservationId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "ElasticInferenceAcceleratorId": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + } + } + }, + { + "action": "ec2:StartInstances", + "resource_mappings": { + "InstanceId": { + "template": "*" + } + } + }, + { + "action": "ec2:StopInstances", + "resource_mappings": { + "InstanceId": { + "template": "*" + } + } + }, + { + "action": "ec2:TerminateInstances", + "resource_mappings": { + "InstanceId": { + "template": "*" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "Drs.StopFailback": [ + { + "action": "drs:StopFailback", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceID}" + } + } + } + ], + "Drs.TagResource": [ + { + "action": "drs:TagResource", + "resource_mappings": {} + } + ], + "Drs.TerminateRecoveryInstances": [ + { + "action": "drs:TerminateRecoveryInstances", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceIDs[]}" + } + } + }, + { + "action": "ec2:DeleteVolume", + "resource_mappings": { + "VolumeId": { + "template": "*" + } + } + }, + { + "action": "ec2:DescribeInstances", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeVolumes", + "resource_mappings": {} + }, + { + "action": "ec2:TerminateInstances", + "resource_mappings": { + "InstanceId": { + "template": "*" + } + } + } + ], + "Drs.UntagResource": [ + { + "action": "drs:UntagResource", + "resource_mappings": {} + } + ], + "Drs.UpdateFailbackReplicationConfiguration": [ + { + "action": "drs:UpdateFailbackReplicationConfiguration", + "resource_mappings": { + "RecoveryInstanceID": { + "template": "${recoveryInstanceID}" + } + } + } + ], + "Drs.UpdateLaunchConfiguration": [ + { + "action": "drs:UpdateLaunchConfiguration", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.UpdateReplicationConfiguration": [ + { + "action": "drs:UpdateReplicationConfiguration", + "resource_mappings": { + "SourceServerID": { + "template": "${sourceServerID}" + } + } + } + ], + "Drs.UpdateReplicationConfigurationTemplate": [ + { + "action": "drs:UpdateReplicationConfigurationTemplate", + "resource_mappings": { + "ReplicationConfigurationTemplateID": { + "template": "${replicationConfigurationTemplateID}" + } + } + } + ], + "Evidently.CreateExperiment": [ + { + "action": "evidently:CreateExperiment", + "resource_mappings": {} + } + ], + "Evidently.CreateFeature": [ + { + "action": "evidently:CreateFeature", + "resource_mappings": {} + } + ], + "Evidently.CreateLaunch": [ + { + "action": "evidently:CreateLaunch", + "resource_mappings": {} + } + ], + "Evidently.CreateProject": [ + { + "action": "evidently:CreateProject", + "resource_mappings": {} + } + ], + "Evidently.DeleteExperiment": [ + { + "action": "evidently:DeleteExperiment", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.DeleteFeature": [ + { + "action": "evidently:DeleteFeature", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "FeatureName": { + "template": "${feature}" + } + } + } + ], + "Evidently.DeleteLaunch": [ + { + "action": "evidently:DeleteLaunch", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "LaunchName": { + "template": "${launch}" + } + } + } + ], + "Evidently.DeleteProject": [ + { + "action": "evidently:DeleteProject", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + } + } + } + ], + "Evidently.GetExperiment": [ + { + "action": "evidently:GetExperiment", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.GetExperimentResults": [ + { + "action": "evidently:GetExperimentResults", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.GetFeature": [ + { + "action": "evidently:GetFeature", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "FeatureName": { + "template": "${feature}" + } + } + } + ], + "Evidently.GetLaunch": [ + { + "action": "evidently:GetLaunch", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "LaunchName": { + "template": "${launch}" + } + } + } + ], + "Evidently.GetProject": [ + { + "action": "evidently:GetProject", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + } + } + } + ], + "Evidently.ListExperiments": [ + { + "action": "evidently:ListExperiments", + "resource_mappings": {} + } + ], + "Evidently.ListFeatures": [ + { + "action": "evidently:ListFeatures", + "resource_mappings": {} + } + ], + "Evidently.ListLaunches": [ + { + "action": "evidently:ListLaunches", + "resource_mappings": {} + } + ], + "Evidently.ListProjects": [ + { + "action": "evidently:ListProjects", + "resource_mappings": {} + } + ], + "Evidently.StartExperiment": [ + { + "action": "evidently:StartExperiment", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.StartLaunch": [ + { + "action": "evidently:StartLaunch", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "LaunchName": { + "template": "${launch}" + } + } + } + ], + "Evidently.StopExperiment": [ + { + "action": "evidently:StopExperiment", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.StopLaunch": [ + { + "action": "evidently:StopLaunch", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "LaunchName": { + "template": "${launch}" + } + } + } + ], + "Evidently.UpdateExperiment": [ + { + "action": "evidently:UpdateExperiment", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "ExperimentName": { + "template": "${experiment}" + } + } + } + ], + "Evidently.UpdateFeature": [ + { + "action": "evidently:UpdateFeature", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "FeatureName": { + "template": "${feature}" + } + } + } + ], + "Evidently.UpdateLaunch": [ + { + "action": "evidently:UpdateLaunch", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + }, + "LaunchName": { + "template": "${launch}" + } + } + } + ], + "Evidently.UpdateProject": [ + { + "action": "evidently:UpdateProject", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + } + } + } + ], + "Evidently.UpdateProjectDataDelivery": [ + { + "action": "evidently:UpdateProjectDataDelivery", + "resource_mappings": { + "OwnerAccountId": { + "template": "${Account}" + }, + "ProjectName": { + "template": "${project}" + } + } + } + ], + "Inspector2.AssociateMember": [ + { + "action": "inspector2:AssociateMember", + "resource_mappings": {} + } + ], + "Inspector2.BatchGetAccountStatus": [ + { + "action": "inspector2:BatchGetAccountStatus", + "resource_mappings": {} + } + ], + "Inspector2.BatchGetFreeTrialInfo": [ + { + "action": "inspector2:BatchGetFreeTrialInfo", + "resource_mappings": {} + } + ], + "Inspector2.CancelFindingsReport": [ + { + "action": "inspector2:CancelFindingsReport", + "resource_mappings": {} + } + ], + "Inspector2.CreateFilter": [ + { + "action": "inspector2:CreateFilter", + "resource_mappings": { + "OwnerId": { + "template": "*" + }, + "FilterId": { + "template": "*" + } + } + } + ], + "Inspector2.CreateFindingsReport": [ + { + "action": "inspector2:CreateFindingsReport", + "resource_mappings": {} + } + ], + "Inspector2.DeleteFilter": [ + { + "action": "inspector2:DeleteFilter", + "resource_mappings": {}, + "resourcearn_mappings": { + "Filter": "${arn}" + } + } + ], + "Inspector2.DescribeOrganizationConfiguration": [ + { + "action": "inspector2:DescribeOrganizationConfiguration", + "resource_mappings": {} + } + ], + "Inspector2.Disable": [ + { + "action": "inspector2:Disable", + "resource_mappings": {} + } + ], + "Inspector2.DisableDelegatedAdminAccount": [ + { + "action": "inspector2:DisableDelegatedAdminAccount", + "resource_mappings": {} + } + ], + "Inspector2.DisassociateMember": [ + { + "action": "inspector2:DisassociateMember", + "resource_mappings": {} + } + ], + "Inspector2.Enable": [ + { + "action": "inspector2:Enable", + "resource_mappings": {} + } + ], + "Inspector2.EnableDelegatedAdminAccount": [ + { + "action": "inspector2:EnableDelegatedAdminAccount", + "resource_mappings": {} + } + ], + "Inspector2.GetDelegatedAdminAccount": [ + { + "action": "inspector2:GetDelegatedAdminAccount", + "resource_mappings": {} + } + ], + "Inspector2.GetFindingsReportStatus": [ + { + "action": "inspector2:GetFindingsReportStatus", + "resource_mappings": {} + } + ], + "Inspector2.GetMember": [ + { + "action": "inspector2:GetMember", + "resource_mappings": {} + } + ], + "Inspector2.ListAccountPermissions": [ + { + "action": "inspector2:ListAccountPermissions", + "resource_mappings": {} + } + ], + "Inspector2.ListCoverage": [ + { + "action": "inspector2:ListCoverage", + "resource_mappings": {} + } + ], + "Inspector2.ListCoverageStatistics": [ + { + "action": "inspector2:ListCoverageStatistics", + "resource_mappings": {} + } + ], + "Inspector2.ListDelegatedAdminAccounts": [ + { + "action": "inspector2:ListDelegatedAdminAccounts", + "resource_mappings": {} + } + ], + "Inspector2.ListFilters": [ + { + "action": "inspector2:ListFilters", + "resource_mappings": {} + } + ], + "Inspector2.ListFindingAggregations": [ + { + "action": "inspector2:ListFindingAggregations", + "resource_mappings": {} + } + ], + "Inspector2.ListFindings": [ + { + "action": "inspector2:ListFindings", + "resource_mappings": {} + } + ], + "Inspector2.ListMembers": [ + { + "action": "inspector2:ListMembers", + "resource_mappings": {} + } + ], + "Inspector2.ListTagsForResource": [ + { + "action": "inspector2:ListTagsForResource", + "resource_mappings": {} + } + ], + "Inspector2.ListUsageTotals": [ + { + "action": "inspector2:ListUsageTotals", + "resource_mappings": {} + } + ], + "Inspector2.TagResource": [ + { + "action": "inspector2:TagResource", + "resource_mappings": {} + } + ], + "Inspector2.UntagResource": [ + { + "action": "inspector2:UntagResource", + "resource_mappings": {} + } + ], + "Inspector2.UpdateFilter": [ + { + "action": "inspector2:UpdateFilter", + "resource_mappings": { + "OwnerId": { + "template": "*" + }, + "FilterId": { + "template": "*" + } + } + } + ], + "Inspector2.UpdateOrganizationConfiguration": [ + { + "action": "inspector2:UpdateOrganizationConfiguration", + "resource_mappings": {} + } + ], + "Rbin.CreateRule": [ + { + "action": "rbin:CreateRule", + "resource_mappings": { + "ResourceName": { + "template": "*" + } + } + } + ], + "Rbin.DeleteRule": [ + { + "action": "rbin:DeleteRule", + "resource_mappings": { + "ResourceName": { + "template": "${Identifier}" + } + } + } + ], + "Rbin.GetRule": [ + { + "action": "rbin:GetRule", + "resource_mappings": { + "ResourceName": { + "template": "${Identifier}" + } + } + } + ], + "Rbin.ListRules": [ + { + "action": "rbin:ListRules", + "resource_mappings": {} + } + ], + "Rbin.ListTagsForResource": [ + { + "action": "rbin:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "rule": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Rbin.TagResource": [ + { + "action": "rbin:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "rule": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Rbin.UntagResource": [ + { + "action": "rbin:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "rule": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Rbin.UpdateRule": [ + { + "action": "rbin:UpdateRule", + "resource_mappings": { + "ResourceName": { + "template": "${Identifier}" + } + } + } + ], + "RUM.CreateAppMonitor": [ + { + "action": "rum:CreateAppMonitor", + "resource_mappings": { + "Name": { + "template": "${Name}" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:GetRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "RUM.DeleteAppMonitor": [ + { + "action": "rum:DeleteAppMonitor", + "resource_mappings": { + "Name": { + "template": "${Name}" + } + } + } + ], + "RUM.GetAppMonitor": [ + { + "action": "rum:GetAppMonitor", + "resource_mappings": { + "Name": { + "template": "${Name}" + } + } + } + ], + "RUM.GetAppMonitorData": [ + { + "action": "rum:GetAppMonitorData", + "resource_mappings": { + "Name": { + "template": "${Name}" + } + } + } + ], + "RUM.ListAppMonitors": [ + { + "action": "rum:ListAppMonitors", + "resource_mappings": {} + } + ], + "RUM.ListTagsForResource": [ + { + "action": "rum:ListTagsForResource", + "resource_mappings": {} + } + ], + "RUM.PutRumEvents": [ + { + "action": "rum:PutRumEvents", + "resource_mappings": {} + } + ], + "RUM.TagResource": [ + { + "action": "rum:TagResource", + "resource_mappings": {} + } + ], + "RUM.UntagResource": [ + { + "action": "rum:UntagResource", + "resource_mappings": {} + } + ], + "RUM.UpdateAppMonitor": [ + { + "action": "rum:UpdateAppMonitor", + "resource_mappings": { + "Name": { + "template": "${Name}" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:GetRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "IoTTwinMaker.CreateComponentType": [ + { + "action": "iottwinmaker:CreateComponentType", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.CreateEntity": [ + { + "action": "iottwinmaker:CreateEntity", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.CreateScene": [ + { + "action": "iottwinmaker:CreateScene", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.CreateWorkspace": [ + { + "action": "iottwinmaker:CreateWorkspace", + "resource_mappings": {} + } + ], + "IoTTwinMaker.DeleteComponentType": [ + { + "action": "iottwinmaker:DeleteComponentType", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "ComponentTypeId": { + "template": "${componentTypeId}" + } + } + } + ], + "IoTTwinMaker.DeleteEntity": [ + { + "action": "iottwinmaker:DeleteEntity", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "EntityId": { + "template": "${entityId}" + } + } + } + ], + "IoTTwinMaker.DeleteScene": [ + { + "action": "iottwinmaker:DeleteScene", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "SceneId": { + "template": "${sceneId}" + } + } + } + ], + "IoTTwinMaker.DeleteWorkspace": [ + { + "action": "iottwinmaker:DeleteWorkspace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.GetComponentType": [ + { + "action": "iottwinmaker:GetComponentType", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "ComponentTypeId": { + "template": "${componentTypeId}" + } + } + } + ], + "IoTTwinMaker.GetEntity": [ + { + "action": "iottwinmaker:GetEntity", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "EntityId": { + "template": "${entityId}" + } + } + } + ], + "IoTTwinMaker.GetPropertyValue": [ + { + "action": "iottwinmaker:GetPropertyValue", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "ComponentTypeId": { + "template": "${componentTypeId}" + }, + "EntityId": { + "template": "${entityId}" + } + } + }, + { + "action": "iottwinmaker:GetComponentType", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "ComponentTypeId": { + "template": "${componentTypeId}" + } + } + }, + { + "action": "iottwinmaker:GetEntity", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "EntityId": { + "template": "${entityId}" + } + } + }, + { + "action": "iottwinmaker:GetWorkspace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.GetScene": [ + { + "action": "iottwinmaker:GetScene", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "SceneId": { + "template": "${sceneId}" + } + } + } + ], + "IoTTwinMaker.GetWorkspace": [ + { + "action": "iottwinmaker:GetWorkspace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.ListComponentTypes": [ + { + "action": "iottwinmaker:ListComponentTypes", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.ListEntities": [ + { + "action": "iottwinmaker:ListEntities", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.ListScenes": [ + { + "action": "iottwinmaker:ListScenes", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "IoTTwinMaker.ListTagsForResource": [ + { + "action": "iottwinmaker:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "componentType": "%%iftemplatematch%${resourceARN}%%", + "entity": "%%iftemplatematch%${resourceARN}%%", + "scene": "%%iftemplatematch%${resourceARN}%%", + "workspace": "%%iftemplatematch%${resourceARN}%%" + } + } + ], + "IoTTwinMaker.ListWorkspaces": [ + { + "action": "iottwinmaker:ListWorkspaces", + "resource_mappings": {} + } + ], + "IoTTwinMaker.TagResource": [ + { + "action": "iottwinmaker:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "componentType": "%%iftemplatematch%${resourceARN}%%", + "entity": "%%iftemplatematch%${resourceARN}%%", + "scene": "%%iftemplatematch%${resourceARN}%%", + "workspace": "%%iftemplatematch%${resourceARN}%%" + } + } + ], + "IoTTwinMaker.UntagResource": [ + { + "action": "iottwinmaker:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "componentType": "%%iftemplatematch%${resourceARN}%%", + "entity": "%%iftemplatematch%${resourceARN}%%", + "scene": "%%iftemplatematch%${resourceARN}%%", + "workspace": "%%iftemplatematch%${resourceARN}%%" + } + } + ], + "IoTTwinMaker.UpdateComponentType": [ + { + "action": "iottwinmaker:UpdateComponentType", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "ComponentTypeId": { + "template": "${componentTypeId}" + } + } + } + ], + "IoTTwinMaker.UpdateEntity": [ + { + "action": "iottwinmaker:UpdateEntity", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "EntityId": { + "template": "${entityId}" + } + } + } + ], + "IoTTwinMaker.UpdateScene": [ + { + "action": "iottwinmaker:UpdateScene", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + }, + "SceneId": { + "template": "${sceneId}" + } + } + } + ], + "IoTTwinMaker.UpdateWorkspace": [ + { + "action": "iottwinmaker:UpdateWorkspace", + "resource_mappings": { + "WorkspaceId": { + "template": "${workspaceId}" + } + } + } + ], + "AmplifyUIBuilder.DeleteComponent": [ + { + "action": "amplifyuibuilder:DeleteComponent", + "resource_mappings": { + "AppId": { + "template": "${appId}" + }, + "EnvironmentName": { + "template": "${environmentName}" + }, + "Id": { + "template": "${id}" + } + } + } + ], + "AmplifyUIBuilder.DeleteTheme": [ + { + "action": "amplifyuibuilder:DeleteTheme", + "resource_mappings": { + "AppId": { + "template": "${appId}" + }, + "EnvironmentName": { + "template": "${environmentName}" + }, + "Id": { + "template": "${id}" + } + } + } + ], + "AmplifyUIBuilder.ExchangeCodeForToken": [ + { + "action": "amplifyuibuilder:ExchangeCodeForToken", + "resource_mappings": {} + } + ], + "AmplifyUIBuilder.ExportComponents": [ + { + "action": "amplifyuibuilder:ExportComponents", + "resource_mappings": {} + } + ], + "AmplifyUIBuilder.ExportThemes": [ + { + "action": "amplifyuibuilder:ExportThemes", + "resource_mappings": {} + } + ], + "AmplifyUIBuilder.GetComponent": [ + { + "action": "amplifyuibuilder:GetComponent", + "resource_mappings": { + "AppId": { + "template": "${appId}" + }, + "EnvironmentName": { + "template": "${environmentName}" + }, + "Id": { + "template": "${id}" + } + } + } + ], + "AmplifyUIBuilder.GetTheme": [ + { + "action": "amplifyuibuilder:GetTheme", + "resource_mappings": { + "AppId": { + "template": "${appId}" + }, + "EnvironmentName": { + "template": "${environmentName}" + }, + "Id": { + "template": "${id}" + } + } + } + ], + "AmplifyUIBuilder.ListComponents": [ + { + "action": "amplifyuibuilder:ListComponents", + "resource_mappings": {} + } + ], + "AmplifyUIBuilder.ListThemes": [ + { + "action": "amplifyuibuilder:ListThemes", + "resource_mappings": {} + } + ], + "AmplifyUIBuilder.RefreshToken": [ + { + "action": "amplifyuibuilder:RefreshToken", + "resource_mappings": {} + } + ], + "CloudFront.DeleteResponseHeadersPolicy": [ + { + "action": "cloudfront:DeleteResponseHeadersPolicy", + "undocumented": true + } + ], + "CloudFront.GetResponseHeadersPolicy": [ + { + "action": "cloudfront:GetResponseHeadersPolicy", + "undocumented": true + } + ], + "CloudFront.GetResponseHeadersPolicyConfig": [ + { + "action": "cloudfront:GetResponseHeadersPolicyConfig", + "undocumented": true + } + ], + "CloudFront.ListDistributionsByResponseHeadersPolicyId": [ + { + "action": "cloudfront:ListDistributionsByResponseHeadersPolicyId", + "undocumented": true + } + ], + "CloudFront.ListResponseHeadersPolicies": [ + { + "action": "cloudfront:ListResponseHeadersPolicies", + "undocumented": true + } + ], + "Redshift.DescribeReservedNodeExchangeStatus": [ + { + "action": "redshift:DescribeReservedNodeExchangeStatus", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.GetReservedNodeExchangeConfigurationOptions": [ + { + "action": "redshift:GetReservedNodeExchangeConfigurationOptions", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Connect.UpdateContactFlowModuleContent": [ + { + "action": "connect:UpdateContactFlowModuleContent", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}" + } + } + ], + "Kafka.CreateClusterV2": [ + { + "action": "kafka:CreateClusterV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}" + } + } + ], + "Kafka.DescribeClusterV2": [ + { + "action": "kafka:DescribeClusterV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kafka:${Region}:${Account}:$arn{${ClusterArn}}" + } + } + ], + "Kafka.ListClustersV2": [ + { + "action": "kafka:ListClustersV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kafka:${Region}:${Account}:/api/v2/clusters" + } + } + ], + "Textract.AnalyzeID": [ + { + "action": "textract:AnalyzeID", + "undocumented": true + } + ], + "LakeFormation.CancelTransaction": [ + { + "action": "lakeformation:CancelTransaction", + "undocumented": true + } + ], + "LakeFormation.CommitTransaction": [ + { + "action": "lakeformation:CommitTransaction", + "undocumented": true + } + ], + "LakeFormation.DeleteObjectsOnCancel": [ + { + "action": "lakeformation:DeleteObjectsOnCancel", + "undocumented": true + } + ], + "LakeFormation.DescribeTransaction": [ + { + "action": "lakeformation:DescribeTransaction", + "undocumented": true + } + ], + "LakeFormation.ExtendTransaction": [ + { + "action": "lakeformation:ExtendTransaction", + "undocumented": true + } + ], + "LakeFormation.GetQueryState": [ + { + "action": "lakeformation:GetQueryState", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetQueryState" + } + } + ], + "LakeFormation.GetQueryStatistics": [ + { + "action": "lakeformation:GetQueryStatistics", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetQueryStatistics" + } + } + ], + "LakeFormation.GetTableObjects": [ + { + "action": "lakeformation:GetTableObjects", + "undocumented": true + } + ], + "LakeFormation.GetWorkUnits": [ + { + "action": "lakeformation:GetWorkUnits", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetWorkUnits" + } + } + ], + "LakeFormation.ListDataCellsFilter": [ + { + "action": "lakeformation:ListDataCellsFilter", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lakeformation:${Region}:${Account}:catalog:${Account}" + } + } + ], + "LakeFormation.ListTableStorageOptimizers": [ + { + "action": "lakeformation:ListTableStorageOptimizers", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:glue:${Region}:${Account}:table/${databasename}/${tablename}" + } + } + ], + "LakeFormation.ListTransactions": [ + { + "action": "lakeformation:ListTransactions", + "undocumented": true + } + ], + "LakeFormation.StartTransaction": [ + { + "action": "lakeformation:StartTransaction", + "undocumented": true + } + ], + "LakeFormation.UpdateTableObjects": [ + { + "action": "lakeformation:UpdateTableObjects", + "undocumented": true + } + ], + "Kendra.AssociateEntitiesToExperience": [ + { + "action": "kendra:AssociateEntitiesToExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.AssociatePersonasToEntities": [ + { + "action": "kendra:AssociatePersonasToEntities", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.CreateExperience": [ + { + "action": "kendra:CreateExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.DeleteExperience": [ + { + "action": "kendra:DeleteExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.DescribeExperience": [ + { + "action": "kendra:DescribeExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.DisassociateEntitiesFromExperience": [ + { + "action": "kendra:DisassociateEntitiesFromExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.DisassociatePersonasFromEntities": [ + { + "action": "kendra:DisassociatePersonasFromEntities", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.GetSnapshots": [ + { + "action": "kendra:GetSnapshots", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.ListEntityPersonas": [ + { + "action": "kendra:ListEntityPersonas", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.ListExperienceEntities": [ + { + "action": "kendra:ListExperienceEntities", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.ListExperiences": [ + { + "action": "kendra:ListExperiences", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.UpdateExperience": [ + { + "action": "kendra:UpdateExperience", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Outposts.CancelOrder": [ + { + "action": "outposts:CancelOrder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:/orders/${OrderId}/cancel" + } + } + ], + "Outposts.CreateSite": [ + { + "action": "outposts:CreateSite", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:*" + } + } + ], + "Outposts.GetCatalogItem": [ + { + "action": "outposts:GetCatalogItem", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:/catalog/item/${CatalogItemId}" + } + } + ], + "Outposts.GetOrder": [ + { + "action": "outposts:GetOrder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:/orders/${OrderId}" + } + } + ], + "Outposts.GetSite": [ + { + "action": "outposts:GetSite", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:*" + } + } + ], + "Outposts.GetSiteAddress": [ + { + "action": "outposts:GetSiteAddress", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:*" + } + } + ], + "Outposts.ListCatalogItems": [ + { + "action": "outposts:ListCatalogItems", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:/catalog/items" + } + } + ], + "Outposts.ListOrders": [ + { + "action": "outposts:ListOrders", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:*" + } + } + ], + "Outposts.UpdateSite": [ + { + "action": "outposts:UpdateSite", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:*" + } + } + ], + "Outposts.UpdateSiteRackPhysicalProperties": [ + { + "action": "outposts:UpdateSiteRackPhysicalProperties", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:outposts:${Region}:${Account}:/sites/${SiteId}/rackPhysicalProperties" + } + } + ], + "AmplifyBackend.DeleteBackendStorage": [ + { + "action": "amplifybackend:DeleteBackendStorage", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/storage/${BackendEnvironmentName}/remove/*" + } + } + ], + "AmplifyBackend.GetBackendStorage": [ + { + "action": "amplifybackend:GetBackendStorage", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/storage/${BackendEnvironmentName}/details/*" + } + } + ], + "AmplifyBackend.ImportBackendStorage": [ + { + "action": "amplifybackend:ImportBackendStorage", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/storage/${BackendEnvironmentName}/import/*" + } + } + ], + "AmplifyBackend.ListS3Buckets": [ + { + "action": "amplifybackend:ListS3Buckets", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifybackend:${Region}:${Account}:/s3Buckets" + } + } + ], + "IotDeviceAdvisor.GetEndpoint": [ + { + "action": "iotdeviceadvisor:GetEndpoint", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:*" + } + } + ], + "Finspacedata.DeleteDataset": [ + { + "action": "finspace-api:DeleteDatasetV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasetsv2/${datasetId}" + } + } + ], + "Finspacedata.GetChangeset": [ + { + "action": "finspace-api:GetChangesetV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasets/${datasetId}/changesetsv2/${changesetId}" + } + } + ], + "Finspacedata.GetDataView": [ + { + "action": "finspace-api:GetDataViewV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasets/${datasetId}/dataviewsv2/${dataViewId}" + } + } + ], + "Finspacedata.GetDataset": [ + { + "action": "finspace-api:GetDatasetV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasetsv2/${datasetId}" + } + } + ], + "Finspacedata.ListChangesets": [ + { + "action": "finspace-api:ListChangesetsV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasets/${datasetId}/changesetsv2" + } + } + ], + "Finspacedata.ListDataViews": [ + { + "action": "finspace-api:ListDataViewsV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasets/${datasetId}/dataviewsv2" + } + } + ], + "Finspacedata.ListDatasets": [ + { + "action": "finspace-api:ListDatasetsV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasetsv2" + } + } + ], + "Finspacedata.UpdateDataset": [ + { + "action": "finspace-api:UpdateDatasetV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasetsv2/${datasetId}" + } + } + ], + "Proton.ListEnvironmentOutputs": [ + { + "action": "proton:ListEnvironmentOutputs", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment/${environmentName}" + } + } + ], + "Proton.ListEnvironmentProvisionedResources": [ + { + "action": "proton:ListEnvironmentProvisionedResources", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment/${environmentName}" + } + } + ], + "Proton.ListRepositories": [ + { + "action": "proton:ListRepositories", + "undocumented": true + } + ], + "Proton.ListServiceInstanceOutputs": [ + { + "action": "proton:ListServiceInstanceOutputs", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/service-instance/${serviceInstanceName}" + } + } + ], + "Proton.ListServiceInstanceProvisionedResources": [ + { + "action": "proton:ListServiceInstanceProvisionedResources", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/service-instance/${serviceInstanceName}" + } + } + ], + "Proton.ListServicePipelineOutputs": [ + { + "action": "proton:ListServicePipelineOutputs", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/pipeline" + } + } + ], + "Proton.ListServicePipelineProvisionedResources": [ + { + "action": "proton:ListServicePipelineProvisionedResources", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/pipeline" + } + } + ], + "AppConfigData.StartConfigurationSession": [ + { + "action": "appconfig:StartConfigurationSession", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationIdentifier}/environment/${EnvironmentIdentifier}/configuration/${ConfigurationProfileIdentifier}" + } + } + ], + "Evidently.BatchEvaluateFeature": [ + { + "action": "evidently:BatchEvaluateFeature", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:evidently:${Region}:${Account}:project/${project}" + } + } + ], + "Evidently.EvaluateFeature": [ + { + "action": "evidently:EvaluateFeature", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:evidently:${Region}:${Account}:project/${project}" + } + } + ], + "Evidently.ListTagsForResource": [ + { + "action": "evidently:ListTagsForResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:evidently:${Region}:${Account}:project/${resourceArn}" + } + } + ], + "Evidently.UntagResource": [ + { + "action": "evidently:UntagResource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:evidently:${Region}:${Account}:project/${resourceArn}" + } + } + ], + "Route53RecoveryCluster.GetRoutingControlState": [ + { + "action": "route53-recovery-cluster:GetRoutingControlState", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${RoutingControlArn}" + } + } + ], + "Route53RecoveryCluster.UpdateRoutingControlState": [ + { + "action": "route53-recovery-cluster:UpdateRoutingControlState", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${RoutingControlArn}" + } + } + ], + "Route53RecoveryCluster.UpdateRoutingControlStates": [ + { + "action": "route53-recovery-cluster:UpdateRoutingControlStates", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${UpdateRoutingControlStateEntries[].RoutingControlArn}" + } + } + ], + "Route53RecoveryControlConfig.CreateCluster": [ + { + "action": "route53-recovery-control-config:CreateCluster", + "resource_mappings": { + "ResourceId": { + "template": "${ClusterName}" + } + } + } + ], + "Route53RecoveryControlConfig.CreateControlPanel": [ + { + "action": "route53-recovery-control-config:CreateControlPanel", + "resource_mappings": { + "ControlPanelId": { + "template": "*" + } + } + } + ], + "Route53RecoveryControlConfig.CreateRoutingControl": [ + { + "action": "route53-recovery-control-config:CreateRoutingControl", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${ControlPanelArn}/routingcontrol/*" + } + } + ], + "Route53RecoveryControlConfig.CreateSafetyRule": [ + { + "action": "route53-recovery-control-config:CreateSafetyRule", + "resource_mappings": {}, + "resourcearn_mappings": { + "safetyrule": "${AssertionRule.ControlPanelArn}/safetyrule/*" + } + } + ], + "Route53RecoveryControlConfig.DeleteCluster": [ + { + "action": "route53-recovery-control-config:DeleteCluster", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${ClusterArn}" + } + } + ], + "Route53RecoveryControlConfig.DeleteControlPanel": [ + { + "action": "route53-recovery-control-config:DeleteControlPanel", + "resource_mappings": {}, + "resourcearn_mappings": { + "controlpanel": "${ControlPanelArn}" + } + } + ], + "Route53RecoveryControlConfig.DeleteRoutingControl": [ + { + "action": "route53-recovery-control-config:DeleteRoutingControl", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${RoutingControlArn}" + } + } + ], + "Route53RecoveryControlConfig.DeleteSafetyRule": [ + { + "action": "route53-recovery-control-config:DeleteSafetyRule", + "resource_mappings": {}, + "resourcearn_mappings": { + "safetyrule": "${SafetyRuleArn}" + } + } + ], + "Route53RecoveryControlConfig.DescribeCluster": [ + { + "action": "route53-recovery-control-config:DescribeCluster", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${ClusterArn}" + } + } + ], + "Route53RecoveryControlConfig.DescribeControlPanel": [ + { + "action": "route53-recovery-control-config:DescribeControlPanel", + "resource_mappings": {}, + "resourcearn_mappings": { + "controlpanel": "${ControlPanelArn}" + } + } + ], + "Route53RecoveryControlConfig.DescribeRoutingControl": [ + { + "action": "route53-recovery-control-config:DescribeRoutingControl", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${RoutingControlArn}" + } + } + ], + "Route53RecoveryControlConfig.DescribeSafetyRule": [ + { + "action": "route53-recovery-control-config:DescribeSafetyRule", + "resource_mappings": {}, + "resourcearn_mappings": { + "safetyrule": "${SafetyRuleArn}" + } + } + ], + "Route53RecoveryControlConfig.ListAssociatedRoute53HealthChecks": [ + { + "action": "route53-recovery-control-config:ListAssociatedRoute53HealthChecks", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.ListClusters": [ + { + "action": "route53-recovery-control-config:ListClusters", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.ListControlPanels": [ + { + "action": "route53-recovery-control-config:ListControlPanels", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.ListRoutingControls": [ + { + "action": "route53-recovery-control-config:ListRoutingControls", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.ListSafetyRules": [ + { + "action": "route53-recovery-control-config:ListSafetyRules", + "resource_mappings": {}, + "resourcearn_mappings": { + "controlpanel": "${ControlPanelArn}" + } + } + ], + "Route53RecoveryControlConfig.UpdateControlPanel": [ + { + "action": "route53-recovery-control-config:UpdateControlPanel", + "resource_mappings": {}, + "resourcearn_mappings": { + "controlpanel": "${ControlPanelArn}" + } + } + ], + "Route53RecoveryControlConfig.UpdateRoutingControl": [ + { + "action": "route53-recovery-control-config:UpdateRoutingControl", + "resource_mappings": {}, + "resourcearn_mappings": { + "routingcontrol": "${RoutingControlArn}" + } + } + ], + "Route53RecoveryControlConfig.UpdateSafetyRule": [ + { + "action": "route53-recovery-control-config:UpdateSafetyRule", + "resource_mappings": {}, + "resourcearn_mappings": { + "safetyrule": "%%many%${AssertionRuleUpdate.SafetyRuleArn}%${GatingRuleUpdate.SafetyRuleArn}%%" + } + } + ], + "Route53RecoveryReadiness.CreateCell": [ + { + "action": "route53-recovery-readiness:CreateCell", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.CreateCrossAccountAuthorization": [ + { + "action": "route53-recovery-readiness:CreateCrossAccountAuthorization", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.CreateReadinessCheck": [ + { + "action": "route53-recovery-readiness:CreateReadinessCheck", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.CreateRecoveryGroup": [ + { + "action": "route53-recovery-readiness:CreateRecoveryGroup", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.CreateResourceSet": [ + { + "action": "route53-recovery-readiness:CreateResourceSet", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.DeleteCell": [ + { + "action": "route53-recovery-readiness:DeleteCell", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.DeleteCrossAccountAuthorization": [ + { + "action": "route53-recovery-readiness:DeleteCrossAccountAuthorization", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.DeleteReadinessCheck": [ + { + "action": "route53-recovery-readiness:DeleteReadinessCheck", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.DeleteRecoveryGroup": [ + { + "action": "route53-recovery-readiness:DeleteRecoveryGroup", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.DeleteResourceSet": [ + { + "action": "route53-recovery-readiness:DeleteResourceSet", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetArchitectureRecommendations": [ + { + "action": "route53-recovery-readiness:GetArchitectureRecommendations", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetCell": [ + { + "action": "route53-recovery-readiness:GetCell", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetCellReadinessSummary": [ + { + "action": "route53-recovery-readiness:GetCellReadinessSummary", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetReadinessCheck": [ + { + "action": "route53-recovery-readiness:GetReadinessCheck", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetReadinessCheckResourceStatus": [ + { + "action": "route53-recovery-readiness:GetReadinessCheckResourceStatus", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetReadinessCheckStatus": [ + { + "action": "route53-recovery-readiness:GetReadinessCheckStatus", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetRecoveryGroup": [ + { + "action": "route53-recovery-readiness:GetRecoveryGroup", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetRecoveryGroupReadinessSummary": [ + { + "action": "route53-recovery-readiness:GetRecoveryGroupReadinessSummary", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.GetResourceSet": [ + { + "action": "route53-recovery-readiness:GetResourceSet", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.ListCells": [ + { + "action": "route53-recovery-readiness:ListCells", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListCrossAccountAuthorizations": [ + { + "action": "route53-recovery-readiness:ListCrossAccountAuthorizations", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListReadinessChecks": [ + { + "action": "route53-recovery-readiness:ListReadinessChecks", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListRecoveryGroups": [ + { + "action": "route53-recovery-readiness:ListRecoveryGroups", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListResourceSets": [ + { + "action": "route53-recovery-readiness:ListResourceSets", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListRules": [ + { + "action": "route53-recovery-readiness:ListRules", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.ListTagsForResources": [ + { + "action": "route53-recovery-readiness:ListTagsForResources", + "resource_mappings": {} + } + ], + "Route53RecoveryReadiness.TagResource": [ + { + "action": "route53-recovery-readiness:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "cell": "%%iftemplatematch%${ResourceArn}%%", + "readinesscheck": "%%iftemplatematch%${ResourceArn}%%", + "recoverygroup": "%%iftemplatematch%${ResourceArn}%%", + "resourceset": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Route53RecoveryReadiness.UntagResource": [ + { + "action": "route53-recovery-readiness:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "cell": "%%iftemplatematch%${ResourceArn}%%", + "readinesscheck": "%%iftemplatematch%${ResourceArn}%%", + "recoverygroup": "%%iftemplatematch%${ResourceArn}%%", + "resourceset": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Route53RecoveryReadiness.UpdateCell": [ + { + "action": "route53-recovery-readiness:UpdateCell", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.UpdateReadinessCheck": [ + { + "action": "route53-recovery-readiness:UpdateReadinessCheck", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.UpdateRecoveryGroup": [ + { + "action": "route53-recovery-readiness:UpdateRecoveryGroup", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "Route53RecoveryReadiness.UpdateResourceSet": [ + { + "action": "route53-recovery-readiness:UpdateResourceSet", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "SnowDeviceManagement.CancelTask": [ + { + "action": "snow-device-management:CancelTask", + "resource_mappings": { + "ResourceId": { + "template": "${taskId}" + } + } + } + ], + "SnowDeviceManagement.CreateTask": [ + { + "action": "snow-device-management:CreateTask", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.DescribeDevice": [ + { + "action": "snow-device-management:DescribeDevice", + "resource_mappings": { + "ResourceId": { + "template": "${managedDeviceId}" + } + } + } + ], + "SnowDeviceManagement.DescribeDeviceEc2Instances": [ + { + "action": "snow-device-management:DescribeDeviceEc2Instances", + "resource_mappings": { + "ResourceId": { + "template": "${managedDeviceId}" + } + } + } + ], + "SnowDeviceManagement.DescribeExecution": [ + { + "action": "snow-device-management:DescribeExecution", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.DescribeTask": [ + { + "action": "snow-device-management:DescribeTask", + "resource_mappings": { + "ResourceId": { + "template": "${taskId}" + } + } + } + ], + "SnowDeviceManagement.ListDeviceResources": [ + { + "action": "snow-device-management:ListDeviceResources", + "resource_mappings": { + "ResourceId": { + "template": "${managedDeviceId}" + } + } + } + ], + "SnowDeviceManagement.ListDevices": [ + { + "action": "snow-device-management:ListDevices", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.ListExecutions": [ + { + "action": "snow-device-management:ListExecutions", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.ListTagsForResource": [ + { + "action": "snow-device-management:ListTagsForResource", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.ListTasks": [ + { + "action": "snow-device-management:ListTasks", + "resource_mappings": {} + } + ], + "SnowDeviceManagement.TagResource": [ + { + "action": "snow-device-management:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "managed-device": "%%iftemplatematch%${resourceArn}%%", + "task": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "SnowDeviceManagement.UntagResource": [ + { + "action": "snow-device-management:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "managed-device": "%%iftemplatematch%${resourceArn}%%", + "task": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "VoiceID.CreateDomain": [ + { + "action": "voiceid:CreateDomain", + "resource_mappings": {} + } + ], + "VoiceID.DeleteDomain": [ + { + "action": "voiceid:DeleteDomain", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DeleteFraudster": [ + { + "action": "voiceid:DeleteFraudster", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DeleteSpeaker": [ + { + "action": "voiceid:DeleteSpeaker", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DescribeDomain": [ + { + "action": "voiceid:DescribeDomain", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DescribeFraudster": [ + { + "action": "voiceid:DescribeFraudster", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DescribeFraudsterRegistrationJob": [ + { + "action": "voiceid:DescribeFraudsterRegistrationJob", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DescribeSpeaker": [ + { + "action": "voiceid:DescribeSpeaker", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.DescribeSpeakerEnrollmentJob": [ + { + "action": "voiceid:DescribeSpeakerEnrollmentJob", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.EvaluateSession": [ + { + "action": "voiceid:EvaluateSession", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.ListDomains": [ + { + "action": "voiceid:ListDomains", + "resource_mappings": {} + } + ], + "VoiceID.ListFraudsterRegistrationJobs": [ + { + "action": "voiceid:ListFraudsterRegistrationJobs", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.ListSpeakerEnrollmentJobs": [ + { + "action": "voiceid:ListSpeakerEnrollmentJobs", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.ListSpeakers": [ + { + "action": "voiceid:ListSpeakers", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.ListTagsForResource": [ + { + "action": "voiceid:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "domain": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "VoiceID.OptOutSpeaker": [ + { + "action": "voiceid:OptOutSpeaker", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.StartFraudsterRegistrationJob": [ + { + "action": "voiceid:StartFraudsterRegistrationJob", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.StartSpeakerEnrollmentJob": [ + { + "action": "voiceid:StartSpeakerEnrollmentJob", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "VoiceID.TagResource": [ + { + "action": "voiceid:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "domain": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "VoiceID.UntagResource": [ + { + "action": "voiceid:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "domain": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "VoiceID.UpdateDomain": [ + { + "action": "voiceid:UpdateDomain", + "resource_mappings": { + "DomainId": { + "template": "${DomainId}" + } + } + } + ], + "BackupGateway.AssociateGatewayToServer": [ + { + "action": "backup-gateway:AssociateGatewayToServer", + "resource_mappings": { + "HypervisorId": { + "template": "*" + } + }, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.CreateGateway": [ + { + "action": "backup-gateway:CreateGateway", + "resource_mappings": {} + } + ], + "BackupGateway.DeleteGateway": [ + { + "action": "backup-gateway:DeleteGateway", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.DeleteHypervisor": [ + { + "action": "backup-gateway:DeleteHypervisor", + "resource_mappings": {}, + "resourcearn_mappings": { + "hypervisor": "${HypervisorArn}" + } + } + ], + "BackupGateway.DisassociateGatewayFromServer": [ + { + "action": "backup-gateway:DisassociateGatewayFromServer", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.ImportHypervisorConfiguration": [ + { + "action": "backup-gateway:ImportHypervisorConfiguration", + "resource_mappings": { + "HypervisorId": { + "template": "*" + } + } + } + ], + "BackupGateway.ListGateways": [ + { + "action": "backup-gateway:ListGateways", + "resource_mappings": {} + } + ], + "BackupGateway.ListHypervisors": [ + { + "action": "backup-gateway:ListHypervisors", + "resource_mappings": {} + } + ], + "BackupGateway.ListTagsForResource": [ + { + "action": "backup-gateway:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "%%iftemplatematch%${ResourceArn}%%", + "hypervisor": "%%iftemplatematch%${ResourceArn}%%", + "virtualmachine": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "BackupGateway.ListVirtualMachines": [ + { + "action": "backup-gateway:ListVirtualMachines", + "resource_mappings": {} + } + ], + "BackupGateway.PutMaintenanceStartTime": [ + { + "action": "backup-gateway:PutMaintenanceStartTime", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.TagResource": [ + { + "action": "backup-gateway:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "%%iftemplatematch%${ResourceARN}%%", + "hypervisor": "%%iftemplatematch%${ResourceARN}%%", + "virtualmachine": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "BackupGateway.TestHypervisorConfiguration": [ + { + "action": "backup-gateway:TestHypervisorConfiguration", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.UntagResource": [ + { + "action": "backup-gateway:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "%%iftemplatematch%${ResourceARN}%%", + "hypervisor": "%%iftemplatematch%${ResourceARN}%%", + "virtualmachine": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "BackupGateway.UpdateGatewayInformation": [ + { + "action": "backup-gateway:UpdateGatewayInformation", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "BackupGateway.UpdateHypervisor": [ + { + "action": "backup-gateway:UpdateHypervisor", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${HypervisorArn}" + } + } + ], + "WorkSpacesWeb.AssociateBrowserSettings": [ + { + "action": "workspaces-web:AssociateBrowserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "browserSettings": "${browserSettingsArn}", + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.AssociateNetworkSettings": [ + { + "action": "workspaces-web:AssociateNetworkSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkSettings": "${networkSettingsArn}", + "portal": "${portalArn}" + } + }, + { + "action": "ec2:CreateNetworkInterface", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateNetworkInterfacePermission", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + }, + { + "action": "ec2:DeleteNetworkInterface", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + } + } + }, + { + "action": "ec2:DeleteNetworkInterfacePermission", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + } + } + }, + { + "action": "ec2:ModifyNetworkInterfaceAttribute", + "resource_mappings": { + "NetworkInterfaceId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + } + } + } + ], + "WorkSpacesWeb.AssociateTrustStore": [ + { + "action": "workspaces-web:AssociateTrustStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}", + "trustStore": "${trustStoreArn}" + } + } + ], + "WorkSpacesWeb.AssociateUserSettings": [ + { + "action": "workspaces-web:AssociateUserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}", + "userSettings": "${userSettingsArn}" + } + } + ], + "WorkSpacesWeb.CreateBrowserSettings": [ + { + "action": "workspaces-web:CreateBrowserSettings", + "resource_mappings": {} + }, + { + "action": "kms:CreateGrant", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:Decrypt", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:DescribeKey", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:GenerateDataKey", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + } + ], + "WorkSpacesWeb.CreateIdentityProvider": [ + { + "action": "workspaces-web:CreateIdentityProvider", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.CreateNetworkSettings": [ + { + "action": "workspaces-web:CreateNetworkSettings", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.CreatePortal": [ + { + "action": "workspaces-web:CreatePortal", + "resource_mappings": {} + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "kms:CreateGrant", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:Decrypt", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:DescribeKey", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + }, + { + "action": "kms:GenerateDataKey", + "resource_mappings": {}, + "resourcearn_mappings": { + "key": "${customerManagedKey}" + } + } + ], + "WorkSpacesWeb.CreateTrustStore": [ + { + "action": "workspaces-web:CreateTrustStore", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.CreateUserSettings": [ + { + "action": "workspaces-web:CreateUserSettings", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.DeleteBrowserSettings": [ + { + "action": "workspaces-web:DeleteBrowserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "browserSettings": "${browserSettingsArn}" + } + } + ], + "WorkSpacesWeb.DeleteIdentityProvider": [ + { + "action": "workspaces-web:DeleteIdentityProvider", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.DeleteNetworkSettings": [ + { + "action": "workspaces-web:DeleteNetworkSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkSettings": "${networkSettingsArn}" + } + } + ], + "WorkSpacesWeb.DeletePortal": [ + { + "action": "workspaces-web:DeletePortal", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.DeleteTrustStore": [ + { + "action": "workspaces-web:DeleteTrustStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "trustStore": "${trustStoreArn}" + } + } + ], + "WorkSpacesWeb.DeleteUserSettings": [ + { + "action": "workspaces-web:DeleteUserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "userSettings": "${userSettingsArn}" + } + } + ], + "WorkSpacesWeb.DisassociateBrowserSettings": [ + { + "action": "workspaces-web:DisassociateBrowserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.DisassociateNetworkSettings": [ + { + "action": "workspaces-web:DisassociateNetworkSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.DisassociateTrustStore": [ + { + "action": "workspaces-web:DisassociateTrustStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.DisassociateUserSettings": [ + { + "action": "workspaces-web:DisassociateUserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.GetBrowserSettings": [ + { + "action": "workspaces-web:GetBrowserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "browserSettings": "${browserSettingsArn}" + } + } + ], + "WorkSpacesWeb.GetIdentityProvider": [ + { + "action": "workspaces-web:GetIdentityProvider", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.GetNetworkSettings": [ + { + "action": "workspaces-web:GetNetworkSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkSettings": "${networkSettingsArn}" + } + } + ], + "WorkSpacesWeb.GetPortal": [ + { + "action": "workspaces-web:GetPortal", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.GetPortalServiceProviderMetadata": [ + { + "action": "workspaces-web:GetPortalServiceProviderMetadata", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.GetTrustStore": [ + { + "action": "workspaces-web:GetTrustStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "trustStore": "${trustStoreArn}" + } + } + ], + "WorkSpacesWeb.GetTrustStoreCertificate": [ + { + "action": "workspaces-web:GetTrustStoreCertificate", + "resource_mappings": {}, + "resourcearn_mappings": { + "trustStore": "${trustStoreArn}" + } + } + ], + "WorkSpacesWeb.GetUserSettings": [ + { + "action": "workspaces-web:GetUserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "userSettings": "${userSettingsArn}" + } + } + ], + "WorkSpacesWeb.ListBrowserSettings": [ + { + "action": "workspaces-web:ListBrowserSettings", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListIdentityProviders": [ + { + "action": "workspaces-web:ListIdentityProviders", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListNetworkSettings": [ + { + "action": "workspaces-web:ListNetworkSettings", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListPortals": [ + { + "action": "workspaces-web:ListPortals", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListTagsForResource": [ + { + "action": "workspaces-web:ListTagsForResource", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListTrustStoreCertificates": [ + { + "action": "workspaces-web:ListTrustStoreCertificates", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListTrustStores": [ + { + "action": "workspaces-web:ListTrustStores", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.ListUserSettings": [ + { + "action": "workspaces-web:ListUserSettings", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.TagResource": [ + { + "action": "workspaces-web:TagResource", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.UntagResource": [ + { + "action": "workspaces-web:UntagResource", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.UpdateBrowserSettings": [ + { + "action": "workspaces-web:UpdateBrowserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "browserSettings": "${browserSettingsArn}" + } + } + ], + "WorkSpacesWeb.UpdateIdentityProvider": [ + { + "action": "workspaces-web:UpdateIdentityProvider", + "resource_mappings": {} + } + ], + "WorkSpacesWeb.UpdateNetworkSettings": [ + { + "action": "workspaces-web:UpdateNetworkSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkSettings": "${networkSettingsArn}" + } + } + ], + "WorkSpacesWeb.UpdatePortal": [ + { + "action": "workspaces-web:UpdatePortal", + "resource_mappings": {}, + "resourcearn_mappings": { + "portal": "${portalArn}" + } + } + ], + "WorkSpacesWeb.UpdateTrustStore": [ + { + "action": "workspaces-web:UpdateTrustStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "trustStore": "${trustStoreArn}" + } + } + ], + "WorkSpacesWeb.UpdateUserSettings": [ + { + "action": "workspaces-web:UpdateUserSettings", + "resource_mappings": {}, + "resourcearn_mappings": { + "userSettings": "${userSettingsArn}" + } + } ] }, "sdk_service_mappings": {